Task Manager on Log in - HELP!

[SiLVerBuRn]

When I first log in to Windows XP Pro It takes forever, and then I get an error message:

Windows cannot find 'tskmg.exe'. Make sure you typed the name correctly...blah blah. Yeah I know it's task manager but why does it keep doing it?

I reformatted my PC yesterday because of the same problem AND NOW ITS DOING IT AGAIN!

Someone please help me!

[HeadBand]

is there a drive you used to put data on or a cd that a virus could have been hiding on

[beetz12]

Quote:

Originally posted by SiLVerBuRn
When I first log in to Windows XP Pro It takes forever, and then I get an error message:

Windows cannot find 'tskmg.exe'. Make sure you typed the name correctly...blah blah. Yeah I know it's task manager but why does it keep doing it?

I reformatted my PC yesterday because of the same problem AND NOW ITS DOING IT AGAIN!

Someone please help me!

I had that exact problem just a few minutes ago, but after hours of research, I was finally able to find a way to fix it. I've had that problem for months, and it was such a relief to finally get rid of it.

What's culprit behind this mess is an IRC virus. If you don't use IRC or never heard of it, then don't worry about it. But it doesn't change the fact that at some point, you had the virus. After the virus gets onto your computer, it will make changes to your computer's registry, which will make itself get launched each time that you startup windows. The fact that you are getting the error: tskmg.exe is not found is because you had already deleted the virus with a program, but it has not reversed what the virus has done to your registry. Therefore, each time your computer starts, it will try to launch the virus, but when it can't find it, that's when you get the error.

This is what you do to reverse the process:
First go to your "start menu" and select "run". Then type in "regedit" and click "ok". Then in the window that comes up, press "ctrl + f" on your keyboard, and this will bring up the search box. Now type in "tskmg.exe" in there, and check the box that says "match whole string only" at the bottom. Now click search, and it will bring up some results. Delete all of them.

Now, it's time to reverse the changes that the virus has made to your computer's registry.

The virus:

Adds the value:

"winsockdriver"="tskmg.exe"

to the registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce

so that the worm runs when you start Windows.


Adds the value:

"bla"=<current month multiplied by 30, plus the current day of the month>

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSconfig

so that the worm keeps track of when it last updated itself.

.
Modifies the System.ini file by changing the line:

"shell"="explorer.exe"

to:

"shell"="explorer.exe tskmg.exe"


Modifies the Value data of:

Shell

in the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

from:

"explorer.exe"

to:

"explorer.exe tskmg.exe"


In regedit , just delete all the values that the virus added, and change all the values that the virus modified to the way they were, and you should be fine. It worked for me. Good luck with it man.