I've all of a suddenly had some strange things happening of late. Here's the story.

First off, when I start up my computer and log on, I end up getting a My Computer window (sometimes up to 3 of them) even when I havn't clicked on it.

2nd. When running in normal mode, my task manager is malfunctioning. It comes up but everything is frozen (meaning it doesn't update itself every second.) It runs fine in safe mode but not normaly...

This COULD be remnants of a problem I had a few days ago. I dealt with a nasty little worm that locked me out of regedit and the command prompt. (I have regedit back but I cannot access the command prompt until I get into my admin account of which I've forgotten the password to.) I've done all of the adware/malware/virus/spyware/etc scans (in safe mode) along with a highjack this. (helped me get regedit back) However those 2 (3 counting the command prompt) problems seem to persist. Any idea's on why it's happening/ how to stop it?

You can probably get back into your admin account pretty easily:

http://home.eunet.no/~pnordahl/ntpasswd/

As for the other issues, stems from problems with the worm I bet, I'd do a thorough cleaning with Av, Antispyware, etc... stuff because it seems like there are still some problems with it.

edit: in safemode -- use hijackthis! as well to close down everything starting up and work back from there.

-Neo

I saw that and actually tried using it. There's just one catch. Since the command prompt is disabled I can't create the floppy disk since it uses a dos prompt to make it.

I did the Hijack This in safe mode as well as the AV and Antispyware (also ran a housecall) I shut down all programs which I wasn't comfortable with. (Meaning I didn't shut down the AVG startup.)

Another issue, possibly, is whenever I run a remote scan of a directory, AVG crashes.

Interesting, at least you didn't reformat yet, thats totally not worth it.
It might just be windows being a bitch, that happens sometimes.

You just need to do everything via safe mode.

(floppy drives are accessible in safe mode)

err.

You could try just copying these over to a floppy then; dunno if it will work though:

http://up.kupatrix.com/f//1/boot.zip

Dunno if that will work though. Sounds like something got in a fiddled with your registry and stuff.

-Neo

Got the admin account back via a little security hack in windows. :) However I'm now looking for how to re-enable the command prompt. (Havn't tried all my options yet though so I'm still working on it.)

I watched very closely during start up and found that the source of the "My Computer" pop ups is my mouse. While loading the cursor shoots up over "My Computer" and seemingly clicks on the icon several times. Could this be remmnents of the worm or a malfunction of the mouse/driver?

I re-installed AVG so I'll see if it stops crashing on scans. And I'm still havn't found any answers to the task manager.

EDIT: I just installed ZA and it's blocking port 1209 like mad. (about once every 5 minutes)

Wormsie brought a trojan friend to play with, it seems. :P

Although over ZA I highly prefer the Kerio PF (http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/) since it monitors your processes that are trying to access the 'net (n' vice-versa) so you can know better what's the nasty culprit over there. ;)
Btw am running it in "advanced mode" because that way I must allow or deny everything to run, although if you're not that comfortable around the PC it's best if you start with it the other way.

:E it seems as if I didn't destroy the problem. While working on the command prompt my computer suddenly sludged up and ran me over 1.4 gig of memory. (I only have 630 MB). I'll run the scans in safe mode again and post a HJT log for anyone who's interested to look at (not sure you'll find much though).

Currently copying files over to a backup partition though. Just in case worst comes to worst.

Safe mode is the way to go :p

I second Kerio, ZA is harder to control and understand imo.

-Neo

I'll give kerio a shot...

I found the problem with the task manager. The update speed is set to "paused". However I can't set it to anything else. It simply won't take the command.

I did another set of scans in safe mode. AVG didn't find anything but adaware did and I deleted it promptly. However I think that what it found was there once before so I'm going to scan again to be absolutely certain that there isn't something in the registry that recreating the problem afflicting me.

Any idea's yet on the mouse issue?

I DID get the command prompt working again so yay for me. :p

Btw, here's the HJT log... (http://uploader.polorix.net//files/185/hijackthis.log)

EDIT: ok I ran the ad-aware scan and I was right. The entries are coming back. This is making R&R look about like the only option. Luckily I was smart enough to make 2 partitions on my HDD so at least I have a backup. Any other suggestions before I restart?

IT seems like you need to figure out what exactly you were infected with, and find a specific cleaner for it that attacks the worm/virus at every angle.

-Neo

Well, I looked for what turned up and took the steps to get rid of it...


...and it didn't work. :/

So I just backed up to my 2nd partition and R&R'd. Thanks for the help though. I'm using kerio now. Like it alot except it pops up about every little thing you could imagine. Gets a little annoying... :p

U-238, after setting the primary rules for the processes that you sure to be safe with it gets a lot easier afterwards. ;)

Yeah, It's a tad annoying at first, but mine hasn't popped up for a few months now, and even then it only does when I use something new.

-Neo