PC Health Problem

greenbeermonkey · March 11, 2008

Hi All,

I'm new to the forums so hello!

I'm running Win XP Pro SP2.

I've booted up my pc yesterday evening and have comodo antivirus and firewall running - (previously Kapersky 8 suite). I ran a full scan on sunday with no problems and updated spybot S&D and had no malware detected.

My problem is that i have 'insufficient permission' to run any program that is installed on my pc. I have an always on internet connection and fear that a trojan or virus has come down undetected. I cant run the antivirus program as i windows wont allow me, and i get a further message saying that it cant find the program and may have been moved or deleted. I've checked my hard drive and still have all my files.

i've run a full scan in safe mode and still nothing - the definitions most definetly not include this virus? How can i fix this problem - do i use the repair function with my windows cd in safe mode?

Furthermore I did a check on the virus list on symantec and found that the only thing that sounds suspiciously like my symptons is the Rotokbro virus.

I dont get any different icons or anything though so im a bit lost. I just seem to have lost every administrator privalige.

Please help!

JEBWrench · March 11, 2008

I'm assuming your web browser runs?

Tony D · March 11, 2008

Try an on-line scan from http://www.ewido.com. You need to use Internet Explorer.

greenbeermonkey · March 11, 2008

I'm assuming your web browser runs?

Well Firefox doesnt because i've not got 'sufficient permission' that is the key phrase that pops up. I cant access any program at all. I cant access anything windows related but I can access my hard drive and view it.

greenbeermonkey · March 11, 2008

I'm on my work pc at the mo btw. Hence my forum activity.

maynardvdm · March 11, 2008

If you have another pc you can put the hard drive in that one as slave and do a full scan on the other pc. You already did a full scan in safe mode? Do you have admin privaliges in safe mode?

What is the exact error message?

greenbeermonkey · March 11, 2008

I'll have to revert back with the exact error message but it effectively comes as a window error message 'Access Denied - You do not have sufficient priveliges to carry out this task'.

As i said i'll get back on the absolute phrase later. I can't slave the hard disk as i'm at work (beavering away during lunch).

I've got admin rights in safe mode, but i cant access the internet. I cant seem to turn on my wireless connection. But isnt that a feature of safe mode? Yes to the full scan (which came up with nothing) both spybot and comodo av.

I think i have hijack this - if i do I'll try to run it in safe mode and see what that reports and post it in the relevant forum later.

maynardvdm · March 11, 2008

What if you go in safe made create another account and see if that account has admin privaliges. But also hear what the other think of this idea

Tony D · March 11, 2008

Safe Mode with networking will not allow connection to the Internet via a wireless connection. You will need an Ethernet connection.

danzil · March 11, 2008

i would not try plugging this hard drive into anoher machine,especially a work one. (netowrk) you may risk infected the whole system.

i would try safe mode, then go to start>run type in msconfig. post a list of the names listed in the "startup tab", we maybe able to block it from running when the pc turns on,so we can then remove it.

try deleting all temp files on that pc.

how long has this been going on for.

what exactly was you doing before you experienced this issue.

if it is not a virus you have the option of system restore,have you tried this...try it in safe mode..

i am aware virus's can infect the restore points also but not all so maybe worth a try.

post back im sure we can help

regards

danzil

AdvancedSetup · March 11, 2008

Well almost guaranteed you have a malware infestation.

Could very well be active software preventing you from running things or it could also be a policy setting.

Try to save this file in notepad and save as a .REG file and apply it to your PC at home by double-clicking on it.

You can save it in notepad by doing a File-SaveAs and placing quote marks around the file name like this: "removepolicies.reg"

If the trouble is from a policy this should remove it if you have Admin rights. If it's active software it probably won't do anything.

REGEDIT4

[HKEY_CLASSES_ROOT\CLSID\{D82BE2B0-5764-11D0-A96E-00C04FD705A2}]
@="IShellFolderBand"

[HKEY_CLASSES_ROOT\CLSID\{D82BE2B0-5764-11D0-A96E-00C04FD705A2}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,48,00,\
 45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2\]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop\]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\BarSize\]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoBandCustomize"=dword:00000000
"NoMovingBands"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"LockTaskbar"=dword:00000000
"NoTrayContextMenu"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoCloseDragDropBands"=dword:00000000
"NoMovingBands"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\]
"BarSize"=-
"Media Band"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

greenbeermonkey · March 12, 2008

Hi Guys,

Good news!

I did a restore point to before i had problems in safe mode as advised. I updated my av and spybot and it found the malware. Performed full system scan again and i am clean.

Thanks for all your help and advice in resolving this issue.

Cheers very much

GBM

Seth · March 12, 2008

Thanks for the update.

Spybot Search and Destroy isn't a very good scanner. Here are two much better ones:

http://www.superantispyware.com

http://www.malwarebytes.org

RandyL · March 12, 2008

Hi all;

Depending on what the malware was it might still be in the system restore files. As such it might come back.

Run the scans that seth suggested before doing anything else.

They will probably find more.

Then post back please with more details on any malware they find.

greenbeermonkey · March 12, 2008

ah right, didnt realise spybot wasnt that hot anymore (or if it ever was for that matter!)

i'll try the recommended malware programmes and report back my findings.

Cheers for your help

GBM

JEBWrench · March 12, 2008

Happy hunting GBM. :) Hope the advice of everyone helps you tidy up your system.

Sign In

PC Health Problem

Recommended Posts

greenbeermonkey

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

JEBWrench

Tony D

greenbeermonkey

greenbeermonkey

maynardvdm

greenbeermonkey

maynardvdm

Tony D

danzil

AdvancedSetup

greenbeermonkey

Seth

RandyL

greenbeermonkey

JEBWrench

Join the conversation

Browse

Activity

Site Info