[Luck]

I currently can't delete this program that's a dialup.exe. It's taking up a lot of the system's resources and I honestly think that it's the cause for disabling registryedit.exe and task manager.

I can't access any of those, and I used Spybot to get rid of the rest of the programs.

This is my friend's PC, and her friends used it and really were computer illiterate, which lead to the system being used improperly as far as installing inappropriate programs to it's harddrive.

Can someone please help me out here? She's using Windows XP Home version.

So just to run down the three problems:

1.) Cannot delete a dialup.exe program. I'll liste the exact file name, sysupd.exe I'm having Spybot to search for what type of file it actually is right now. It's TSCash 0190 Dialer and here is their site:

2.) Why is taskmanager disabled or unavalible?

3.) She has no password for her user name on Windows XP, so why is it saying that Admin has disabled registryedit.exe?


Thank you all for your help,

Mikehere is their site

[Judas]

virus alert... there more problems that i think.... When task manager and Regiedit isn't available... that means usually that there is a virus or worm or soemthing preventing any possibly way of getting around it and destroying it... you could try booting to a dos disk and accessing the drive and deleting it that way through dos... but you might have to find a Dos disk that has NTFS support if it's been installed..... go to www.pcpitstop.com and run the virus scanner there

[Luck]

Quote:

Originally posted by Judas
virus alert... there more problems that i think.... When task manager and Regiedit isn't available... that means usually that there is a virus or worm or soemthing preventing any possibly way of getting around it and destroying it... you could try booting to a dos disk and accessing the drive and deleting it that way through dos... but you might have to find a Dos disk that has NTFS support if it's been installed..... go to www.pcpitstop.com and run the virus scanner there

Well, I didn't read the warning on the site, and an anti-virus program detected it and said it was a virus. So now I no longer have the DLL for the program.

Isn't there another free virus scaning site that I can use? I remember one on google.com

Also, what about the registryedit.exe problem?

[Judas]

as i said.. the virus probably made it's own user profile or blocked it using it's own configuration... some viruses are that smart...

[zerodamage]

http://securityresponse.symantec.com

[Luck]

Quote:

Originally posted by Judas
as i said.. the virus probably made it's own user profile or blocked it using it's own configuration... some viruses are that smart...

Figures. So how am I supposed to get rid of it? I have to try everything, as she does not have the cds that came with the computer. No driver installers either.

[Judas]

Tiro might have a work around.... but it might require a clean format and reinstall....

[Luck]

Quote:

Originally posted by Judas
Tiro might have a work around.... but it might require a clean format and reinstall....

Okay, what's a site that has a free virus scaner? Besides the one your recomended.

[PangingJr]

TSCash - Manual Removal
http://www.pestpatrol.com/pestinfo/t/tscash.asp

TROJ_TSCASH.A
http://www.trendmicro.com/vinfo/viru...=TROJ_TSCASH.A

Remove the files in Safe Mode, remove autorun reference in registry,
then do a thorough scan with a current AV using updated definitions. Continue your maintenance by
removing spyware with Spybot Search & Destroy and Ad-aware.

the removal of viruses, trojans and other malware can be quite tricksy,
take the machine to a good local shop and have them do it for you.
If you are unable to clean your computer yourself.

If you recieve msg.. "Registry editor has been disabled by your administrator."
when trying to run regedit. Create and Run the following script..
Copy/Paste the below script info onto a notepad, Save and name it regedit_fix.vbs.

Code:

Dim WSH
Set WSH = WScript.CreateObject("WScript.Shell")
sRegValue = "HKEY_CURRENT_USER\Software\Microsoft\Windows\" _
 & "CurrentVersion\Policies\" _
 & "System\DisableRegistryTools"
WSH.RegWrite sRegValue, "0", "REG_DWORD"
Set WSH = Nothing
MsgBox "Enabling Regedit.", 4096,"Done!"

Here's a free online virus scanner. HouseCall, Trend Micro's
http://housecall.antivirus.com/

[Luck]

Quote:

Originally posted by TIRO
TSCash - Manual Removal
http://www.pestpatrol.com/pestinfo/t/tscash.asp

TROJ_TSCASH.A
http://www.trendmicro.com/vinfo/viru...=TROJ_TSCASH.A

Remove the files in Safe Mode, remove autorun reference in registry,
then do a thorough scan with a current AV using updated definitions. Continue your maintenance by
removing spyware with Spybot Search & Destroy and Ad-aware.

the removal of viruses, trojans and other malware can be quite tricksy,
take the machine to a good local shop and have them do it for you.
If you are unable to clean your computer yourself.

If you recieve msg.. "Registry editor has been disabled by your administrator."
when trying to run regedit. Create and Run the following script..
Copy/Paste the below script info onto a notepad, Save and name it regedit_fix.vbs.

Code:

Dim WSH
Set WSH = WScript.CreateObject("WScript.Shell")
sRegValue = "HKEY_CURRENT_USER\Software\Microsoft\Windows\" _
 & "CurrentVersion\Policies\" _
 & "System\DisableRegistryTools"
WSH.RegWrite sRegValue, "0", "REG_DWORD"
Set WSH = Nothing
MsgBox "Enabling Regedit.", 4096,"Done!"

Here's a free online virus scanner. HouseCall, Trend Micro's
http://housecall.antivirus.com/

Thanks so much, as usual, you're always a big help.

Now, how do I create a script?

[BiGBrOwNPimpsta]

and dont goto porno sites

[PangingJr]

pls reread my previous post for how to create the .vbs file..
and here's how the .vbs file will look on notepad..

[Luck]

Quote:

Originally posted by TIRO
pls reread my previous post for how to create the .vbs file..
and here's how the .vbs file will look on notepad..

I did, but I'm confused. I pasted that script to notepad, and saved it as that file name. But it does nothing, and when I try to run notepad, it just opens up the notepad.

[Judas]

Quote:

Originally posted by Luck
I did, but I'm confused. I pasted that script to notepad, and saved it as that file name. But it does nothing, and when I try to run notepad, it just opens up the notepad.

right click and hit "run script"

[PangingJr]

here's the msg that you get when trying to run regedit (Registry Editor)..





regedit_fix.vbs (update)

Code:

Dim WSH
Set WSH = WScript.CreateObject("WScript.Shell")
sRegValue = "HKCU\Software\Microsoft\Windows\" _
 & "CurrentVersion\Policies\" _
 & "System\DisableRegistryTools"
WSH.RegWrite sRegValue, "0", "REG_DWORD"	' change 0 to 1 for disable regedit
Set WSH = Nothing
MsgBox "Enabling Regedit.", 4096, "Done!"

Luck, make sure that the VBScript tool- filename extension is .vbs (see in pic the .vbs icon)
not .txt or .vbs.txt or else...

follow the next steps..

Open a notepad then Copy/Paste the script info onto it,

on the notepad menu click File -> Save As...

then type in the field File name: regedit_fix.vbs

or anyname.vbs (in pic i use "regedit.vbs" just to make its name in one line).

then select the Save as type: All Files

then click Save.. then browse to where you saved it and D-Click on the file to run it.



Now you should be able to open your Registry Editor (by typing regedit in the Run box and click OK.)

[PangingJr]

here's the msg that you recieve when trying to start the Task Manager (Ctrl-Shift-Esc)



taskmanager_fix.vbs (or Enable_taskmanager.vbs)

Code:

Dim WSH
Set WSH = WScript.CreateObject("WScript.Shell")
sRegValue = "HKCU\Software\Microsoft\Windows\" _
 & "CurrentVersion\Policies\" _
 & "System\DisableTaskMgr"
 WSH.RegWrite sRegValue, "0", "REG_DWORD"	' change 0 to 1 for disable Task Manager
Set WSH = Nothing
MsgBox "Enabling Task Manager.", 4096, "Done!"

-Or-

Edit/modify your registry manually..
Open the Registry Editor and then locate the following key

Code:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

--->DisableTaskMgr

then change the data on the value name "DisableTaskMgr" from 1 to 0.
now you should be able to open the Task Manager.

[Luck]

Quote:

Originally posted by TIRO
here's the msg that you get when trying to run regedit (Registry Editor)..





regedit_fix.vbs (update)

Code:

Dim WSH
Set WSH = WScript.CreateObject("WScript.Shell")
sRegValue = "HKCU\Software\Microsoft\Windows\" _
 & "CurrentVersion\Policies\" _
 & "System\DisableRegistryTools"
WSH.RegWrite sRegValue, "0", "REG_DWORD"	' change 0 to 1 for disable regedit
Set WSH = Nothing
MsgBox "Enabling Regedit.", 4096, "Done!"

Luck, make sure that the VBScript tool- filename extension is .vbs (see in pic the .vbs icon)
not .txt or .vbs.txt or else...

follow the next steps..

Open a notepad then Copy/Paste the script info onto it,

on the notepad menu click File -> Save As...

then type in the field File name: regedit_fix.vbs

or anyname.vbs (in pic i use "regedit.vbs" just to make its name in one line).

then select the Save as type: All Files

then click Save.. then browse to where you saved it and D-Click on the file to run it.



Now you should be able to open your Registry Editor (by typing regedit in the Run box and click OK.)

For 10 minutes, I felt like an idiot. But now I don't. Her computer is not transforming it into a script, I put the code in the notepad, saved it by naming it a .vbs file, and saved it as "all files".




*****EDIT****** Can you send me that script file then, please? E-mail it at d4rkthr0ne@yahoo.com

Please? I'd appreciate it, thanks.

[PangingJr]

i've provided all the info..., you create the .vbs file form your computer.
you have ran a VBScript tool before as i remember,
so try to create one from the info yourself, and run it on the PC,
you'll be prompted when the script is done.

both VBScript tools the regedit_fix.vbs and the taskmanager_fix.vbs will only fix the registry in the HKEY_CURRENT_USER keys.

it's poss that the trojan has also modify the HKEY_LOCAL_MACHINE keys, but i don't think so.. anyway if you still cannot open either the regedit or the task manager pls let me know..

[Luck]

Quote:

Originally posted by TIRO
i've provided all the info..., you create the .vbs file form your computer.
you have ran a VBScript tool before as i remember,
so try to create one from the info yourself, and run it on the PC,
you'll be prompted when the script is done.

both VBScript tools the regedit_fix.vbs and the taskmanager_fix.vbs will only fix the registry in the HKEY_CURRENT_USER keys.

it's poss that the trojan has also modify the HKEY_LOCAL_MACHINE keys, but i don't think so.. anyway if you still cannot open either the regedit or the task manager pls let me know..

Well, I fixed it. I had to paste it in the script I downloaded.

Now, how do I find this autorun registry? I also found this trojan that I cannot delete.

It's some Stubby trojan, it's called.\


***Edit**** Because I have no clue what I'm doing, I came across a registry that said "WAITTOKILLSERVICE TIMEOUT Value date 20000" should I delete this?

[PangingJr]

Quote:

Originally posted by Luck
Now, how do I find this autorun registry?

***Edit**** Because I have no clue what I'm doing, I came across a registry that said "WAITTOKILLSERVICE TIMEOUT Value date 20000" should I delete this?

okay, now you can open the regedit..

do NOT delete that registry value or any key/value you don't know or not sure about..

to find the autorun registry... read and follow the steps you see on the 2 articles on my 1st post..

delete both the files and the registries only you have exactly the same files and/or registry values.

[Zulan]

Quote:

Originally posted by Luck

***Edit**** Because I have no clue what I'm doing, I came across a registry that said "WAITTOKILLSERVICE TIMEOUT Value date 20000" should
I delete this?

No you shouldn't, that's a windows registry entry that tells windows, if a application hangs, how long windows must wait before it auto shutdown's the application, it has nothing todo with a virus or trojan, etc.