To check if a bot was a bot, before I reported him, I clicked on his link. It opened up a page and then loads and loads of MS-DOS things tuned up. They went quickly. Then the printer started printing out blank sheets and AVG Anti virus found three threats. I was wondering what had happened. Then I tried up open task manager (thinking that on task manager there would be a program causing the printing). It said to me:
Task Manager has been disabled by your system administrator.
I was thinking "what, I AM system admin." I then tried to access the admin tools. It said to me that the workstation service had not been started. That is the same message that a non-administrator would get should they try to change anything on the admin tools. I can, however, access control panel and change most settings there.

So what is going on :help:

Update: Two MS-DOS consoles just appeared again.

Not sure what's going on.

PM me the link please and we'll look into it. (Please don't repost it here if you think it's a threat.)

Try to start in fail safe mode, diseable restore system and run an antivirus program.

got a bad viruis there m8. My comp had a hardrive crash last November. It may have beem Hacked, a Virius or me press the off button to much instead of shutting it down. But yea, I had a few trojans deep inside my Windows file, barley got them out, but there still 1 around,since my comp is stilll running slow,but not that slow anymore.

Last time this same thing has happened to me (Not from the bot though), I had the File Options removed from everywhere, and I couldn't change anything in that matter. I also couldn't acces the registry of my PC. Check if that's the same case for you.

(And yes, I AM the Admin ~;) Anyway, I just formatted and cut my self all the trouble ~;) )

Not helpful now, but when you're back up and running I'd be sure to use Spyware Blaster and browse with Firefox w/ NoScript and AdBlock loaded... that should help keep you from ever having such a problem again.

Edit: For help removing whatever you've got, I've had some luck with SwatIT (http://swatit.org/) in the past- It removed some really nefarious stuff from a server I was working on... although that was a while back, so I cant vouch for how good it is or isnt now.

Looks like whatever it was, exploited something-or-other in whichever version of IE your were running. A dodgy activex control or some malicious Javascript can do what you've described, ro you were tricked into clicking something you shouldn't have. I've seen it all before, though usually only under IE.

Your task manager has been locked by an easily exploitable system security policy. You'll need to re-enable that manually before you try to remove whatever nasty you've now picked up.

Run regedit and go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Find the DWORD value: DisableTaskMgr

This will be set to 1 (Disabled) and you need to change it back to 0 (Not Disabled).

If you're uncomfortable in Regedit, and you're running XP Pro, you can use the Group Policy Editor. Go to the start menu and click run. Enter "gpedit.msc" and browse to: User Configuration + Administrative Templates + System + Ctrl+Alt+Delete options + Remove Task Manager, and disable it.

You'll probably need to download hijackthis, and post up a log here, this is time consuming.

First go to this post and download whichever of these programs that you don't already have and run full system scans with all programs, except SpywareBlaster which you don't need yet, and fix any problems found (AVG Antispy is more manual requiring you to set which problems you want to fix. Don't fix anything you're not sure about. Before you run any scans, go into all of your browsers and delete all of your temp files and cookies.

https://forums.totalwar.org/vb/showpost.php?p=1302352&postcount=21

After this you'll need to download HijackThis from here (ignore the commerical ads on the site):

http://www.majorgeeks.com/download3155.html

Extract HijackThis.exe to C:\Hijackthisxyz\

Rename HijackThis.exe to Hijackthis1991.exe

Run HijackThis and do a full scan and save a log. Post up the full log here, don't do anything yet. Please IGNORE any advice from other posters as to what to delete or remove. You can seriously mess up your system by deleting the wrong thing from HijackThis. HijackThis is not an anti-spyware scanner. Not everything in your log is spyware, some things are critical, so you need to be careful and not delete anything until it's been positively identified.

The morale of this story is if you see a post that appears to be from a spambot, don't click on the links.

Good advice Manco Capac. Sadly after I re-booted it, thinking it might fix it, it wouldn't start up at all. Only in Safe Mode would it work. So I couldn't read your post so I couldn't fix it, so I sent it to the repair yard where it is currently under going extreme hard drive surgery at the hands of a guy called Mike.
Thanks anyway.

And Beirut, I can't post a link because the bot was instagibbed after it killed my computer. I curse the mods for not killing him sooner. :furious3:

Morale of the story; instagib first, talk later.

And Beirut, I can't post a link because the bot was instagibbed after it killed my computer. I curse the mods for not killing him sooner. :furious3:

And we curse you right back. Thanks! :2thumbsup:

And Beirut, I can't post a link because the bot was instagibbed after it killed my computer. I curse the mods for not killing him sooner.

There you go. Add this to your "What Would You Do If You Were The Admin" checklist for the good of the humanity.

And my computer survived it's surgery. It is at the shop ready to be collected.

I am making the mods pay for it: double :greedy:

It cost £30, by the way.

Lesson here: don't use IE!

Lesson here: don't use IE!
I would use IE 7 - if I could. I run illegal windows (curse that guy at the computer shop) and the only legal computers that I have acess to restrict me from downloading anything over 30MB to my area.

Forget IE7, download and use Mozilla Firefox or Opera. 90% of your browser toolbar/hijack etc problems will then be gone.

the bot was instagibbed after it killed my computer. I curse the mods for not killing him sooner. :furious3:


Allow me to quote Milli Vannilli:


Blame it on the rain, yeeeaah yeeaah...

I would use IE 7 - if I could. I run illegal windows (curse that guy at the computer shop)
I know these stories and the problem is, they're often true.
It's really a shame how some "computer experts" who run their own shop sell customers illegal copies of windows and/or don't even supply an original CD, a good way to make people dependant on them I guess(and earn a lot of money by selling an illegal copy while pushing the price up because "it includes all the software you need").:furious3:

Next time you better don't buy a new PC if the guy refuses to hand you an original Windows CD, you may also want to think about reporting him to Microsoft.:idea2:

Yes, and Another Lesson is

Don't open Links from Spam Bots ;-/

Yes, and Another Lesson is

Don't open Links from Spam Bots ;-/


The morale of this story is if you see a post that appears to be from a spambot, don't click on the links.

Indeed. Though I must admit that I do sometimes click on those links in spam emails that inform me that the details of my bank account need updating because the bank has just got some new "SSL servers"! Like a bank is really going to inform customers about that. :beam:

You get redirected to a fake domain, then off to a nice form where you can enter your credit card details, full contact details, social security number, ATM PIN, and anything else you'd like to hand out to a thief. :inquisitive:

Don't try it at home please.

Don't try it at home please.
Never.

Indeed. Though I must admit that I do sometimes click on those links in spam emails that inform me that the details of my bank account need updating because the bank has just got some new "SSL servers"! Like a bank is really going to inform customers about that. :beam:

You get redirected to a fake domain, then off to a nice form where you can enter your credit card details, full contact details, social security number, ATM PIN, and anything else you'd like to hand out to a thief. :inquisitive:

Don't try it at home please.
Sounds like fun.:2thumbsup:

Indeed. Though I must admit that I do sometimes click on those links in spam emails that inform me that the details of my bank account need updating because the bank has just got some new "SSL servers"! Like a bank is really going to inform customers about that. :beam:

You get redirected to a fake domain, then off to a nice form where you can enter your credit card details, full contact details, social security number, ATM PIN, and anything else you'd like to hand out to a thief. :inquisitive:

Don't try it at home please.Cookies in a jar... ~:wacko:

Hold on, are there actually spam bots posting viruses on the .Org?

Hold on, are there actually spam bots posting viruses on the .Org?

What do you think ? ~:)

Hold on, are there actually spam bots posting viruses on the .Org?
There are spam bots on every large small - huge forum. That's why spam bots do it - they want to advertise their products for free so they send their bots to somewhere large hoping that as many as possible read their ads and click on their links as possible before they get killed. Of course not all bots are "friendly" enough to just post advertisements - some bots post links to virus' and dodgy websites as I found out.

I've seen a small, practically dead, forum that is positively plagued by them. There are probably more more bots than members.