Windows

Hi,
probably not what your after, but if you go into msconfig, then on the services tab, from there you can specify the services allowed to start following the next restart.

Use the following address to see if it will provide the info you made need
http://msdn.microsoft.com/library/?url=/library/en-us/cpref/html/frlrfSystemDiagnostics.asp

That may be enough.
Any idea where I could find info on which items are to be left to start and which are my virus?

Large list of processes here:

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Like killerb said, click on the "Services Tab" in msconfig. Hide MS services and then disable all. Next select the "Startup Tab" and disable all, then reboot.

If you have ME or XP you sometimes also need to turn off System Restore or virus will restore itself from system restore.
You might also look in "Regedit" (if you are compfotrtable there) and look in HKLM\software\wmis=crosoft\currentversion\ and look at Run, RunOnce, RunOnceEx, and RunServices for anything suspicious. Especially if it says Hide or hidden. Normally you should only have entries in Run and under some cases RunServices.
You can also get cwshredder.exe and hijackthis.exe for the tough stuff.
Good Luck,
peter

I ran a Highjackthis scan and looked up all reported processes through the ProcessLibrary.com, but nothing seemed to be there that didn't have reason to be there.
The virus is still apparent because the processor is still running at 100% most of the time and it is next to impossible to send and receive emails from Outlook.
I keep seeing WintaskPro pop up everywhere in my research. Can this give me a hand up on this thing?

I think this is quite elementry. Get to Task Manager. Go to processes tab. One by one close all processes that have NOT been started by 'SYSTEM', 'LOCAL SERVICE' or 'NETWORK SERVICE'. You will be able to do that if u have administrative rights. Then try cleaning up the virus it, most probably, will work.

If you listed the name of the virus it would have helped but the general method is to boot the unit turn off System Restore then reboot into Safe Mode and run an AV scan.

When you are finished don't forget to turn back on System Restore as you'll be needing it down the track. Doing a scan that way only loads a minimal set of Windows Drivers and that is generally where any Virus Resides in the higher functions of Windows. To get into safe mode allow the system to boot up and once the POST screen has gone press the F8 key until you get a black screen asking how you want to load Windows Chose Safe Mode and nothing else and that should cure your problem.

Col

It's the W32.Dalbug.Worm. I houses itself as a scrss.dll file. It will not allow the machine to finish a virus scan, it shuts the computer down mid scan, or to start up in safe mode.
Shutting things down in task manager doesn't do any good because the original scrss.exe is a Windows file and the machine will not let that service be stopped or that file, housed in System 32, to be deleted.
I have done msconfig and started in selective mode, but this still sees it as a system file and allows it to open at start as well, again not allowing deletion.

Maybe this can help you move further along in your removal process. As far as I can tell scrss.dll and scrss.exe are not Windows files and if you cant remove them in safe mode or safe mode command prompt only then you should be able to remove them from the recovery console. Boot with your windows cd and run the recovery console and delete those files. Then you can continue with your virus scans and other cleaning of the system. Hope this helps