New
#1
gpedit.msc failing on me.
I think I have been attacked by some kind of malware, which is very clever.
1) Registry editing has been disabled by your admin
2) Task manager has been disabled by your admin
I am the real person who uses my computer, I am the admin and the only 'virtual user' I have is the hidden vmware user.
I have run Malwarebytes FULL scan twice and deleted 11 infected items, Task manager works! Yay, I restart, task manager is disabled, alongside regedit.
I use gpedit.msc and set the CTRL+ALT+DLT values to DISABLED.
In run I type gpupdate /force Taskmanager is enabled for 3 seconds, regedit stays disabled.
I just ran a quick scan now and got the following details that FULL SCAN didn't get:
I have just deleted it now...Code:Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5285 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 11/12/2010 7:09:19 pm mbam-log-2010-12-11 (19-09-19).txt Scan type: Quick scan Objects scanned: 144707 Time elapsed: 7 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
regedit and taskmanager is still disabled upon reboot.
Help me please!