slayerz Posted January 10, 2007 Share Posted January 10, 2007 I'm autoit newbiez.. so can you help me on how to enable back my registry editor? Last morning, my PC was attacked by something like a virus named SVICCHOST.exe and its using AutoitV3 to change some value in my registry that disable the task manager & also the registry editor!! Huhuu Can you teach me how to make a script to enable back my registry editor, so that I can enable back my task manager? For ur infrmation, I'm using Windows XP SP2 Also, could u tell me how to delete that virus from my PC? It seems to run every time I turn on my PC Thanks! AUTOIT[sup] I'm lovin' it![/sup] Link to comment Share on other sites More sharing options...
herewasplato Posted January 10, 2007 Share Posted January 10, 2007 What happens when you boot to the safe mode? [size="1"][font="Arial"].[u].[/u][/font][/size] Link to comment Share on other sites More sharing options...
slayerz Posted January 10, 2007 Author Share Posted January 10, 2007 What happens when you boot to the safe mode?it's still the same... I can't open my task mgr & run regedit AUTOIT[sup] I'm lovin' it![/sup] Link to comment Share on other sites More sharing options...
herewasplato Posted January 10, 2007 Share Posted January 10, 2007 it's still the same... I can't open my task mgr & run regeditHow did you determine that it was using AutoIt - I mean - is there a website that has already analyzed this problem? [size="1"][font="Arial"].[u].[/u][/font][/size] Link to comment Share on other sites More sharing options...
slayerz Posted January 10, 2007 Author Share Posted January 10, 2007 How did you determine that it was using AutoIt - I mean - is there a website that has already analyzed this problem?I'm using SIW (system information windows by Gabriel Topala) since I can't open my task manager to check the running process.It can analyze from where & what type of process that is running.That virus run from C:WINDOWS\System32 and the type is : AutoitV3 AUTOIT[sup] I'm lovin' it![/sup] Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted January 10, 2007 Moderators Share Posted January 10, 2007 I would suggest procexp.exe over task manager anyway. Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
slayerz Posted January 10, 2007 Author Share Posted January 10, 2007 I would suggest procexp.exe over task manager anyway.Thanks for ur suggestion. Anyway, does anyone know how to get rid of this virus from my pc? AUTOIT[sup] I'm lovin' it![/sup] Link to comment Share on other sites More sharing options...
herewasplato Posted January 10, 2007 Share Posted January 10, 2007 Thanks for ur suggestion. Anyway, does anyone know how to get rid of this virus from my pc?What AV tool are you running? Check their website. [size="1"][font="Arial"].[u].[/u][/font][/size] Link to comment Share on other sites More sharing options...
slayerz Posted January 10, 2007 Author Share Posted January 10, 2007 What AV tool are you running? Check their website.I'm using AVG.ok, i'll check it out..If you guys have solution,let me know okay?c ya guys,thanks a lot for ur fast reply AUTOIT[sup] I'm lovin' it![/sup] Link to comment Share on other sites More sharing options...
Psibernetic Posted January 10, 2007 Share Posted January 10, 2007 I beleive I had this virus problem last week on my laptop... SVCHOST.exe is its name... (copied off the official windows service host)... look in ur start menu under start up is there a svchost.exe in there? ... if so u probally cant delete it... if its there ill give u the rest of the instructions... btw AVG Free is stopping there service.. I would recommend Avast! Free [sup]Psibernetic[/sup]My Creations:X-HideSecuracy Link to comment Share on other sites More sharing options...
herewasplato Posted January 10, 2007 Share Posted January 10, 2007 (edited) ... btw AVG Free is stopping there service.. I would recommend Avast! FreeI would run them both for a while and then dump AVG.From http://free.grisoft.com/doc/1GRISOFT is announcing a new version of the AVG Anti-Virus Free Edition. This new 7.5 version with improved performance and full compatibility with the latest Windows Vista version is available. Users that are using AVG Free 7.1 will be provided with a specific dialog, within the next few weeks, with the opportunity to choose the right option fulfilling their needs. AVG Free 7.1 version will be discontinued on 18th of Feb 2007.AVG just did a bad job of communicating the fact that 7.1 was ending and users were welcome to buy a version of AVG and btw there will be a new free version also. Edited January 10, 2007 by herewasplato [size="1"][font="Arial"].[u].[/u][/font][/size] Link to comment Share on other sites More sharing options...
Psibernetic Posted January 10, 2007 Share Posted January 10, 2007 Magnificent thnx for that lil bit of info...as far as this guys virus goes, The instructions for deleting are: boot into safe mode, open command prompt, Change Directory to "C:\Documents and Settings\All Users\Start Menu\Programs\Startup", type in command prompt: del svc*, reboot into normal windows and enjoy your task manager [sup]Psibernetic[/sup]My Creations:X-HideSecuracy Link to comment Share on other sites More sharing options...
MadBoy Posted January 10, 2007 Share Posted January 10, 2007 For problems with task manager (if of course some application isn't running and checking/changing values all the time) you can use:http://support.microsoft.com/kb/555480create something like myfile.reg and put there something like this. Make sure to read first the link i gave you. That's what microsoft suggests.Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=dword:00000000 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\] "DisableTaskMgr"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] My little company: Evotec (PL version: Evotec) Link to comment Share on other sites More sharing options...
slayerz Posted January 15, 2007 Author Share Posted January 15, 2007 thanks guy.. my task manager can be functional again AUTOIT[sup] I'm lovin' it![/sup] Link to comment Share on other sites More sharing options...
Vindicator209 Posted January 15, 2007 Share Posted January 15, 2007 omg svchost.exe is a virus? XD I thought it was a system process. I have like 10 of them running right now.. and If I try to exit it my comp just crashes wit hthe blue screen of death XD [center]"When you look at old, classic games like Snake, you often put it off because it's such a simple game, but it's only when you actually try and create your own unique game from scratch, do you finally appreciate those games."[/center][center]Don't ask for answers if you haven't TRIED yet![/center][center]Most answers can be answered in the help file! Use it![/center] Link to comment Share on other sites More sharing options...
improbability_paradox Posted January 15, 2007 Share Posted January 15, 2007 (edited) omg svchost.exe is a virus? XD I thought it was a system process. I have like 10 of them running right now.. and If I try to exit it my comp just crashes wit hthe blue screen of death XDsvchost is not a virus, but there are a number of viruses which call themselves by that name, or that show up as svchost in the taskmanager. Edited January 15, 2007 by improbability_paradox Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted January 15, 2007 Moderators Share Posted January 15, 2007 omg svchost.exe is a virus? XD I thought it was a system process. I have like 10 of them running right now.. and If I try to exit it my comp just crashes wit hthe blue screen of death XDYou can't be serious... Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now