Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs blocked by group policy after virus


  • Please log in to reply
9 replies to this topic

#1 sbells

sbells

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 19 November 2013 - 11:55 AM

I am not even sure where to start.  I got a pretty bad virus yesterday on my computer, it was the "Anti Virus Security Pro" stuff.  I have done lots of stuff to remove it and I have been partially successful.  Right now I can at least log onto the computer and get internet access but lots of my programs are blocked by a warning that comes up "Program blocked by group policy..." 

 

I need help, where do I start and where do I go from here?

 

Thanks


Edited by hamluis, 19 November 2013 - 02:19 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Roodo

Roodo

  • Members
  • 760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 AM

Posted 19 November 2013 - 12:29 PM

run this

http://www.microsoft.com/security/scanner/en-us/default.aspx



#3 sbells

sbells
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 19 November 2013 - 01:17 PM

I ran the Microsoft Safety Scanner and it did not find any infected files. 

 

What should I do next?



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:33 AM

Posted 19 November 2013 - 09:15 PM

Hello sbells, see how it is after this.
 
Download Windows Repair (All in One) from [url=" site
Install the program then run it.
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
p22002979.gif
 
Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:
p22002980.gif

Go to Step 4 and under "System Restore" click on Create button:
p22002982.gif

Go to Start Repairs tab and click Start button.
Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.
Click on Start button.
p22003030.gif
Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 sbells

sbells
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 20 November 2013 - 08:40 AM

Thank you for your help.  I did as requested and here is the windows repair log

 

Starting Repairs...
   Start (11/20/2013 8:22:51 AM)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (11/20/2013 8:22:51 AM)
   Running Repair Under Current User Account
   Done (11/20/2013 8:22:58 AM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (11/20/2013 8:22:58 AM)
   Running Repair Under System Account
   Done (11/20/2013 8:24:04 AM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (11/20/2013 8:24:04 AM)
   Running Repair Under System Account
   Done (11/20/2013 8:24:46 AM)

03 - Register System Files
   Start (11/20/2013 8:24:46 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:24:56 AM)

04 - Repair WMI
   Start (11/20/2013 8:24:56 AM)
   Running Repair Under Current User Account
   Done (11/20/2013 8:26:14 AM)

05 - Repair Windows Firewall
   Start (11/20/2013 8:26:14 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:26:31 AM)

06 - Repair Internet Explorer
   Start (11/20/2013 8:26:31 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:26:42 AM)

07 - Repair MDAC/MS Jet
   Start (11/20/2013 8:26:42 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:26:46 AM)

08 - Repair Hosts File
   Start (11/20/2013 8:26:46 AM)
   Running Repair Under System Account
   Done (11/20/2013 8:26:49 AM)

09 - Remove Policies Set By Infections
   Start (11/20/2013 8:26:49 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:26:53 AM)

11 - Repair Icons
   Start (11/20/2013 8:26:53 AM)
   Running Repair Under System Account
   Done (11/20/2013 8:26:56 AM)

12 - Repair Winsock & DNS Cache
   Start (11/20/2013 8:26:56 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:27:08 AM)

14 - Repair Proxy Settings
   Start (11/20/2013 8:27:08 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:27:13 AM)

16 - Repair Windows Updates
   Start (11/20/2013 8:27:13 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:27:28 AM)

17 - Repair CD/DVD Missing/Not Working
   Start (11/20/2013 8:27:28 AM)
   Done (11/20/2013 8:27:28 AM)

18 - Repair Volume Shadow Copy Service
   Start (11/20/2013 8:27:28 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:27:34 AM)

20 - Repair MSI (Windows Installer)
   Start (11/20/2013 8:27:35 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:27:43 AM)

22.01 - Repair bat Association
   Start (11/20/2013 8:27:43 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:27:48 AM)

22.02 - Repair cmd Association
   Start (11/20/2013 8:27:48 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:27:52 AM)

22.03 - Repair com Association
   Start (11/20/2013 8:27:52 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:27:57 AM)

22.04 - Repair Directory Association
   Start (11/20/2013 8:27:57 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:28:02 AM)

22.05 - Repair Drive Association
   Start (11/20/2013 8:28:02 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:28:06 AM)

22.06 - Repair exe Association
   Start (11/20/2013 8:28:06 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:28:11 AM)

22.07 - Repair Folder Association
   Start (11/20/2013 8:28:11 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:28:15 AM)

22.08 - Repair inf Association
   Start (11/20/2013 8:28:15 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:28:20 AM)

22.09 - Repair lnk (Shortcuts) Association
   Start (11/20/2013 8:28:20 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:28:25 AM)

22.10 - Repair msc Association
   Start (11/20/2013 8:28:25 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:28:29 AM)

22.11 - Repair reg Association
   Start (11/20/2013 8:28:29 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:28:34 AM)

22.12 - Repair scr Association
   Start (11/20/2013 8:28:34 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:28:38 AM)

23 - Repair Windows Safe Mode
   Start (11/20/2013 8:28:38 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:28:43 AM)

24 - Repair Print Spooler
   Start (11/20/2013 8:28:43 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:28:56 AM)

25 - Restore Important Windows Services
   Start (11/20/2013 8:28:56 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:29:00 AM)

26 - Set Windows Services To Default Startup
   Start (11/20/2013 8:29:00 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/20/2013 8:29:05 AM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (11/20/2013 8:29:05 AM)
   Total Repair Time: 00:06:14

...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:33 AM

Posted 20 November 2013 - 11:46 AM

Good, how is it now?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 sbells

sbells
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 20 November 2013 - 12:05 PM

It didnt help, I am still being blocked same as before

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:33 AM

Posted 20 November 2013 - 12:13 PM

Restore the Group Policy to the default  setting by using one of these,a VBS file, a BAT file or using the command prompt.
 
Reset to Default
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 sbells

sbells
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 20 November 2013 - 01:48 PM

I tried to run the .vbs file but it didnt seem like it did anything.  I downloaded and ran the .bat file and there is a message that it failed, the message flashes up quickly and I dont have time to read it.  Is there a log of some sort created?



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:33 AM

Posted 20 November 2013 - 02:51 PM

Lets run these please,
 
Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
  • [/list]


    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .

  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users