I'm thinking I might have a virus on my XP box now...only explanation for the weird stuff going on. My virus software just expired last week and I haven't gotten around to updating it.

Anyways, whenever I try to open task manager, the window pops up briefly and then disappears before I can do anything. Also I just tried to open msconfig to remove even more from startup and it did the same thing. I figure maybe a virus hit me that is designed to protect itself by not letting me select what starts up and not letting me manually shut down processes.

Any thoughts?

A few things you might try:

-Download a free task manager, see what's up.

-Download "Spybot: Search and Destroy" or "Adaware" to look for spyware. I find about 100 items every month or so on my PC(s).

-Get some demo Anti-Virus software, just to check things out. Or you can fool your current AV software by changing the system time back a few weeks. But I didn't tell you too :wink:

-Windows update

Try TrendMicro's PC Housecall at http://housecall.trendmicro.com.

This sounds fishy.. Viruses aren't usually sophistocated enough to be running in RAM and monitoring what's running so they can stop it. Try booting into safe mode and accessing your registry. Look for the "Run" and "RunOnce" keys, as well as in your startup folder and win.ini for any programs set to run at startup.

First of all, reboot your machine... :wink:

If you need a free AV package, try AVG Free Edition... (http://www.grisoft.com/us/us_dwnl_free.php)

Steve

SysInternals (http://www.sysinternals.com/) has an excellent free process viewer called, Process Explorer (http://www.sysinternals.com/ntw2k/freeware/procexp.shtml). I just noticed it was updated to v8.x a couple weeks ago. (You can ignore the error you may get about symbols the first time you run it.) It takes the NT-style process list in WinXP to a new level, showing the actual path to the process and displays them in a tree layout which shows what started the process. Worms that run as lsass.exe which look legit in the WinXP process list can be revelaed for the imposter they are once you are able to see that the path to the executable file isn't the same as the legitimate lsass.exe.

Here is the link to Spybot Search & Destroy (http://security.kolla.de). Install it, check for and install all updates, then let it scan your system.

Update your anti-virus software! :)

... Or you can fool your current AV software by changing the system time back a few weeks. ...
That generally doesn't work anymore. Most subscription-based software uses more sophisticated means of tracking subscription status than a simple check of the local system time. Until WinXP came out, I'd routinely run into systems during service calls where the system clock was anywhere from a few minutes to a few weeks off, so having the software rely on the system time is risky. (WinXP automatically resets the system clock once a week or so to closely match an atomic clock so very few WinXP systems have a clock that's incorrect by more than a minute or two.)

Thanks for all of the responses guys, and also to whoever moved this to the proper forum. For the life of me when I was looking I couldn't find the OT forum!

Anyways, I had downloaded Spyware S&D just now and ran it through all of it's steps, to no success for my current problem. It did get rid of some spyware, but still no msconfig or TM. I'm going to go ahead and try some of the other things you guys mentioned right now.

And to whoever recommended that I restart, yeah, I've done that about 15 times today. That's always the first step with any problem that I have.

Give this a shot... (http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html)

Steve