Jump to content

Virus controlling Admin rights

Valuater
 Share

Recommended Posts

Valuater Universalist

Valuater

Posted
Posted (edited)

I have a friend who has a virus on his computer. I went into safe mode and ran Microsoft defender and AVG Virus scan ( in safe mode avg can only use the cmd window) however the viruses were found, and I thought they were eliminated.

To my suprise, they were still there. It said that I could not remove the files because I was not Admin. So I go into safe mode again, log in as Admin ( you can only do this in safe mode AFAIK) and ran the protection.

Super suprised it was blocked again. So any ideas on...????? online virii scanner .... regread?, other ways to check or ????

Thanks

Valuater

8)

Edited by Valuater

NEWHeader1.png

Link to comment
Share on other sites
rayzer Seeker

rayzer

Posted
Posted (edited)

Many viruses are contained within the restore folder so avoid that as an option. Most AV's/spyware programs are only as good as their database and you may need a special fix. Posting a Hijackthis logfile for knowledgable folk to examine will cure your problem.

Edited by rayzer
Link to comment
Share on other sites
sandin Universalist

sandin

Posted
Posted

whenever I get this kind of problem (getting a virus which is unremovable with antivirus), I use SmitFraudFix: http://siri.geekstogo.com/SmitfraudFix.php. But it's not supported on Vista systems (... -.-)

Some cool glass and image menu | WinLIRC remote controler | Happy Holidays to all... | Bounce the sun, a game in which you must save the sun from falling by bouncing it back into the sky | Hook Leadtek WinFast TV Card Remote Control Msges | GDI+ sliding toolbar | MIDI Keyboard (early alpha stage, with lots of bugs to fix) | Alt+Tab replacement | CPU Benchmark with pretty GUI | Ini Editor - Edit/Create your ini files with great ease | Window Manager (take total control of your windows) Pretty GUI! | Pop-Up window from a button | Box slider for toolbar | Display sound volume on desktop | Switch hotkeys with mouse scroll
Link to comment
Share on other sites
Valuater Universalist

Valuater

Posted
  • Author
Posted (edited)

What is the name of the virus?

@monoceres

Not sure exactly, however I noted spool.exe, cfmon.exe ( or close to that) there were a few others to like a trogan dll, I am not at his house now...thx

@sandin

taking a look right now...thx

...NOTE after a quick look, SpySheriff was in there too

8)

Edited by Valuater

NEWHeader1.png

Link to comment
Share on other sites
sandin Universalist

sandin

Posted
Posted

heh, well it sounds familiar "blocking admin's rights", like taskmanager, msconfig, etc... and it's a special malicious progy remover, so... it's my recomendation to give it a try with SmitFraudFix :) :)

Some cool glass and image menu | WinLIRC remote controler | Happy Holidays to all... | Bounce the sun, a game in which you must save the sun from falling by bouncing it back into the sky | Hook Leadtek WinFast TV Card Remote Control Msges | GDI+ sliding toolbar | MIDI Keyboard (early alpha stage, with lots of bugs to fix) | Alt+Tab replacement | CPU Benchmark with pretty GUI | Ini Editor - Edit/Create your ini files with great ease | Window Manager (take total control of your windows) Pretty GUI! | Pop-Up window from a button | Box slider for toolbar | Display sound volume on desktop | Switch hotkeys with mouse scroll
Link to comment
Share on other sites
rayzer Seeker

rayzer

Posted
Posted

heh, well it sounds familiar "blocking admin's rights", like taskmanager, msconfig, etc... and it's a special malicious progy remover, so... it's my recomendation to give it a try with SmitFraudFix :) :)

Giving someone advice using a special fix could do more harm than good, I'm only trying to advise. :)

What I mean is, if you post a hijackthis logfile, you will be in a better position to have your PC fixed properly as you may leave dangerous files behind.

Link to comment
Share on other sites
Briegel Polymath

Briegel

Posted
Posted

I have a friend who has a virus on his computer. I went into safe mode and ran Microsoft defender and AVG Virus scan ( in safe mode avg can only use the cmd window) however the viruses were found, and I thought they were eliminated.

To my suprise, they were still there. It said that I could not remove the files because I was not Admin. So I go into safe mode again, log in as Admin ( you can only do this in safe mode AFAIK) and ran the protection.

Super suprised it was blocked again. So any ideas on...????? online virii scanner .... regread?, other ways to check or ????

Thanks

Valuater

8)

I would remove HD from your friend's pc and connect it to your pc (usb/pata/sata).

Nothing should be blocked, i think.

A great free scan engine you can find here from AVIRA.

Link to comment
Share on other sites
walle Polymath

walle

Posted
Posted

Well... I would do following [Pullet proof concept]

1. Download Hijackthis 2.02 and post the result www.hijackthis.de, You will get the result instantly [shows bad processes, service etc]

2. Skip the crap Avg etc and download Kaspersky 7. www.kaspersky.com [Will eliminate all threats]

3. Update Windows!

4. Clean up startup and services.

5. Something you need to run a registry checker, especially if you run win 2k, 2 of 10 computer has corrupt update reg etc after a virus/trojan attack.

Good luck!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...