Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something messing with permissions


  • Please log in to reply
4 replies to this topic

#1 gemcat

gemcat

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 15 March 2017 - 10:58 PM

Something or someone is making temp directories 'read only' so lots of software has quit working. I ran malwarebytes and found nothing. I keep bitdefender turned on. last week I noticed that kissanime videos quit working and downloads failed. Now just about any program that uses a temp directory fails, including the uninstaller. Is this an attack? A virus? I have googled an account of someone with a similar problem who reinstalled windows and still had the problem. I have manually removed the read only permission from a couple of temp directories but there are several of them and I am uncertain if just changing permission will have any effect. Has anyone seen anything like this?


Edited by Al1000, 20 March 2017 - 09:13 AM.
moved from Win 10 Support


BC AdBot (Login to Remove)

 


#2 gemcat

gemcat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 16 March 2017 - 06:41 PM

I need to add that I have a non-privileged user that seems so far not to be affected. I guess I should have been using it to watch anime.:(



#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:02 AM

Posted 17 March 2017 - 09:52 AM

This could be file corruption.

 

Please run System File Checker
 
The sfc /scannow command scans all protected system files and replaces corrupted and incorrect versions with correct Microsoft versions.

Important:  There will be a short message at the end of the scan informing you of the results.  If you receive the message "no integrity violations were found" you don't need to do anything else, no corrupt files were found.  You should watch the scan to see the results at the end of the scan.

This needs to be run using an Administrator account.  

You should not do anything else with the computer while this scan is running.  Do not stop the scan as this can damage Windows files.

You will need to open the Command Prompt to run the sfc /scannow.  The easiest way to do this is to press the Windows key windowskey_zps092d5c75.png and the X key.   A menu will open with the option Command Prompt (Admin), click on this.  This will open the Command Prompt.

If you are prompted for an administrator password or for a confirmation, enter the password, or click Allow.

You will see an image similar to the one below.

command%20prompt%20w8_zpsxjmewau9.png

Copy and paste the command below in the Command Prompt, then press Enter.

sfc /scannow

This scan will take a while to run, please do not abort the scan as this can result in damage to the operating system.

If integrity issues are found in the scan please post the CBS log using the instructions below.

To find sfc /scannow log, reopen the Elevated Command Prompt using the Windows key windowskey_zps092d5c75.png and the X key method outlined in the instructions above.

When the Elevated Command Prompt opens copy and paste the following in the Command Prompt, then press Enter.  

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%\Desktop\sfcdetails.txt"

This will place a new icon on the desktop titled sfcdetails.  Click/tap on this to open the log, copy and paste it in your topic.

This log usually is very large, for this reason you should use a host website like Dropbox to post the log.  You can start a free 30 day trial.  Once you have loaded the log at Dropbox post a link to the website.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 gemcat

gemcat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 19 March 2017 - 07:09 PM

the files checker produced no result. found no corrupt files. Thanks anyway. I got bitdefender to upgrade and have had some improvement, still finding messed up permissions though. I was on an insecure network (at a hotel) when this happened.



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:02 AM

Posted 20 March 2017 - 08:53 AM

I was on an insecure network (at a hotel) when this happened.

That puts a different slant on this.  I'm going to suggest that this topic be moved to the Am I Infected forum.  The scans I'm going to suggest that you run may not be used in the Windows forum for security reasons.
 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.

The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!

Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.

Note:  The log may be very long.  You may need to break it into parts to post the whole log.

Post this in your topic.
 
 
Please run Malwarebytes AntiMalware

Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  

mbam1_zps98e7fba9.png

3)  Click on Settings, you will see a image like the one below.

malware%20settings_zpsixkea5sd.png

When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

malwarenew_zps34b58fdc.png

6)  Please post the Malwarebytes log.

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the entire log in your topic.
 
 
Please run AdwCleaner

Please download AdwCleaner and install it.

When AdwCleaner opens you will see an image like the one below.

adwcleaner11_zps48314883.png

Click on Scan to start the scan.

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive the following message.

adwcleaner%20111_zpsiduqrrrp.png  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats ([color=redonly available if ESET Online Scanner found something
  • ).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 20 March 2017 - 08:54 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users