Ever face problem like this? Dont't worry, just download the RRT file here: http://rapidshare.com/files/114738581/RRT.exe
or you can do it manually
try to use this method to enable the task manager
=>go to START-RUN-then key in this code =>
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
If your REGISTRY has been disable also try this method also same with the 1st method=>
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
If your COMMAND PROMPT has been disable also try this method as well=>
REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 0 /f
Just copy and paste the command will do. Good luck guys.
Tuesday, May 13, 2008
Trixcu.A
info from panda:
Trixcu.A
Threat LevelModerate threatDamageHighDistributionNot widespread
At a glance Tech details Solution Statistics
Effects
Trixcu.A carries out the following actions:
* When it is run, the following error message is displayed:
Error loading flash 10 player. reinstalling may fixed this problem
* It disables the following functions:
- Find of the Start menu.
- Folder options of the Start menu.
- the Task Manager.
- the Windows Registry Editor.
- the CMD shell.
* It hides the extensions of the files, and the files and subfolders that have the attribute hidden, in order to go unnoticed.
* It turns the computer off once it has carried out all the changes in the system, by running the following command:
shutdown.exe -s -f -t 1
Infection strategy
Trixcu.A creates the following files, which are copies of itself:
* CMD.COM, DXDIAG.COM, FLASH.10.EXE, JAMBANMU.COM, MSCONFIG.COM, PING.COM and REGEDIT.COM, in the Windows system directory.
* MY SECRET.FOLD, in the subfolder My Documents of the Documents and Settings directory of the user that has logged in.
* NEW SONG.LAGU and NEW VIDEO.VIDZ, in the subfolder My Documents\My Music of the Documents and Settings directory of the user that has logged in.
* AWEKS.PIKZ y SERAM.PIKZ, in the subfolder My Documents\My Pictures of the Documents and Settings directory of the user that has logged in.
* MACROMEDIA.10.EXE, in the subfolder Common Files\Microsoft Shared of the Program Files directory.
* MSN.MSN, in the subfolder Common Files\Microsoft Shared\DAO of the Program Files directory.
* (EMPTY).EMPTY, in the Startup directory. This way, Trixcu.A ensures that it is run whenever Windows is started.
Trixcu.A deletes the programs that are located in the Startup directory. This way, all the programs of this directory will not be run whenever Windows is started.
Trixcu.A creates the following entries in the Windows Registry:
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
Windows MSN = C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn
By creating this entry, Trixcu.A ensures that it is run whenever Windows is started.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer
NoFind = 01, 00, 00, 00
It disables the option Find of the Start menu.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer
NoFolderOptions = 01, 00, 00, 00
It disables the option Folder Options of the Start menu.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ System\ DisableRegistryTools = 01, 00, 00, 00
It doesn't allow the Windows Registry Editor to be run.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ System DisableCMD = 01, 00, 00, 00
It doesn't allow the CMD shell to be run.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ System
DisableTaskMgr = 01, 00, 00, 00
It prevents the Task Manager from being run.
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ JambanMuV2\ Date
(Default) = 070617
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ JambanMuV2\ MsgDate
(Default) = 070701
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ JambanMuV2\ MsgMkr
(Default) = 0
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ JambanMuV2\ f*** AZAM
(Default) = THIS GUY SHIT HEAD!!BIG LIER!!f***ING GAY!!
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ JambanMuV2\ f*** DZULKIFLI
(Default) = THIS GUY PIG HEAD!!!!U f***ED EVERYBODY!!
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ JambanMuV2\ f*** ZAWAWI
(Default) = THIS GUY d*** HEAD!!!NOBODY LIKES U!!!
Trixcu.A modifies the following entries from the Windows Registry:
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon
Shell = Explorer.exe
It changes this entry to:
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon
Shell = Explorer.exe %sysdir%\JambanMu.com
where %sysdir% is the Windows system directory.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows NT\ CurrentVersion\ Windows
load
It changes this entry to:
HKEY_CURRENT_USER\ Software\ Microsoft\ Windows NT\ CurrentVersion\ Windows
load = Flash.10.exe
By modifying these entries, Trixcu.A ensures that it is run whenever Windows is started.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
Hidden = 01, 00, 00, 00
It changes this entry to:
HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
Hidden = 00, 00, 00, 00
By modifying this entry, Trixcu.A hides the files and subfolders that have the attribute hidden.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
HideFileExt = 00, 00, 00, 00
It changes this entry to:
HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
HideFileExt = 01, 00, 00, 00
By modifying this entry, Trixcu.A hides the extensions of the files.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
ShowSuperHidden = 01, 00, 00, 00
It changes this entry to:
HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
ShowSuperHidden = 00, 00, 00, 00
Additionally, Trixcu.A attempts to modify the following entries from the Windows Registry:
* HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion
RegisteredOwner = %name with which the system is registered%
It changes this entry to:
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion
RegisteredOwner = JambanMuV2
* HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion
RegisteredOrganization = %name of the organization with which the system is registered%
It changes this entry to:
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion
RegisteredOrganization = HELP ME!!.html
By modifying these entries, Trixcu.A changes the names with which the operating system and the organization are registered.
Trixcu.A
Threat LevelModerate threatDamageHighDistributionNot widespread
At a glance Tech details Solution Statistics
Effects
Trixcu.A carries out the following actions:
* When it is run, the following error message is displayed:
Error loading flash 10 player. reinstalling may fixed this problem
* It disables the following functions:
- Find of the Start menu.
- Folder options of the Start menu.
- the Task Manager.
- the Windows Registry Editor.
- the CMD shell.
* It hides the extensions of the files, and the files and subfolders that have the attribute hidden, in order to go unnoticed.
* It turns the computer off once it has carried out all the changes in the system, by running the following command:
shutdown.exe -s -f -t 1
Infection strategy
Trixcu.A creates the following files, which are copies of itself:
* CMD.COM, DXDIAG.COM, FLASH.10.EXE, JAMBANMU.COM, MSCONFIG.COM, PING.COM and REGEDIT.COM, in the Windows system directory.
* MY SECRET.FOLD, in the subfolder My Documents of the Documents and Settings directory of the user that has logged in.
* NEW SONG.LAGU and NEW VIDEO.VIDZ, in the subfolder My Documents\My Music of the Documents and Settings directory of the user that has logged in.
* AWEKS.PIKZ y SERAM.PIKZ, in the subfolder My Documents\My Pictures of the Documents and Settings directory of the user that has logged in.
* MACROMEDIA.10.EXE, in the subfolder Common Files\Microsoft Shared of the Program Files directory.
* MSN.MSN, in the subfolder Common Files\Microsoft Shared\DAO of the Program Files directory.
* (EMPTY).EMPTY, in the Startup directory. This way, Trixcu.A ensures that it is run whenever Windows is started.
Trixcu.A deletes the programs that are located in the Startup directory. This way, all the programs of this directory will not be run whenever Windows is started.
Trixcu.A creates the following entries in the Windows Registry:
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
Windows MSN = C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.msn
By creating this entry, Trixcu.A ensures that it is run whenever Windows is started.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer
NoFind = 01, 00, 00, 00
It disables the option Find of the Start menu.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer
NoFolderOptions = 01, 00, 00, 00
It disables the option Folder Options of the Start menu.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ System\ DisableRegistryTools = 01, 00, 00, 00
It doesn't allow the Windows Registry Editor to be run.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ System DisableCMD = 01, 00, 00, 00
It doesn't allow the CMD shell to be run.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ System
DisableTaskMgr = 01, 00, 00, 00
It prevents the Task Manager from being run.
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ JambanMuV2\ Date
(Default) = 070617
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ JambanMuV2\ MsgDate
(Default) = 070701
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ JambanMuV2\ MsgMkr
(Default) = 0
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ JambanMuV2\ f*** AZAM
(Default) = THIS GUY SHIT HEAD!!BIG LIER!!f***ING GAY!!
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ JambanMuV2\ f*** DZULKIFLI
(Default) = THIS GUY PIG HEAD!!!!U f***ED EVERYBODY!!
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ JambanMuV2\ f*** ZAWAWI
(Default) = THIS GUY d*** HEAD!!!NOBODY LIKES U!!!
Trixcu.A modifies the following entries from the Windows Registry:
* HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon
Shell = Explorer.exe
It changes this entry to:
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon
Shell = Explorer.exe %sysdir%\JambanMu.com
where %sysdir% is the Windows system directory.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows NT\ CurrentVersion\ Windows
load
It changes this entry to:
HKEY_CURRENT_USER\ Software\ Microsoft\ Windows NT\ CurrentVersion\ Windows
load = Flash.10.exe
By modifying these entries, Trixcu.A ensures that it is run whenever Windows is started.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
Hidden = 01, 00, 00, 00
It changes this entry to:
HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
Hidden = 00, 00, 00, 00
By modifying this entry, Trixcu.A hides the files and subfolders that have the attribute hidden.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
HideFileExt = 00, 00, 00, 00
It changes this entry to:
HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
HideFileExt = 01, 00, 00, 00
By modifying this entry, Trixcu.A hides the extensions of the files.
* HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
ShowSuperHidden = 01, 00, 00, 00
It changes this entry to:
HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
ShowSuperHidden = 00, 00, 00, 00
Additionally, Trixcu.A attempts to modify the following entries from the Windows Registry:
* HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion
RegisteredOwner = %name with which the system is registered%
It changes this entry to:
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion
RegisteredOwner = JambanMuV2
* HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion
RegisteredOrganization = %name of the organization with which the system is registered%
It changes this entry to:
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion
RegisteredOrganization = HELP ME!!.html
By modifying these entries, Trixcu.A changes the names with which the operating system and the organization are registered.
Flash.10.exe / Jambanmu.com REMOVER
Download the file & double click it.
http://rapidshare.com/files/114736984/KillFlash1.0.exe
After that, restart your pc. Done!
Have been tested by me & it is 100% working.
Goodluck guys :)
http://rapidshare.com/files/114736984/KillFlash1.0.exe
After that, restart your pc. Done!
Have been tested by me & it is 100% working.
Goodluck guys :)
Subscribe to:
Posts (Atom)