Wiz, is this a Virus or Malware?

Peter · Post by **Peter** » 19 May 2006 1:18 pm

I have scanned with Trend Micro PC-cillin Internet security 2006 Ver.14.10.1023, and the latest pattern.
There is no sign of a virus.

I used Spyware Doctor and Windows Defender. Nothing shows up.
I also updated the latest Windows Updates.

However, something has taken control of my computer:
I cannot get to the Taskmanager any more.
It says: Task Manager has been disabled by your administrator.

I have admin rights, but I cannot use any of the run commands like RUN CMD.EXE.
It says: This program is in use by another program.
It does the same for all Administrative Tools.

I cleared all Temporay Internet files. Then I cleared the Temp folder in Local Settings as well.
There is one little tmp file which cannot be deleted. It seems that it wants to dial out all the time.

I use Firefox. But when I went to Internet Explorer, I noticed that the homepage has been changed to: hXXp://www.adarson.com/ or it switches to hXXp://www.whatsfind.com/route.html
I cannot change the homepage to anything else. It has been locked and greyed out.

As I cannot go to the taskmanager, i cannot see the offending program which re-creates this temp file all the time. I cannot delete this temp file, but I can destroy it with UltraEdit. It gets then replaced with another 16kb temp file, with another name.

What is going on and how can I find the offending software?
Or how else can I switch back on the TaskManager?

P.S. When I reboot something tries to connect via IE and then displays a big Fart Button with the address: hXXp://adserving.cpxinteractive.com/etc etc

So I renamed the IE exe file to disable it.
------------------
Peter den Hartogh
1978 Emmons S10 P/P; 1977 Sho-Bud D10 ProIII Custom;
1975 Fender Artist S10; Remington U12; 1947 Gibson BR4;
[This message was edited by Peter on 19 May 2006 at 03:56 PM.][This message was edited by Peter on 19 May 2006 at 04:02 PM.]

winston · Post by **winston** » 20 May 2006 6:02 am

Peter, Why don't you try starting in safe mode by rebooting and pressing the F8 key, and then running Spyware Doctor and Windows Defender, sometimes that will find the problem. winston may

Wiz Feinberg · Post by **Wiz Feinberg** » 20 May 2006 8:26 am

Peter;
You probably visited a lyrics website that downloaded the "WhatsFind" spyware onto you computer via Internet Explorer. Go to the spywareinfo.com forums for assistance with removing it and any other infections that may have slipped in. You will be instructed to download HijackThis and possibly other high level tools to remove these threats. Post a new thread after registering. Do not enter an existing thread with your case.

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices[This message was edited by Wiz Feinberg on 20 May 2006 at 11:35 AM.]

Peter · Post by **Peter** » 20 May 2006 9:41 am

Thank you so much, Wiz.
I have also followed winstons suggestion and the machine seems more stable.
But I will follow your suggestions right now.
Thanks again.

------------------
Peter den Hartogh
1978 Emmons S10 P/P; 1977 Sho-Bud D10 ProIII Custom;
1975 Fender Artist S10; Remington U12; 1947 Gibson BR4;