Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

User Profile Permissions broken (I think)


  • Please log in to reply
4 replies to this topic

#1 BuckFuffaloes

BuckFuffaloes

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 05 May 2011 - 08:15 AM

I reverted back to a last known working config, from the safe mode menu, after I got malware that I couldn't get rid of. It was a good one. Power loss and everything.

Now, my user profile, we'll call 'Ray', has errors when trying to access anything from mIRC, to Firefox, PaintBrush, SpyBot, Adobe, etc... and anything in between. I get the pop-up that looks like this(I can't screenshot on that profile, sorry):

Posted Image

The pathnames in the title look correct. I can't access regedit, I can't access system from the Control Panel. I've checked google for 2 days now and I have found nothing helpful, other than "Does that profile have admin permissions?" and the answer is yes. From profile Admin, I can see that Ray has admin permissions. I've had people suggest environmental variables, registry changes in the CDM key (which I don't have in local_machines for some reason).

Sorry I can't follow most the rules with pasting logs from the programs you've requested. They won't work on that profile. I am running Windows XP SP2 on an HP laptop.

As a side note, my scrolling on the touchpad no longer works on that profile either. Minor in comparison. I'm sure I can fix that later.

I'm a stay at home dad, so should be able to respond pretty quickly, as I will do the same thing I did yesterday; sit at the PC and Google the same question 100 different ways!

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:14 AM

Posted 05 May 2011 - 08:46 AM

I would try following the steps in this guide: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:14 PM

Posted 05 May 2011 - 09:35 AM

An important part of the BC malware guides, often overlooked by members:

"If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help"


Louis

#4 BuckFuffaloes

BuckFuffaloes
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 05 May 2011 - 08:56 PM

I'd like to thank the polite and helpful people on the IRC chat channel. The first link posted seemed to fix it... With a little alteration.

The power was shutting off 100% when I got close to the virus. I also could not run any... ANY program on that user profile. Following that lonk 100% did not fix the problem. So, what I did...

  • Esc at start-up to open last known working configuration.
  • Run admin account, my firewall opens on Admin. (I first ran through the steps at this point, to no success)
  • I switched users and opened the infected user. No firewall was present (still running on Admin so the virus wasn't able to disable the firewall or whatever)
  • Didn't do anything on the infected profile. Couldn't do anything. Just wanted to let the virus know that it was game time and I was on.
  • Switched users again, back to Admin. Both profiles were still running. I immediately saw that my firewall blocked the virus, aws.exe.
  • THEN, I ran through all the steps listed in Cryptodans link.
  • I also ran Spybot, which caught 23 entries of Fraud.InternetSecurity, 3 entries of Fraud.SysAlerts, 2 registry keys disabling firewall and antivirus software, and a few others. MalwareBytes, also got rid of a few issues.
  • I set Spybot to run on next start up.
  • I restarted the PC, logged into the infected profile, and let Spybot run, nothing found. And here I am. A few hours of netting and playing around on the PC and no further issues!
I don't know if my method was normal, or inexperienced, but it beat the $199 the Geek squad quoted me and the hammer I kept reaching for.
The virus was 'XP Security 2011'. Such a pain. Thanks again to Cryptodan for the IRC help and the link. Not to mention pretty much everyone who was helpful. Very pleasant IRC experience compared to the servers I am used to, and operate <3

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:14 AM

Posted 05 May 2011 - 09:01 PM

You are welcome, and its what we are here for.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users