Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

corrupted admin profiles


  • Please log in to reply
2 replies to this topic

#1 marintaxpro

marintaxpro

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marin County, CA
  • Local time:02:16 PM

Posted 10 August 2013 - 02:30 AM

Hello, first time poster. I have 3 PCs all of which have various states of disrepair all caused by same malware ( I don't know if this is virus, TH, hijacking or a combination) I have tried MBAM pro, Norton 360,MSER, CCleaner, Comodo, and Kaspersky 3.0  & Hitman pro-none have detected problem and Kaspersky has been taken over by malware as it is asking for activation code though its been previously activated, All issues seem to come from MSFT admin profiles, ii.e Trusted Installer, CREATOROWNER,and SYSTEM. I try to open programs, folders, even drives and get told that I have insufficient privileges. I have tried changing permissions but the stickler is "Inherited permissions" which is grayed out and allowed for all MSFT admins but not for my created admin profile.

 

I understand that these MSFT admin users have their functions but I can't figure out the rationale for taking over 3 PCS and making them virtually unusable. I have even triedto get Norton remote support (I won't say anything about their apparent skills but the only option that they suggest is to wipe the drive & re-install. PCeSupport is even worse, they charged me $450 for an annual plan that was supposed to protect all devices in house. All they do is run free software like CCleaner (which I've also tried) and a few other common free programs but they can't fix anything. I finally shelled out $149 each for 2 PCs to belooked at by MSFT techs. 1st level if techs were baffled. It's no escalated to another level and though MSFT has spent about 20 hours working remotely on 1of 3 ratbleeped PCs, no help.

 

System repair disks don't work. If anyone has ANY suggestions, I'd be extremely grateful for your help. If it comes down to wiping drive, I'd like to know how to keep this from happening again. I've always had PCs protected & have not downloaded any attachments ior files, been to any sleazy sites. I did have 2 versions of that pain in ass Conduit toolbar & search engine get onto my PC but got rid of it in minutes. I can no longer open or access C:\ on 1 PC, the PC this is coming from isn't that bad yet but whatever parasitical program/script is on all PCs won't stop until PC is unusable.

 

Sorry about length but I wanted to make sure I included all potential "cures" for this issue I've tried aleady. Spent more on trying to remove whatever this is than a new PC would cost. I'm afraid to even  buy new PC since I would need to re-install some of the current files and am afraid that new PC will be corrupted as quickly as these were.

 

Bill S

MSFT


Edited by hamluis, 10 August 2013 - 05:08 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:16 AM

Posted 10 August 2013 - 03:24 AM

Hello Bill -

We do not charge you, or even offer paid programs, unless it is a last resort -

( I have 3 PCs all of which have various states of disrepair ) OK, lets start with only one computer first -

You will be the one to download and run these programs, so please ask if you have questions,

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Please download MiniToolBox, Save it to your desktop and run it.
Now, close any Firefox browsers you may have open when you Reset FF Proxy Settings
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

 

Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE :Your computer will be rebooted automatically.

* A log file will open on your desktop after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

Please copy / paste all those logs back here and we can then continue -

 

Thank You -



#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,379 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:16 PM

Posted 10 August 2013 - 05:07 AM

<< I have 3 PCs all of which have various states of disrepair all caused by same malware ( I don't know if this is virus,>>

 

Please...let's deal with one particular system...for the sake of clarity.  Trying to solve various problems on 3 systems which we cannot see...at one time...is just an exercise in frustration and confusion.

 

Moving topic to Am I Infected forum.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users