I have done a search and tried the suggestions from other
people's problems...STILL having trouble so I'll ask
myself.

I cannot get task manager or regedit to stay open. I've
done all the updates of virus software for blast and the
spybot. Deleted the files that I was supposed to according
to the help sites.

The only time I can keep task manager or regedit open is
when I'm in safe mode.

What else do I need to do? What step am I missing? Do I
need to re-install anything to get them working again?

You have a virus. See www.dougknox.com, Win XP Utilities, Create Emergency
Copies of Critical XP System Utilities. This small VB Program will create
backup, usable copies of Task Manger, Regedit and MSConfig (named
Taskmgr1.exe, Regedit.com and MSConfig1.exe) in a new folder
C:\EmergencyUtil. Many virus programs will intercept these programs, based
on their original file name. The modified file names, allow them to be run.
Open Windows Explorer to C:\EmergencyUtil and double click the application
you need. The next revision will allow you to browse for the folder you
want to place the backups in.

These "backup" copies will help you isolate and remove the virus. You may
also want to see my XP Utilities section for Startup Programs Tracker. This
utility will create a log file of what loads at Startup, that you can copy
and paste into a newsgroup post, or e-mail. This would help us determine
what virus you have.

Also, update your antivirus software and scan your system.

--
Doug Knox, MS-MVP Windows XP/ Windows Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Associate Expert
ExpertZone - http://www.microsoft.com/windowsxp/expertzone
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Kathy" > wrote in message
...
> I have done a search and tried the suggestions from other
> people's problems...STILL having trouble so I'll ask
> myself.
>
> I cannot get task manager or regedit to stay open. I've
> done all the updates of virus software for blast and the
> spybot. Deleted the files that I was supposed to according
> to the help sites.
>
> The only time I can keep task manager or regedit open is
> when I'm in safe mode.
>
> What else do I need to do? What step am I missing? Do I
> need to re-install anything to get them working again?

This was caused by a virus
"Kathy" > wrote in message
...
> I have done a search and tried the suggestions from other
> people's problems...STILL having trouble so I'll ask
> myself.
>
> I cannot get task manager or regedit to stay open. I've
> done all the updates of virus software for blast and the
> spybot. Deleted the files that I was supposed to according
> to the help sites.
>
> The only time I can keep task manager or regedit open is
> when I'm in safe mode.
>
> What else do I need to do? What step am I missing? Do I
> need to re-install anything to get them working again?

Hey Guys and Gals,

Give this a look as it a tricky worm that appear to be making it rounds.
Thanks to the guys at Techguy.org forums thye help me solve this problem on
my machine. Hope it helps you.

Copied from the Techguy.or forum.

I also has this particular infection on 7/30/03. It was activated when I
accidentaly clicked on a downloaded junk file that I was trying to delete.
It was apparently some sort of screensaver. It immediately tried to call out
but was blocked by Zonealarm. It also disabled MSCONFIG, REGEDIT and
Norton's Registry editor and no virus checker including Norton, Spybot,
Trend Micro, could find it. After some online browsing, I found the answer
right here at Tech Support Guy. It was a Netdevil Trojan virus called
WINCFG.SCR. To get rid of it:
1). TEMPORARILY rename MSCONFIG.EXE to CONFIGMS.EXE (or anything else.exe)
and run it;
2). Use the renamed MSCONFIG to look for WINCFG.SCR (or anything else
suspicious); it may be labelled as a Winsock file;
3). Disable it from starting again;
4). DOwnload and run Process Viewer (PRCVIEW.EXE) to show all running
processes;
5). Find and kill WINCFG.SCR;
6). Run REGEDIT (also RENAME if necessary) to find and remove all references
to WINCFG.SCR from the registry;
7). Find and delete WINCFG.SCR (look in c:\windows\system, etc);
8). Be sure to change all renamed files back to original names.

By the way, I tried to submit this nasty little bug to SARC but they refused
to take it because I haven't paid to update my Norton virus definitions. I
guess they don't want to hear about new viruses unless you pay them.

You guys are great. Keep it up.




"Thorsten Matzner" > wrote in message
...
> "Kathy" > wrote:
>
> >I have done a search and tried the suggestions from other
> >people's problems...STILL having trouble so I'll ask
> >myself.
> >
> >I cannot get task manager or regedit to stay open. I've
> >done all the updates of virus software for blast and the
> >spybot. Deleted the files that I was supposed to according
> >to the help sites.
> >
> >The only time I can keep task manager or regedit open is
> >when I'm in safe mode.
>
> Check your startup settings, maybe you can find out what is causing
> this here.
> Applications that start with Windows can be found here:
> - the WIN.INI, section [windows], entries "run=" and "load="
> - the Registry keys
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices
> - the folders
> C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP
> C:\DOCUMENTS AND SETTINGS\{username}\START MENU\PROGRAMS\STARTUP
> See also "How to Troubleshoot By Using the Msconfig Utility in Windows
> XP" (http://support.microsoft.com/?kbid=310560) and "How to Perform a
> Clean Boot in Windows XP" (http://support.microsoft.com/?kbid=310353).
>
> --
> (tm)