Guest Allen Clark Posted September 12, 2007 Posted September 12, 2007 I have a user that has picked up a virus or worm that has disabled the control panel from any user that is logged on to the system in Windows XP SP2 (with all security fixes installed) running Symantec Corporate Edition 10.0 with current virus signatures. If I log in using the local administrator account, I cannot open the control panel. I get a message saying that this has been disabled, contact my local administrator. I cannot open the control panel from the run command either. I cannot get into the add/remove programs and I cannot disable the system restore to try to clean up some of these virus files. Any ideas? Thanks in advance, Allen
Guest Malke Posted September 12, 2007 Posted September 12, 2007 Re: Virus has disabled administrator access Allen Clark wrote: > I have a user that has picked up a virus or worm that has disabled the > control panel from any user that is logged on to the system in Windows XP SP2 > (with all security fixes installed) running Symantec Corporate Edition 10.0 > with current virus signatures. If I log in using the local administrator > account, I cannot open the control panel. I get a message saying that this > has been disabled, contact my local administrator. I cannot open the control > panel from the run command either. I cannot get into the add/remove programs > and I cannot disable the system restore to try to clean up some of these > virus files. Any ideas? > > Thanks in advance, > Allen Since this is a corporate machine, I'd just wipe it and reapply your image. It's the safest way to make sure the machine is clean. Malke -- Elephant Boy Computers http://www.elephantboycomputers.com "Don't Panic!" MS-MVP Windows - Shell/User
Guest Allen Clark Posted September 12, 2007 Posted September 12, 2007 Re: Virus has disabled administrator access Yes, this is a corporate machine. I prefer another method OTHER THAN the shotgun method of reformat, reload. Because of the custom applications installed on this workstation, it is not quite as simple as secretary's system that only has XP, Office, and IE installed. Does anyone have a workable solution to this issue? Thanks in advance, Allen Clark "Malke" wrote: > Allen Clark wrote: > > I have a user that has picked up a virus or worm that has disabled the > > control panel from any user that is logged on to the system in Windows XP SP2 > > (with all security fixes installed) running Symantec Corporate Edition 10.0 > > with current virus signatures. If I log in using the local administrator > > account, I cannot open the control panel. I get a message saying that this > > has been disabled, contact my local administrator. I cannot open the control > > panel from the run command either. I cannot get into the add/remove programs > > and I cannot disable the system restore to try to clean up some of these > > virus files. Any ideas? > > > > Thanks in advance, > > Allen > > Since this is a corporate machine, I'd just wipe it and reapply your > image. It's the safest way to make sure the machine is clean. > > > Malke > -- > Elephant Boy Computers > http://www.elephantboycomputers.com > "Don't Panic!" > MS-MVP Windows - Shell/User >
Guest Elmo Posted September 13, 2007 Posted September 13, 2007 Re: Virus has disabled administrator access Allen Clark wrote: > I have a user that has picked up a virus or worm that has disabled the > control panel from any user that is logged on to the system in Windows XP SP2 > (with all security fixes installed) running Symantec Corporate Edition 10.0 > with current virus signatures. If I log in using the local administrator > account, I cannot open the control panel. I get a message saying that this > has been disabled, contact my local administrator. I cannot open the control > panel from the run command either. I cannot get into the add/remove programs > and I cannot disable the system restore to try to clean up some of these > virus files. Any ideas? > > Thanks in advance, > Allen - From a post by Doug Knox: See http://www.dougknox.com, Win XP Utilities, Windows XP Security Console. This restriction, and many others, can be controlled with this utility. - Or try some online virus scanners. Try one of these free online virus scans: This one has a choice of a Quick or a Complete check http://www.pcpitstop.com/ Symantec http://security.symantec.com/default.asp?productid=ssr&langid=ie&venid=sym <url:http://security2.norton.com/us/home.asp?j=1&venid=sym&langid=us&plfid=20&pkj=IHBEXIBVEMBQAUWZKTK> then click the Security check link. http://housecall.antivirus.com/ free online virus scan http://www.ewido.net/en/ Avast! has a boot scan that might get control of the malware before it disables the av protection. Whether that would restore administrative control, I can't say. You might try an a/v newsgroup where more ideas can be suggested. -- Joe =o)
Guest Malke Posted September 13, 2007 Posted September 13, 2007 Re: Virus has disabled administrator access Allen Clark wrote: > Yes, this is a corporate machine. I prefer another method OTHER THAN the > shotgun method of reformat, reload. Because of the custom applications > installed on this workstation, it is not quite as simple as secretary's > system that only has XP, Office, and IE installed. Does anyone have a > workable solution to this issue? No image? Consider making one after you get this sorted. The problem is that you don't have the administrative privileges you need so you will have to try to clean up the machine outside of Windows, at least to the point where you regain control over the machine. This can be done by slaving the hard drive in a working XP machine and scanning from there or by booting the original machine with a Bart's PE that you've made and scan with virus/malware-removal tools from the Bart's. The latter is preferable because it avoids the possibility of the host machine becoming infected. Once you have the machine pretty well cleaned up outside of Windows, you can put the drive back in the original machine (if that's the way you did it) or boot into Windows and continue cleaning first-hand so to speak. Make sure you don't have that machine on your corporate network until you know it is completely clean. General malware removal: Go through these general malware removal steps systematically - http://www.elephantboycomputers.com/page2.html#Removing_Malware Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. Please see the special Notes regarding using Multi_AV in Vista. http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions http://pcdid.com/Multi_AV.htm - download You can also check to see if there are targeted removal steps for your malware here: Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html When all else fails, run HijackThis and post your log in one of the specialty forums listed at the first link above (not here, please). Malke -- Elephant Boy Computers http://www.elephantboycomputers.com "Don't Panic!" MS-MVP Windows - Shell/User
Recommended Posts