Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting Rid Of Trojans When You Can't Sign On-line ?


  • Please log in to reply
7 replies to this topic

#1 scrapper

scrapper

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 30 October 2005 - 10:02 AM

Hello,

My daughters computer has taken on a life form of it's own :thumbsup: No matter what we try to do, a prompt comes up that tells her she is Not Authorized to do this !!! ???? We did find trojan viruses with a scan, but don't know how to remove them -- because of the Not Authorized situation. Now it won't even sign online and she HAS to access her school programs (Cyber School Student) to do homework this week-end. Is there ANY hope for this ???

I read where members have been requested to make and send scans -- but evidently it can't be done in this case ......

PLEASE HELP

scrapper

BC AdBot (Login to Remove)

 


#2 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:04:43 AM

Posted 30 October 2005 - 02:01 PM

Have you signed in under admin? What antivirus are you using? Start in safe mode and run your anti virus. This will clean your computer prior to the virus' starting.
"2007 & 2008 Windows Shell/User Award"

#3 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:08:43 PM

Posted 30 October 2005 - 07:55 PM

:thumbsup: to BC scrapper.

You will need to start your computer in safe mode and run various anti-spyware programs listed below. Since you are unable to do much with your computer as it is, you may need to get these programs from another PC with internet access by downloading the installers and transfer them via a flashdisk or a CDROM. Then follow as much of this blurb as possible-

Is your Anti-virus program current and updated? If not you can download a free anti-virus program here (US Link): AVG Free
When you have downloaded and installed it you need to go online to register it and update it. (It will probably prompt you to do this.)
Once you have installed AVG uninstall your old Anti-Virus software because you should only have one running on your system.

Do you have any anti-spyware installed? If not download and update all of the following:Reboot your computer in Safe Mode and run the anti-virus scan and anti-spyware scans there.
If you are not sure how to boot in Safe Mode there is a tutorial here: Safe Mode

See if that helps :flowers:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#4 alby

alby

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tijeras, NM
  • Local time:06:43 AM

Posted 30 October 2005 - 11:26 PM

Have you signed in under admin? What antivirus are you using? Start in safe mode and run your anti virus. This will clean your computer prior to the virus' starting.


I'm at the stage originally noted: intercepted/blocked Explorer by what is reported as Trojan-Spy.HTML.smitfraud.c . No access I know to get on-line. I've tried ---um--- most of Grinler's 14 pages of directions--but this ??? blocks all attempts to install, including the Disk Cleanup routine in ---um--- the batch file smitrem.

One of the original messages indicated shlwapi.dll was incomplete, and it is a smaller version than other "normal" XP versions. But in replacing this dll, the nemesis appears. With the truncated version, certain ports are not accessible.

I've tried the advice to slave the drive and read it with other av-malware. About this time, TeaTime (on my computer) has its fits and won't permit necessary changes with other scans.

TrendMicro Housecall identified some infections and AVG resident on my computer popped some of these.

And XoftSpy416, which I can install, finds a great number of suspicious running devils, but wants $30 to get rid of them.
Soooo...
what do we do now?

#5 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:08:43 PM

Posted 31 October 2005 - 01:18 AM

:thumbsup: alby - I don't follow that at all. This topic belongs to scrapper, if you want help on a similar problem you should start a new topic that way you will know the advice given is for you and not for someone else.
:flowers:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#6 scrapper

scrapper
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 05 November 2005 - 11:15 AM

Have you signed in under admin? What antivirus are you using? Start in safe mode and run your anti virus. This will clean your computer prior to the virus' starting.



Hello to acklan and to Rimmel......... Thank you for the Welcome

Sorry I haven't been able to respond sooner -- needed to get another puter up and running before I could pursue this farther...... and I have a better understanding of what happened to my daughters computer now.

Evidently she made another account to "by-pass??"the Administrative Account..... (which was her school curriculum) so she could access other sites. ( I didn't know about this) This is when she was open to trojans, no doubt and I suspect it was from a Limewire Account she opened ( Music Donloads) From a scan we made the results are that there are 17 trojans that were found!!!!!!! :thumbsup:

OK at this point-- one of the viruses deleted the Administrative Acount and she hasn't been able to access that account from that time on.. (note: this will answer the question of whether she tried to sign-on under that Administrative Account ).

This is the prompt that appears whenever we try to sign online--
čour Network Administrator has disabled your ability to write to the system directly. A more priviledged user will need to update this for you !!!!!!!!!!
ÍK-- so the computer is not allowing us to delete or add anything or go online. What started this mess was a zapping we got 2 weeks ago from a power outage.. through the telephone line. I replaced the modem, and now a prompt tells us that the ISP files are damaged, and to delete and redownload. DUH!!!! Can't Delete or Download ANYTHING!!!!

Symantec is the program that came installed on the computer from the school -- but it's doubtful that it's been updated.... my daughter says she's not sure-- so that usually means NO!

Is there ANY hope for salvaging this ?? There are files on that harddrive that have to be accessed and the intention was to put them into this computer, after I got it back up and running after installing a new power supply (from another zapping we got last winter) Actually I was only a few days away from this goal when we got hit with an unseasonal snow strom 2 weeks ago which wreaked havoc in this area... with power outages everywhere. The computeris school property and has to be returned to them minus all the other stuff she downloaded into it. I hope this sheds a little more light on the situation...... I'll try and answer any more questions as they come up. We even tried to "go back" ??? to a certain date before all of this happened-- at the cost of forfeiting all the information that was to be transferred to my computer, but it won't do that either.

Any help or suggestions appreciated.
Many thanks for getting back to me on this.
Scrapper

#7 scrapper

scrapper
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 05 November 2005 - 11:22 AM

H RIMMER H------

I am so sorry for getting your name spelled wrong... please accept the apology

:thumbsup:

Thanks again for answering -- I will try your information when I can get to that point.

Scrapper :flowers:

#8 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:08:43 PM

Posted 05 November 2005 - 09:26 PM

Re: name - no need for apology, I've been called a lot worse! :thumbsup:

one of the viruses deleted the Administrative Acount

I'm not sure that's possible? Maybe changed the password? Anyhow your stuck in a limited account and you have Read-only access to everything.

I know there are ways of regaining access to Admin accounts, hopefully someone will be able to advise you on that. In the meantime if there are specific files you need to access how about booting from the XP CD and using commands in Recovery Console to copy files? How useful this is depends on the filesize, how many there are and what media you have available e.g. is it feasible to copy them to floppies? Do you have an external hard drive available?

For information, does your (working) PC have internet access and a CD burner available? Can it be networked to the School computer in any way? (wireless or via hub/router?)

:flowers:

Edited by Rimmer, 05 November 2005 - 09:27 PM.


Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users