• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

PC Health Problem

Joined
Mar 11, 2008
Messages
7
#1
Hi All,
I'm new to the forums so hello!

I'm running Win XP Pro SP2.
I've booted up my pc yesterday evening and have comodo antivirus and firewall running - (previously Kapersky 8 suite). I ran a full scan on sunday with no problems and updated spybot S&D and had no malware detected.
My problem is that i have 'insufficient permission' to run any program that is installed on my pc. I have an always on internet connection and fear that a trojan or virus has come down undetected. I cant run the antivirus program as i windows wont allow me, and i get a further message saying that it cant find the program and may have been moved or deleted. I've checked my hard drive and still have all my files.
i've run a full scan in safe mode and still nothing - the definitions most definetly not include this virus? How can i fix this problem - do i use the repair function with my windows cd in safe mode?
Furthermore I did a check on the virus list on symantec and found that the only thing that sounds suspiciously like my symptons is the Rotokbro virus.
I dont get any different icons or anything though so im a bit lost. I just seem to have lost every administrator privalige.
Please help!
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#6
If you have another pc you can put the hard drive in that one as slave and do a full scan on the other pc. You already did a full scan in safe mode? Do you have admin privaliges in safe mode?
What is the exact error message?
 
Joined
Mar 11, 2008
Messages
7
#7
I'll have to revert back with the exact error message but it effectively comes as a window error message 'Access Denied - You do not have sufficient priveliges to carry out this task'.

As i said i'll get back on the absolute phrase later. I can't slave the hard disk as i'm at work (beavering away during lunch).

I've got admin rights in safe mode, but i cant access the internet. I cant seem to turn on my wireless connection. But isnt that a feature of safe mode? Yes to the full scan (which came up with nothing) both spybot and comodo av.

I think i have hijack this - if i do I'll try to run it in safe mode and see what that reports and post it in the relevant forum later.
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Messages
3,117
Location
South Africa
#8
What if you go in safe made create another account and see if that account has admin privaliges. But also hear what the other think of this idea
 

Tony D

Free PC Help Long Term Member
Joined
Dec 30, 2007
Messages
704
Location
Malvern, PA (USA)
PC Experience
Some Experience
Operating System
OSX
#9
Safe Mode with networking will not allow connection to the Internet via a wireless connection. You will need an Ethernet connection.
 

danzil

FPCH Member
Joined
Jun 29, 2007
Messages
885
Location
Gloucestershire
PC Experience
Operating System
#10
i would not try plugging this hard drive into anoher machine,especially a work one. (netowrk) you may risk infected the whole system.
i would try safe mode, then go to start>run type in msconfig. post a list of the names listed in the "startup tab", we maybe able to block it from running when the pc turns on,so we can then remove it.
try deleting all temp files on that pc.
how long has this been going on for.
what exactly was you doing before you experienced this issue.
if it is not a virus you have the option of system restore,have you tried this...try it in safe mode..
i am aware virus's can infect the restore points also but not all so maybe worth a try.
post back im sure we can help
regards
danzil
 

AdvancedSetup

FPCH Long Term Member
Joined
Jan 9, 2008
Messages
819
Location
34° 12' 35" N, 118° 29' 21" W
#11
Well almost guaranteed you have a malware infestation.

Could very well be active software preventing you from running things or it could also be a policy setting.

Try to save this file in notepad and save as a .REG file and apply it to your PC at home by double-clicking on it.
You can save it in notepad by doing a File-SaveAs and placing quote marks around the file name like this: "removepolicies.reg"
If the trouble is from a policy this should remove it if you have Admin rights. If it's active software it probably won't do anything.

Code:
REGEDIT4

[HKEY_CLASSES_ROOT\CLSID\{D82BE2B0-5764-11D0-A96E-00C04FD705A2}]
@="IShellFolderBand"

[HKEY_CLASSES_ROOT\CLSID\{D82BE2B0-5764-11D0-A96E-00C04FD705A2}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,48,00,\
  45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2\]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop\]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\BarSize\]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoBandCustomize"=dword:00000000
"NoMovingBands"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"LockTaskbar"=dword:00000000
"NoTrayContextMenu"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoCloseDragDropBands"=dword:00000000
"NoMovingBands"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\]
"BarSize"=-
"Media Band"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
 
Joined
Mar 11, 2008
Messages
7
#12
Hi Guys,

Good news!

I did a restore point to before i had problems in safe mode as advised. I updated my av and spybot and it found the malware. Performed full system scan again and i am clean.


Thanks for all your help and advice in resolving this issue.

Cheers very much

GBM
 

RandyL

Administrator
Joined
Jan 22, 2003
Messages
4,878
Location
USA, Nebraska
PC Experience
Very Experienced
#14
Hi all;
Depending on what the malware was it might still be in the system restore files. As such it might come back.

Run the scans that seth suggested before doing anything else.
They will probably find more.

Then post back please with more details on any malware they find.
 
Joined
Mar 11, 2008
Messages
7
#15
ah right, didnt realise spybot wasnt that hot anymore (or if it ever was for that matter!)

i'll try the recommended malware programmes and report back my findings.

Cheers for your help

GBM