Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Merog on December 18, 2007, 03:29:10 AM

Title: taskmgr, regedit, cmd, Installer window are disappearing
Post by: Merog on December 18, 2007, 03:29:10 AM

Hi there!
I've been gettin' vexed by these things, which Avast Home (Updated) even could not fix them.
-the following windows are disappearing after few seconds...
   -taskmgr
   -regedit
   -cmd
   -windows installer
   -some web site pages...
If anybody can help me to fix this, please, I'll be greatful to them.
Thank you...
Awaiting your reply...//MEROG

Title: Re: taskmgr, regedit, cmd, Installer window are disappearing
Post by: DavidR on December 18, 2007, 03:17:26 PM

It looks like a malware infection has changed these so you can't use them to delete/modify registry/end a process and possibly install other software. It is blocking antivirus sites again to stop you downloading tools to kill it off, this is done in the HOSTS file.

I will deal with the hosts file first as you will probably need access to some of these sites.

HOSTS file redirect - 127.0.0.1 check your HOSTS file using notepad or a text editor of your choice, C:\WINDOWS\system32\drivers\etc\hosts or do a search for HOSTS to find it if not there. http://en.wikipedia.org/wiki/Hosts_file (http://en.wikipedia.org/wiki/Hosts_file)

This will usually have 120.0.0.1 (your local computer (though it may be different) followed the domain of several antivirus sites. Delete these entries.

Once you have assess to other sites you can try on-line scans as you are probably unable to install any complimentary tools. On-line Virus Scanners and other useful Links Security-Ops.eu.tt (http://www.security-ops.eu.tt) New on-line scanner http://www.eset.com/onlinescan/ (http://www.eset.com/onlinescan/)

When you try to use say the task manager the call to run the program is intercepted and either nothing happens or it can do something totally unrelated (the same is true of the other functions you mentioned). It is possible to copy the file to another location and rename it so that (with a different name) it isn't intercepted.

Create a folder in your c: drive c:\temp-utils and copy the taskmgr.exe, regedit.exe and msconfig.exe (this has probably been disabled) into this folder and rename them taskmgr1.exe, regedit.com and msconfig1.exe, that should allow you to run these renamed file to get some control.

I haven't come across the installer issue of the cmd blocking but you could try a google search to see if there is a solution.