Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicking on dds.scr - "access denied"


  • Please log in to reply
5 replies to this topic

#1 bc3141

bc3141

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 26 October 2010 - 12:20 AM

I am trying as hard as I can to get through the Preparation Guide to post my computer problem with the required steps. (Misdirected links and searches and tabs opening to ads).
I am on step 7.
When I double click the downloaded dds.scr file I get "access denied".
There is a one sentence line in the instructions that states: "Disable any script-blocking programs". I have no idea what this means and after hours and hours of googling I'm no closer to an understanding. Yeah, I'm stupid, but it seems to me that if you're bright enough with computers to follow these guide instructions you'd have no problem fixing malware and viruses.

How do I get past "access denied"?
What in the world is "script blocking" and how do I stop it?
Is that even my problem?
I have disabled my AVG program because I though that might be "script blocking" opening myself up to more internet malware. No effect.
Does Windows have "script" blocking?
I'm so far away from my real problem it isn't funny.
Can anyone help me with "access denied"?
Robert

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:52 AM

Posted 26 October 2010 - 08:06 AM

A script is a text document written in a scripting language that contain coded instructions (list of commands) which are executed by certain program without user interaction. While this can be useful for programming language like Visual Basic Script and JavaScript, it can also be a security risk since some types of malware execute scripts and cause infection. Script Blocking is a security protection technology designed to stop the spread of viruses by preventing malevolent or suspicious scripts from running on a computer to minimize the possibility of infection.

If you cannot disable script blocking or get DDS to run, try this instead.

Please download RSIT by random/random from the link provided for your operating system and save it to your desktop.
Link 1 for 32-bit version
Link 2 for 32-bit version

Link 1 for 64-bit version
Link 2 for 64-bit versionThis tool needs to run while the computer is connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.

  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
    If using Windows Vista, be sure to Run As Administrator.
  • Read the disclaimer and click Continue.
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Another text file named info.txt will open minimized.
  • Save the log files to your desktop and copy/paste the contents of log.txt by highlighting everything and pressing Ctrl+C.
  • After highlighting, right-click, choose Copy and then paste the contents into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.
  • Copies of both log files are automatically saved in the C:\RSIT folder which the tool creates during the scan.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If RSIT did not work, then reply back here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 bc3141

bc3141
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 26 October 2010 - 12:42 PM

Quietman7, thank you for your kind reply.
But OMG I surrender.
I am totally defeated.
I do not know enough about computers for all this.
And this isn't even addressing my problem - I've been working on the proper way to simply present my problem and I can't do that. It's too much, I just want to use the internet and read my email - it shouldn't be this hard to just ask for help. It's like your car mechanic asking you to run all sorts of diagnostics and disable your engine to even begin to talk about why it idles rough.
I've decided to reformat my hard drive and reinstall everything.
I surrender.
Thanks all for your time.
Robert

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:52 AM

Posted 26 October 2010 - 12:56 PM

I understand. Sometimes a reformat or a factory restore is the best solution. Starting over by wiping your drive, reformatting, and performing a clean install of the OS removes everything and is the safest action. Doing that ensures no remnants of malicious files are left behind.

If you're not sure how to reformat or need help with reformatting, please review:These links include specific step-by-step instructions with screenshots:Vista users can refer to these instructions:Windows 7 users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq, Toshiba, Gateway or Dell machine, you may not have an original CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. Also be sure to read Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

If you have made a disk image with an imaging tool (i.e. Acronis True Image, Drive Image, Ghost, Macrium Reflect, etc.) before your system was infected, then using it is another option. Disk Imaging allows you to take a complete snapshot (image) of your hard disk which can be used for system recovery in case of a hard disk disaster or malware resistent to disinfection. The image is an exact, byte-by-byte copy of an entire hard drive (partition or logical disk) which can be used to restore your system at a later time to the exact same state the system was when you imaged the disk or partition. Essentially, it will restore the computer to the state it was in when the image was made. You will then have to reinstall all programs that you added afterwards. This includes all security updates and patches from Microsoft.

Reformatting a hard disk deletes all data. If you are reformatting or doing a factory restore due to malware infection, you can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.Again, do not back up any files with the following file extensions: exe, .scr, .dll, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

If you need additional assistance with reformatting or partitioning, you can start a new topic in the appropriate Windows Operating System Subforum.

Edited by quietman7, 26 October 2010 - 12:58 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 bc3141

bc3141
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 26 October 2010 - 01:26 PM

Quietman7, thank you again for all the info.
Actually I had a cloned copy of my hard drive I did using Maxblast 4 months ago.
When this "Antimaleware Doctor" first hit me and I couldn't remove it I tried to simply swap it out. But it wouldn't boot up, giving me just a blinking curser line.
That's when I spent some time here trying to get help to fix it. It was way too much for me - downloading, installing and figuring out so many programs to just diagnose my problem.
Malewarebytes, rkill.com, gmer logs, disabling script writing, RSIT.exe, dds.scr and so many others.
It became easier to figure out why my cloned hard drive wouldn't boot.
In case anyone else has this problem:
The solution was booting to the original Windows install disk and going to repair console and typing fixmbr and fixboot.
I'll clone more than every 4 months now.
Again, thank you.
Robert

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:52 AM

Posted 26 October 2010 - 01:34 PM

You're welcome.

Sounds like among other things you had an infected Master Boot Record (MBR) and using the Repair Console fixed it. To learn more about this infection please refer to:
:thumbsup: Tips to protect yourself against malware and reduce the potential for re-infection:

Keep Windows and Internet Explorer current with all critical updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. If you're not sure how to do this, see Microsoft Update helps keep your computer current.

Avoid gaming sites, porn sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, uTorrent). They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Porn sites can lead to the Trojan.Mebroot MBR rootkit and other dangerous malware. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.Beware of Rogue Security software as they are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. For more specific information on how these types of rogue programs install themselves and spread infections, read How Malware Spreads - How did I get infected.

Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. To learn more about this risk, please read:Many security experts recommend you disable Autorun as a method of prevention. Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Microsoft Security Advisory (967940): Update for Windows Autorun
How to Maximize the Malware Protection of Your Removable Drives

Change all passwords: Anytime you encounter a malware infection on your computer, especially if that computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised and change passwords as a precaution in case an attacker was able to steal your information when the computer was infected. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.

Security Resources from Microsoft:Other Security Resources:Browser Security Resources:Finally, if you need to replace your anti-virus, firewall or need a reliable anti-malware scanner please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users