Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Home Post Infection Repair


  • Please log in to reply
3 replies to this topic

#1 Norm@Home

Norm@Home

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 28 April 2011 - 09:05 PM

I've got a computer that belongs to a friend of mine that had some phony AV program infect his system. It's a system running Windows XP Home and I've managed to start the system in safe mode; login as the administrator and install and run Malwarebytes anti-malware as well as running a few other repair utilities. Malwarebytes managed to remove the trojan AV but now I'm stuck with a system that disabled in a number of ways.

The phony AV had removed or disabled all desktop icons as well as all start menu entries and one tool that I ran managed to restore the desktop icons while I'm logged in as administrator but not as the one and only other user account. I have a script that I'd located and used successfully in other instances of Phony AV problems like this but it requires two utilities: subinacl and secedit I was able to extract secedit from a Windows XP Pro cd but I can not get subinacl to install, I keep getting the message "The system administrator has set policies to prevent this installation". I've Googled on this message and found dozens of threads about it (including a couple here) and I've tried a number of things that have all failed to fix this including running "secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose" as per Microsoft KB313222.

Can anyone make a suggestion or two how to undo this security policy problem?

Thanks,

- Norm

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:08 AM

Posted 28 April 2011 - 10:15 PM

The system administrator has set policies to prevent this installation

Fix the local security policy.

Open Control Panel and go to Administrative Tools.
In Administrative tools open Local Security Policy.
Then in Local Security Policy right click Software Restriction Policies and click “New Software Rectriction Policy”.
Now Left click on software restriction policies and in the right-hand window you should see enforcement.
Double-click on enforcement and set the policy to apply to “ALL USERS EXCEPT LOCAL ADMINISTRATORS”
Now approve the changes and see if you are now able to install software.
~~~~~~~~~~~~~~~~

For the icon issue yo can akso run SFC

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Norm@Home

Norm@Home
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 28 April 2011 - 11:17 PM

The problem is that this is an XP Home system and I believe that I read the procedure that you outlined someplace (probably here) and also that XP Home does not have the option for Local Security Policy under Administrative Tools. I checked and at least in this case if the Local Security Policy applet did exist it's not there any more.

How do I go about fixing this without the Local Security Policy applet?

Thanks,

- Norm

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:08 AM

Posted 29 April 2011 - 07:10 PM

Ok, sorry for the slow reply,had a busy day.. There is a way (I dont know it) but they do in the XP forum.

Start a new topic there and they will help you.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users