Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error: "A required privilege is not held by the client", Spyhunter effect?


  • This topic is locked This topic is locked
11 replies to this topic

#1 Lemur80

Lemur80

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warsaw, Poland
  • Local time:07:43 AM

Posted 06 June 2018 - 03:16 AM

Hello,

 

This is my first post on this forum. Please be warned that English is not my native language, i'm from Warsaw, Poland. So please, be lenient and patient:-)

 

First of all, i have an issue with defining and categorizing the...issue. It can associated with Spyhunter (because it is known as being an riskware), or it can be associated purely to Windows settings.

 

1. What happened?

 

With big help from people on polish computer forums, i removed problems caused by viruses, malware etc.:

 

https://translate.google.pl/translate?sl=pl&tl=en&js=y&prev=_t&hl=pl&ie=UTF-8&u=http%3A%2F%2Fforum.pclab.pl%2Ftopic%2F1247538-Spyware-Malware-Rootkit-Problemy-na-Windows-10%2Fpage__p__15099831%26%23entry15099831&edit-text=&act=url

 

 

Everything was ok untill the moment, i uninstalled Spyhunter. During the uninstall i received a message, informing me that some of the files will be "immobilized". I think that it can be associated with this Spyhunter's feature:

 

https://www.enigmasoftware.com/support/use-spyhunter-system-file-protection/

 

 

2. What is the problem?

 

Maybe few days after Spyhunter's uninstall, i noticed that i just can't run most of the executable files (like *.exe). Now, i can't even run FRST and majority of other programs. The most common error message is: "A required privilege is not held by the client".

 

 

3. What did i do with that?

 

I tried to create more administrative groups (C: > Properties > Security), and i added full permissions to it. I tried to disable UAC, i tried to get rid Spyhunter's registry settings and many different things listed here:

 

https://althow.com/how-to-remove-uninstall-spyhunter-4-compleatly/

 

https://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_files/error-0x80070522-build-10074-a-required-privilege/516f87a8-80a6-4acb-a278-8866b2080460

 

https://appuals.com/a-required-privilege-is-not-held-by-the-client-0x80070522/

 

...and with no positive result. 

 

I also created few topics on polish forums, for example, here:

 

https://translate.google.pl/translate?sl=pl&tl=en&js=y&prev=_t&hl=pl&ie=UTF-8&u=http%3A%2F%2Fforum.pclab.pl%2Ftopic%2F1248693-Komunikat-Klient-nie-ma-wymaganych-uprawnień-Windows-10%2F&edit-text=&act=url

 

...and, here:

 

https://translate.google.pl/translate?hl=pl&sl=pl&tl=en&u=https%3A%2F%2Fforum.purepc.pl%2Ftopic%2F378599-komunikat-klient-nie-ma-wymaganych-uprawnień-windows-10%2F%3F_fromLogin%3D1%26_fromLogout%3D1

 

...but i didn't receive any feedback.

 

---

 

I really need your help and i will patiently wait for your response. I will cooperate and i will do anything to solve this problem. If i created post in wrong section, please move it to the right place.



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:43 AM

Posted 06 June 2018 - 12:42 PM

Welcome.
 
I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)
 
You will need another computer to download FRST 32 bits or FRST 64 bits to a USB drive, then run the application in the Recovery Environment and post its report.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Boot to the Recovery Console's Command prompt in the infected computer.

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    • Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    • Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums
  • After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.
  • On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe) and press on Enter
    • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • First press the Scan button.
  • These actions will make a log, a Fixlog.txt in the flash drive. Please copy and its content in your reply

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Lemur80

Lemur80
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warsaw, Poland
  • Local time:07:43 AM

Posted 07 June 2018 - 01:17 AM

Thank you for your response, JSntgRvr. I will try do everything you wrote about as fast as i can.



#4 Lemur80

Lemur80
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warsaw, Poland
  • Local time:07:43 AM

Posted 07 June 2018 - 03:38 PM

Ok, i did it. I created bootable pendrive and FRST made a log. I used default settings, just like in the picture here:

 

https://www.dropbox.com/s/svkkj2gvvomqoif/WP_20180607_21_56_02_Pro.jpg?dl=0

 

I hope i did right things and the second attachment with FRST log is the one that you wrote about.

Attached Files

  • Attached File  FRST.txt   74.42KB   2 downloads

Edited by Lemur80, 07 June 2018 - 03:39 PM.


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:43 AM

Posted 07 June 2018 - 08:29 PM

I see no malware in that log. I do see however many security programs that may be acting against each other.
 
Security programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two many programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Security program in your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running.  The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to, such as: Online Scans and scanners that run on your machine but are not actively scanning your machine.
 
So you should decide which program should be kept monitoring the computer, while the others the real time protection should be disabled. As a thump rule, only one antivirus should be active. That also applies to Firewalls.
 
Follow these instructions to Start your PC in Safe Mode. Attempt to recreate the issue and let me know the outcome.
 
Take this opportunity to run FRST in Safe Mode.
 

  • Double-click the icon to run it. When the tool opens click Yes to disclaimer if appears.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 Lemur80

Lemur80
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warsaw, Poland
  • Local time:07:43 AM

Posted 08 June 2018 - 02:04 AM

I decided to uninstall Malwarebytes in the future, but i didn't make any changes for now. Other antivirus software (except 360 TS and Malwarebytes) is deactiveted/unistalled, but there is high probality that there are some "hidden" processes running in background. 

 

I managed to run Windows in safe mode and i added both files from FRST.

 

 

Attached Files



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:43 AM

Posted 08 June 2018 - 11:13 AM

Download the enclosed file and save it in the same location FRST64 is saved.

 

Boot in Safe Mode.

 

Run FRST as you did before, except that this time around you will click on the Fix button.

 

A new log, Fixlog.txt, will be produced in the same location the tool was ran from. Please post it in your next reply.

 

Boot in Normal Mode and attempt to recreate the issue. Let me know the outcome.

 

Run FRST in Normal Mode.

  • Double-click on the icon to run it.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 Lemur80

Lemur80
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warsaw, Poland
  • Local time:07:43 AM

Posted 08 June 2018 - 01:05 PM

Sweet Jesus! It worked! :clapping:  :thumbup2:

 

Thank you so much JSntgRvr! You're the man! You're the real Master Surgeon General!  :busy:  :bowdown:  :thumbsup2:

 

Here are the files.

Attached Files



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:43 AM

Posted 08 June 2018 - 05:03 PM

Those logs look clear, congratulations.

 

Use this application to remove quarantined items:

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

Since there are no signs of infection anymore , I guess we're done here.
 
Windows Updates
 
Keeping Windows up to date is one of the first steps in having a safe and secure system.


Keeping your programs up-to-date
 
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:

As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.
 
Other recommendations
 
It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Best regards. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Lemur80

Lemur80
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warsaw, Poland
  • Local time:07:43 AM

Posted 09 June 2018 - 11:34 AM

I used Delfix and examined most of the links that you provided. My computer is working now, but of course it doesn't mean that i don't have to take care of it. I made some changes, but i still have work to do with securing my PC. I hope that i learned a lesson:-)

 

Once again, thank you for your help:-)

 

Have a nice day.

 

Best wishes,

Artur  



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:43 AM

Posted 09 June 2018 - 01:23 PM

You are welcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:43 AM

Posted 09 June 2018 - 09:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users