Sign in to follow this  
Followers 0
Valuater

Virus controlling Admin rights

13 posts in this topic

#1 ·  Posted (edited)

I have a friend who has a virus on his computer. I went into safe mode and ran Microsoft defender and AVG Virus scan ( in safe mode avg can only use the cmd window) however the viruses were found, and I thought they were eliminated.

To my suprise, they were still there. It said that I could not remove the files because I was not Admin. So I go into safe mode again, log in as Admin ( you can only do this in safe mode AFAIK) and ran the protection.

Super suprised it was blocked again. So any ideas on...????? online virii scanner .... regread?, other ways to check or ????

Thanks

Valuater

8)

Edited by Valuater

NEWHeader1.png

Share this post


Link to post
Share on other sites

With all due reason, do not use system restore. My friend system restored her computer the other day, thinking it would help. She found out the hard way.

I'm afraid I cannot offer any advice other than that.

Share this post


Link to post
Share on other sites

What is the name of the virus?


Broken link? PM me and I'll send you the file!

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Many viruses are contained within the restore folder so avoid that as an option. Most AV's/spyware programs are only as good as their database and you may need a special fix. Posting a Hijackthis logfile for knowledgable folk to examine will cure your problem.

Edited by rayzer

Share this post


Link to post
Share on other sites

whenever I get this kind of problem (getting a virus which is unremovable with antivirus), I use SmitFraudFix: http://siri.geekstogo.com/SmitfraudFix.php. But it's not supported on Vista systems (... -.-)

Thats a specific fix for a specific problem. :)

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

What is the name of the virus?

@monoceres

Not sure exactly, however I noted spool.exe, cfmon.exe ( or close to that) there were a few others to like a trogan dll, I am not at his house now...thx

@sandin

taking a look right now...thx

...NOTE after a quick look, SpySheriff was in there too

8)

Edited by Valuater

NEWHeader1.png

Share this post


Link to post
Share on other sites

heh, well it sounds familiar "blocking admin's rights", like taskmanager, msconfig, etc... and it's a special malicious progy remover, so... it's my recomendation to give it a try with SmitFraudFix :) :)

Giving someone advice using a special fix could do more harm than good, I'm only trying to advise. :)

What I mean is, if you post a hijackthis logfile, you will be in a better position to have your PC fixed properly as you may leave dangerous files behind.

Share this post


Link to post
Share on other sites

I have a friend who has a virus on his computer. I went into safe mode and ran Microsoft defender and AVG Virus scan ( in safe mode avg can only use the cmd window) however the viruses were found, and I thought they were eliminated.

To my suprise, they were still there. It said that I could not remove the files because I was not Admin. So I go into safe mode again, log in as Admin ( you can only do this in safe mode AFAIK) and ran the protection.

Super suprised it was blocked again. So any ideas on...????? online virii scanner .... regread?, other ways to check or ????

Thanks

Valuater

8)

I would remove HD from your friend's pc and connect it to your pc (usb/pata/sata).

Nothing should be blocked, i think.

A great free scan engine you can find here from AVIRA.

Share this post


Link to post
Share on other sites

Well... I would do following [Pullet proof concept]

1. Download Hijackthis 2.02 and post the result www.hijackthis.de, You will get the result instantly [shows bad processes, service etc]

2. Skip the crap Avg etc and download Kaspersky 7. www.kaspersky.com [Will eliminate all threats]

3. Update Windows!

4. Clean up startup and services.

5. Something you need to run a registry checker, especially if you run win 2k, 2 of 10 computer has corrupt update reg etc after a virus/trojan attack.

Good luck!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0