Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run antivirus "because of software restriction policy"


  • Please log in to reply
27 replies to this topic

#1 fmedwards3

fmedwards3

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 22 January 2016 - 11:52 AM

Computer running extremely slow.  Tried to run VIPRE, but get message that C:\Program Files\VIPRE\sbamui.exe cannot run because of software restriction policy.  Also can't download Trend Micro antivirus.  Attempting to run FRST.exe results in error "Failed - Network error".  Internet access OK -- this email being sent from affected computer.  Please help.



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 AM

Posted 25 January 2016 - 12:40 PM

Hello and welcome to Bleeping Computer.

 

What is the OS?

 

Are you able to boot into safe mode and run FRST?


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 26 January 2016 - 10:42 AM

1.  OS is WinXP Pro sp3

2.  I was able to boot into safe mode, then run FRST.  The output files are attached.

 

Thanks----

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 AM

Posted 26 January 2016 - 11:20 AM

please run the following:

Download attached fixlist.txt file and save it to the D:\FRST folder
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Attached File  Fixlist.txt   2.58KB   10 downloads

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 26 January 2016 - 12:02 PM

The first attempt to run FIX terminated unexpectedly.  I ran it a second time and the results are attached.

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 AM

Posted 26 January 2016 - 02:04 PM

Please run the following:

Download ComboFix from the following location:
Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

CF_RC_notice.png
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
cfRC_screen_2.png
  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 26 January 2016 - 07:26 PM

Combofix ran, machine rebooted and ran combofix twice more (I think) on it's own.  The log file is attached.

 

Malwarebytes and Vipre Antivirus icons have reappeared in the system tray.

 

Feels like progress............

 

 

Thanks again.

Attached Files



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 AM

Posted 26 January 2016 - 10:44 PM

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Download the attached CFScript and save it to your desktop

Attached File  CFScript.txt   10.28KB   8 downloads

CFScriptB-4.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 27 January 2016 - 02:24 PM

Combofix took much longer to run, but did finish.  Log file is attached.

Attached Files



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 AM

Posted 27 January 2016 - 02:46 PM

It didn't remove what I had hoped.

Please open your Malwarebytes antimalware program and run a scan:

On the Settings tab > Detection and Protection subtab, Detection Options, check the box 'Scan for rootkits'.
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may see this message box.
○ 'Could not load DDA driver'
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions if there are detections found.
Wait for the prompt to restart the computer to appear, then click on Yes.

Attach the resulting log.

Open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed. (Note: there are two types of logs, scan logs and protection logs, I need to see the scan log)
Click 'Export' > Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported" > Click Ok
Attach that saved log to your next reply.


NEXT

Please run a fresh scan with FRST and attach the new log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 28 January 2016 - 03:47 PM

I ran the scans in Safe Mode.

Both scans aborted once, but both ran the second time started.

Logs attached.

Attached Files



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 AM

Posted 28 January 2016 - 04:49 PM

Please do the following:

Download attached fixlist.txt file and save it to the Desktop.

Attached File  Fixlist.txt   59.97KB   11 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

NEXT

Please reboot the PC if FRST didn't ask to so so.

Please run a fresh scan with Malwarebytes to make sure the "delete on reboot" removed the entries.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 29 January 2016 - 12:16 AM

I'm still running in Safe Mode.  

Both scans ran and log files attached.

 

What antivirus suite do you recommend?

Attached Files



#14 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 29 January 2016 - 08:54 AM

Logs as per your most recent instructions precede this post

 

The computer has been running in Safe Mode since you began helping.  I just tried running in Normal Mode, and it is extremely  unresponsive.  I had to return to safe mode to post this.  



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:40 AM

Posted 29 January 2016 - 09:25 AM

What happens in normal mode, are you able to still do things but it takes a really long time, or the computer freezes up?

see if you can get a ComboFix scan to run in normal mode.

Be patient and let it run for as long as possible.

Also, there should be another scan log from the recent scan for mbam (that was a protection log), if you could take a look for it.

NEXT


If you can't get it to run, then try the following, preferably in normal mode, but if it won't run in normal, run it in safe.

The machine was very badly infected, so there may be some broken services along the way.
 

Now before starting the next step, be sure you have a current restore point, ComboFix should have created one for you.

Please download Windows Repair (all in one) from here:

http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip

Install the program then run the following steps:

Go to step 3 and allow it to run the Disk check (this will check for any bad sectors)
Once that is done then go to step 4 and allow it to run the SFC (system file checker)
NEXT, on the REPAIRS tab => Click the Open Repairs Button

Click the select all check box and then click on Start Repairs.
Please DON'T use the computer while each scan is in progress.

A restart may be needed to finish the repair procedure.
 

Now run the machine in normal mode and let me know if there is any difference.

 

As you have XP you are getting limited for your choice of software, but BitDefender and Avast both have a very good free AV


 


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users