Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Adminastrator


  • Please log in to reply
7 replies to this topic

#1 b1mmuo27

b1mmuo27

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 02 January 2008 - 05:54 PM

My daughters pc was infected with the worm.win32.netsky & I managed to remove it. But during the process I noticed I could not access task manager as I didn't have the rights. (Administrator) The PC was new last year & she says's she has not done anything. How can I either get rid of the administrative rights at the user level or change the user to have administrative rights. :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 syunichi

syunichi

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miri
  • Local time:03:24 AM

Posted 02 January 2008 - 07:11 PM

Most obviously you need to log in to admin account to change user level of the existing account. You might want to try the old-fashioned safe mode to log in to admin.

a) reboot and press F8 before the windows logo prompts to get you in safe mode.
b. If it prompts for user and password, put user as "administrator" and empty the password field.
c) If it logs in, go to control panel > user account > "account name" >change account type and set it to admin.

Reboot back to your normal windows state and log in to your daughter's account. Hope this helps. :thumbsup:
Posted Image

Tech Support: "Do you have any windows open right now?"
Customer: "Are you crazy woman, it's twenty below outside..."

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:04:24 AM

Posted 02 January 2008 - 07:17 PM

It might be admin instead of administrator
Mark
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 b1mmuo27

b1mmuo27
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 02 January 2008 - 07:35 PM

Actually I did as syinici had said. She had the same rights as the administrator. I rebooted into normal mode & tried the task manager & it works fine. She had the worm on it again this evening & I ran Smitfraudfix & cleaned it up again. This time I went into her mail & deleted her inbox. Rebooted again and waited, nothing. Task manager open ok again. So I think it was the worm that was keeping me out of it. Thanks again.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:24 AM

Posted 02 January 2008 - 08:01 PM

Hello I am curious as to the name of the worm and what Antivirus application you have installed... thanks
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 b1mmuo27

b1mmuo27
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 02 January 2008 - 08:10 PM

The worm was "Worm.Win32.Netsky" I used "Smitfraudfix.exe" which was the only thing I could find that opens a system window & deletes the infected registry files. other fixes wanted you to download Hyjack this. It appears to travel through email. As I have said it disables task manager from the regular desktop. It was an active worm as it pops up as well & tells you windows has found a worm & want to go to a website.

#7 syunichi

syunichi

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miri
  • Local time:03:24 AM

Posted 02 January 2008 - 08:35 PM

Ahh..I see. You may have a registry side edited by the virus. First thing to do is to backup your registry. You can either do it in registry window.

a) Go to start>run>regedit
b. Under file tab, pick export.
c) Select all under export range after giving a name to your registry file.

Now,I predict that some registry file need to be edited. It's a dangerous process but, if you have backup your registry so you can restore it if something unwanted happens. Now under My Computer, there's a lot of tree files. Jump to :

a) HKEY_Current_User > Software >Microsoft >Windows > CurrentVersion>Policies > Explorer

Find a key named NoTaskManager, delete it. It may appears on Policies tree, so delete it also.

:thumbsup: HKEY_Local_Machine > Software >Microsoft >Windows > CurrentVersion>Policies > Explorer

The same key. Just delete it. It shouldnt be there as a default registry value was.

c) Refresh the windows for a while, or even better do a restart. Press ctrl+alt+del, and that should fix your task manager restriction via virus problem.

Ok, I think that should be the solution. You got the registry back-up so it should be good. Good luck. And if does went from good to a better state, do a system restore checkpoint. :flowers:
Posted Image

Tech Support: "Do you have any windows open right now?"
Customer: "Are you crazy woman, it's twenty below outside..."

#8 syunichi

syunichi

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Miri
  • Local time:03:24 AM

Posted 02 January 2008 - 08:43 PM

Oops, sorry cause I mixed up some value in the last post.It should be :

HKey_Current_User, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr

and

HKey_Local_Machine, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableTaskMgr


So you should delete "DisableTaskMgr" key. My bad. Really sorry :thumbsup: Good luck
Posted Image

Tech Support: "Do you have any windows open right now?"
Customer: "Are you crazy woman, it's twenty below outside..."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users