Removing ac8zt2, and getting Task Manager back
SYMPTOMS
My spyware/malware program alerted me to four files that contained a virus. The first file was ac8zt2. Each time I deleted them, they came back. I tried to use Task Manager, and got message, “Task Manager disabled by your administrator”, which is me on a single computer.
Used HyjackThis to generate log file. Looked okay. Tried several other procedures without success. Eventually cured the problem, as follows.
The virus is Win32viking.OA [trj], which is a Trojan.
1. Locate and delete the hidden file ddkret.dll, in path C:\Windows. HyjackThis log file did not list the hidden file. Windows explorer cannot see it. Use a Task Manager utility program to locate the file. I used Security Task Manager. Although this utility found, and listed the file, it did not recognize it as a threat, could not determine it’s purpose, and classed it as “probably harmless”. It only got my attention as I had not seen it before, and it was not listed when I used this utility a few days previously, (before the infection).
2. Use Security Task Manager to quarantine the file. Now go to Windows Explorer, find the Quarantine folder, and delete the file ddkret.dll. Now when you delete ac8zt2.exe, and the few files with it, they will not return.
3. Now to get Task Manager back.
• Click Start, Run and type Regedit.exe
• Navigate to the following location:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System
• In the right-panel, delete the value named DisableTaskMgr
• Close Regedit.exe
You may or may not have to reboot at this point. I am using Win XP, and did not need a reboot to get Task Manager back.
Good Luck
