Why does my task manager disappear?

Question

As of a few days ago, I noticed that when I pull up the Ctrl Alt Delete menu, it disappears after a few seconds. The icon is still near the clock, but that disappears when I hover the mouse to it. I've scanned for viruses and spyware, but it still doesnt work after the clean. I tried looking in the "msconfig" Setup menu, but that disappears too! It appears all menus of that kind simply disappear. I have no problem with Explorer or IE windows. What else can it be besides a virus or spyware? Thanks for your time.

Answer

This question was answered on October 26, 2004. Much of the information contained herein may have changed since posting.

You have a Trojan This is the file, or one of them: IRBMe.exe It's a backdoor trojan and I hope you have an antivirus If you do you must not be updated www.my-etrust.com/microsoft

Please try the following

Run Hijack This again and put a check by these Close all windows except Hijack This and click Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com .

O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL

O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll

O3 - Toolbar: DotComToolbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - c:\windows\toolbar_nieuw14.dll

O4 - HKLM\..\Run: [Yahoo Instant Messenger] YAHOO.EXE

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe

O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe

O4 - HKLM\..\Run: [IRBMe Sucks!!] IRBMe.exe

O4 - HKLM\..\Run: [easywww] C:\windows\easywww2.exe

O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe

O4 - HKLM\..\RunServices: [IRBMe Sucks!!] IRBMe.exe

O4 - HKCU\..\RunOnce: [Yahoo Instant Messenger] YAHOO.EXE

O8 - Extra context menu item: &RSDN Search - res://c:\windows\toolbar_nieuw14.dll/GoRSDN.dll.htm

Restart to safe mode.

How to start your computer in safe mode ( http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 )

First in safe mode click on My Computer Go to Tools > Folder Options Click on the View tab and make sure that "Show hidden files and folders" is checked Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" Now click "Apply to all folders"

Click "Apply" then "OK"

Find and delete:

The C:\Program Files\ClearSearch folder

The C:\Program Files\VVSN folder

The C:\WINDOWS\sysupd.exe file

The C:\windows\redirect7.exe file

The C:\windows\easywww2.exe file

The C:\WINDOWS\System32\YAHOO.EXE file

The C:\WINDOWS\System32\IRBMe.exe file

Next navigate to the C:\Documents and Settings\AMANDA ONLY\Local Settings\Temp folder Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options On the General tab under "Temporary Internet Files" Click "Delete Files" Put a check by "Delete Offline Content" and click OK Now click the "Delete Cookies" button and click OK.

Also in safe mode navigate to the C:\Windows\Temp folder Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Empty the Recycle Bin

Turn off System Restore:

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

Restart your computer.

When you are sure you are clean turn it back on and create a restore point.

Single-click Start and point to All Programs.

Mouse over Accessories, then System Tools, and select System Restore.

In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.

Type a description for your new restore point Something like "After trojan/spyware cleanup" Click Create and you're done.

Boot to normal mode,

Go here ( http://www.ravantivirus.com ) or here ( http://housecall.trendmicro.com ) and do an online virus scan:

Be sure and put a check in the box by "Auto Clean" before you do the scan If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by julie of Katharine Gibbs School - New York on October 26, 2004