Help needed fixing modified permissions in XP Pro SP1

[Darren Garrison]

I reboot the system after 7 days of running (because of a DVD-R problem
unrelated to this). When I reboot, the first sign of a problem is when I type a
folder location into Windows Explorer's Address bar, a window pops up saying
"access to resource X has been disallowed" (with X being any folder I try to
enter). Clicking on folders manually works, though.

Next problem-- I click on the "start" button, and the "run" and "shut down"
buttons are missing. Now I'm worried about a virus or something, so I
ctrl-alt-del to see what processes are running-- only to get a dialog box that I
don't have permission to run Task Manager. Then I see that Norton Firewall and
Norton Antivirus have not restarted, and in fact none of my autorun programs in
the tray are running. I quickly switch off my cable modem and think for a
while. I run a scan with Ewido antispyware and find a couple of executables
with malware in them that didn't set off alarms in Norton while it did work and
clean them. Even when I manually start Norton Firewall, it is switched off, and
when I try to turn it on, it tells me that I don't have permission.

I reconnected my cable modem just long enough to do some googling and came up
with a way to regain access to Task Manager and there aren't running now.malware
processes running now (unless they know how to hide from view). But I'm not
sure how to fix the rest of my problems.

Here's what I need to do:

Get the system to start giving me the Administator access that I'm supposed to
have, including

1) ability to type file locations into the Address bar in Windows Explorer
2) the "run" button on the "start" menu
3) the "shut down computer" button on the start menu
4) the ability to reactivate Norton Firewall
5) the ability to restore my startup programs

I have tried fixing these problems myself, but doing logical-sounding key-word
searches in the Regestry for "switches" that can be turned on is not getting any
luck so far.

If anyone can help with this, please do so.

The piece of malware that did this is possibly one named "Dropper.Agent.anl",
which the spyware program found in an executable that I have ran within the last
week. It also found ones called Dialer.ALifeDialer,
"Not-A-Virus.VirTool.Win32.AvSpoffer.a", "Worm.Drefir.e", "Worm.Brontonk.a", and
"Trojan.Proxcrak.A" (none of which set off alarms in Norton whenever I happened
to get them).

[David H. Lipman]

From: "Darren Garrison" <cynapse@charter.net>

| I reboot the system after 7 days of running (because of a DVD-R problem
| unrelated to this). When I reboot, the first sign of a problem is when I type a
| folder location into Windows Explorer's Address bar, a window pops up saying
| "access to resource X has been disallowed" (with X being any folder I try to
| enter). Clicking on folders manually works, though.
|
| Next problem-- I click on the "start" button, and the "run" and "shut down"
| buttons are missing. Now I'm worried about a virus or something, so I
| ctrl-alt-del to see what processes are running-- only to get a dialog box that I
| don't have permission to run Task Manager. Then I see that Norton Firewall and
| Norton Antivirus have not restarted, and in fact none of my autorun programs in
| the tray are running. I quickly switch off my cable modem and think for a
| while. I run a scan with Ewido antispyware and find a couple of executables
| with malware in them that didn't set off alarms in Norton while it did work and
| clean them. Even when I manually start Norton Firewall, it is switched off, and
| when I try to turn it on, it tells me that I don't have permission.
|
| I reconnected my cable modem just long enough to do some googling and came up
| with a way to regain access to Task Manager and there aren't running now.malware
| processes running now (unless they know how to hide from view). But I'm not
| sure how to fix the rest of my problems.
|
| Here's what I need to do:
|
| Get the system to start giving me the Administator access that I'm supposed to
| have, including
|
| 1) ability to type file locations into the Address bar in Windows Explorer
| 2) the "run" button on the "start" menu
| 3) the "shut down computer" button on the start menu
| 4) the ability to reactivate Norton Firewall
| 5) the ability to restore my startup programs
|
| I have tried fixing these problems myself, but doing logical-sounding key-word
| searches in the Regestry for "switches" that can be turned on is not getting any
| luck so far.
|
| If anyone can help with this, please do so.
|
| The piece of malware that did this is possibly one named "Dropper.Agent.anl",
| which the spyware program found in an executable that I have ran within the last
| week. It also found ones called Dialer.ALifeDialer,
| "Not-A-Virus.VirTool.Win32.AvSpoffer.a", "Worm.Drefir.e", "Worm.Brontonk.a", and
| "Trojan.Proxcrak.A" (none of which set off alarms in Norton whenever I happened
| to get them).

What is the OS ?
It is XP Home Edition or XP Professional ?

You may still be infected...


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[David H. Lipman]

From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>


|
| What is the OS ?
| It is XP Home Edition or XP Professional ?

Sorry, I missed the information that was posted in the subject and not the body that it is
XP Pro SP1.

On the folders that you may have permission problems on, you can try to take ownership of
the folders if this is NTFS (not FAT32). However, I think you are still infected and taking
ownership isn't the answer but worth bringing up.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm