Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Restore My Pc


  • Please log in to reply
12 replies to this topic

#1 mikeharris

mikeharris

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 01 April 2007 - 02:10 PM

Hi everyone,
I was fiddling with a program called 'windows security' a couple of days ago. This program creates limitations on handling various windows functions. Apparently something went wrong, and now I find that I cannot open any programs from Desktop or Start list. What's more, even the that program won't open so I can nullify the changes.
I am finding difficulty using the restore function. HELP ME PLEEEEEEEEEEASE!


Kind regards to all,
Mikeharris

BC AdBot (Login to Remove)

 


m

#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,074 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:26 PM

Posted 01 April 2007 - 02:17 PM

Can you boot into Safe Mode to fix it?
Can you run system restore from Safe Mode?
Do you have a Windows CD?
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 mikeharris

mikeharris
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 01 April 2007 - 04:21 PM

I tried booting into safe mode, but it wouldn't go beyond the dos stage. Also, I tried the 'safe mode with networking' etc. but to no avail.
I have a Windows CD, but that Winsec program is so persistent that it wouldn't allow even running the Windows CD.

Many thanks.

#4 jitaa

jitaa

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 01 April 2007 - 05:43 PM

Mike, have you tried to disable the program?
Hit Alt---Ctrl---Delete and bring up the Task Manager , then quite that process and also Nortons.
Post back ASAP and let us know. I will continue to check this out.

Thank you Jitaa :thumbsup:

Edited by jitaa, 01 April 2007 - 05:44 PM.


#5 mikeharris

mikeharris
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 01 April 2007 - 05:49 PM

Thank you very much jitaa. WinSec does not show on the 'rocesses' list under the Task Manager. I have tried to use online trojan removal software. But all of them require downloading at least some part of their programs to enable online check and removal. When I try to run online, then WinSec takes over and I'm denied access.


Kind regards & many thanks.

#6 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:08:26 PM

Posted 01 April 2007 - 06:16 PM

Is this this program? Increase your system's security, with Winsec

#7 jitaa

jitaa

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 01 April 2007 - 06:24 PM

Mike, go here and run this scan. I have members who were infected and it seems that this scans rules. It also removes the infection at no cost.

http://onecare.live.com/site/en-us/default.htm

Let us know how it goes

Thank you Jitaa :thumbsup:

#8 mikeharris

mikeharris
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 01 April 2007 - 07:25 PM

Hi Jitaa,
Thank you very much for your help. I am running the Windows link you gave me, and shall update as soon as the check is over.
Incidentally, the WinSec link you provided was where I've downloaded the software from originally.


Many thanks & kind regards :thumbsup:

#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,074 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:26 PM

Posted 01 April 2007 - 07:49 PM

I'd suggest contacting the authors of the program for a fix.

Can you boot to the Recovery Console from the Windows CD?
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#10 mikeharris

mikeharris
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 01 April 2007 - 07:59 PM

Hi Usasma,
I found about this issue, and the authors were not cooperating with anyone contacting them for a fix. Unfortunately, WinSec has not allowed running the Windows CD. The online check link provided by Jitaa has reached about 20% and already deteced 4 problems.

Many thanks & kind regards :thumbsup:

#11 mikeharris

mikeharris
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 01 April 2007 - 11:50 PM

Hi,
The Windows livecare solution proved useless, and I still cannot access any programs installed on my PC, especially Spybot and XoftSpy, which could have removed WinSec once and for all.

Please Helllllllllp,

Regards

#12 jitaa

jitaa

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 02 April 2007 - 12:50 AM

Mike I have been still checking on your problem and I found out that the name of the Virus //Worm is



You can read about it at this link

http://www.trendmicro.com/vinfo/virusencyc...EZF&VSect=T


If there is a way for you to run that scan Trend Micro says they ca rid you of it.

Installation and Autostart Technique

Upon execution, this memory-resident worm drops a copy of itself as the file WINSEC16.EXE in the Windows system.

To enable its automatic execution at every system startup, it creates the following registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run
WinSec = "winsec16.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\RunServices
WinSec = "winsec16.exe"


This worm takes advantage of the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability present on Windows XP, which allows a remote user to gain full access and execute any code on the machine, leaving it compromised.

Read more on this vulnerability from the following link:


Microsoft Security Bulletin MS03-026
This worm looks for vulnerable machines on the network by scanning for random TCP/IP addresses on port 135.

It further uses the RPC Locator vulnerability which affects Windows NT and searches for vulnerable systems on the network by incrementally scanning TCP/IP addresses on port 445.

More information on this vulnerability is available from the following Microsoft page:


Microsoft Security Bulletin MS03-001.
This worm also exploits the IIS5/WEBDAV buffer overrun exploit affecting Windows NT, which enables arbitrary codes to execute on the server.

The following link offers more information from Microsoft about this vulnerability:


Microsoft Security Bulletin MS03-007
When it finds a vulnerable machine, it copies and executes itself on the system.

To automatically remove this malware from your system, please use Trend Micro Damage Cleanup Engine and Template.

http://www.trendmicro.com/download/dcs.asp


This I hope takes care of it. You were able to run the other scan so lets keep our fingers crossed.

Thank you Jitaa :thumbsup:

#13 mikeharris

mikeharris
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 02 April 2007 - 12:57 AM

Thank you very much Jitaa, but no luck with Trend Micro since it needs to be installed at least in the Temporary File. WinSec does not allow installation of anything!

Kind regards,




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users