Browser

Spotlight Question: IE8 missing and denied permissions in Windows XP

TechRepublic member alpe97 has a Dell laptop running Windows XP Pro, but it suddenly decided to deny permissions and all of the IE8 icons and files are missing. If you can help this member, we'll send you a free TechRepublic coffee mug.
TechRepublic member alpe97 submitted the following question.

Hi. I hope this is a head-scratcher for you too. Or think of it as a fresh challenge?

My laptop has been down for nearly a month. My Dell laptop is running Windows XP Pro, and it suddenly decided that I, and all other admin IDs, do not have permission to open or run files.

At first, I chased the 'denied' problem as an ownership. Probably more insidious than that, when this happened, I was also not authorized to shutdown or restart the PC. The message I received was "you do not have permission to shutdown or restart" this system.

Another big red flag was that I noticed all my IE8 icons were gone -- on the desktop, taskbar, start menu and even in 'All Programs.' When I searched for IE8 files, all I found was IE7. When I opened an HTML doc (in Safe Mode), IE6 opened it.

I tried several things in Safe Mode, including logging in to my usual ID and the hidden admin ID. I could run and read all my files there. I even created a new ID with admin rights, but it had the same problems in normal mode. I also ran CHKDISK /r in Safe Mode, and the disk is OK.

One other oddity happened just days before this. My 30GB HDD dropped to 200 MB free space. After the 'nominal' chkdisk ran, I had 3.7GB free, but I don't see any files missing. Cleanup, I hope?

I'm guessing that it has a virus that got past my current AVG 8.5 and Comodo.

I can give more details, but I think the IE8 and shutdown problem are key indicators. What do you think? Where else can I look?

Please post your answer(s) in the discussion thread. If you can successfully help this member, we will send you a TechRepublic coffee mug.

About

Sonja Thompson has worked for TechRepublic since October of 1999. She is currently a Senior Editor and the host of the Smartphones and Tablets blogs.

26 comments
Dogcatcher
Dogcatcher

When faced with a situation such as the one presented by alpe97, I often begin by trying some of the suggestions set forth above. But, as the years have passed, I've gotten more lazy and less interested in divining all of the intricacies built into Microsoft's code. I just want the darn PCs to work. I've also discovered that chasing down elusive symptoms can take far more hours than the problem warrants. Thus, I have become a believer in nightly backups to preserve data and regular Ghost images of OS partitions to allow a quick restoration of the working system. The backups and images are always sent to a separate physical drive, and sent to a different PC when practical. Reinstallation of the OS from DVD is sometimes the only available solution, but I don't like to do it because it forfeits the hours of setup and customization that go into each PC. Finally, since stuff seems to happen more often to laptops than desktops, I try to arrange the world such that data on a laptop is merely a copy of the "real" data held somewhere else. None of this may solve alpe97's immediate problem, but it may give him some ideas as to what to do in the future.

Mohammad Oweis
Mohammad Oweis

As i read in the post, from safe mode he can access all the files, so what make that possible, is that almost nothing is being load under safe mode including the AVG. And as i heard from some of my friends that they had trouble with some versions of AVG, it has crushed there systems. ( i have never used it) Try to uninstall AVG, and check if this will work. And get another AV, and scan your system.

PeterPac
PeterPac

Lets try this: Turn the laptop on and while it is booting tap the F8, once there choose "Last known good configuration". If this does not work boot into safe mode with a command prompt. Get to a admin account. At the command prompt type: %systemroot%\system32\restore\rstrui.exe. follow the instructions to restore your PC to an earlier state of operation.

caseyscherm
caseyscherm

I helped my wife's brother-in-law recovery from a similar problem last year in Hong Kong. Their security was very lax and a hacker had used a tool identified as "hacktool.rootkit" and had apparently literally taken over the computer. The thing that strikes me here is the fact that you can't shutdown/restart the computer. One of the things they apparently do is disable normal admin functionality to inhibit you from removing their work or reloading Windows. In my case they had even inhibited the ability to boot from CD in the BIOS. Not only had the hacker compromised their computer, but they had even hacked their router/firewall to open ports. I finally had to flash the BIOS on the router using the utility provided on the router, immediately disconnect it from the internet, change the admin password on the router and only then work on the computer. I like the tools provided by malwarebytes.org. They have a free downloadable tool that will generally clean the hacktool.rootkit crap off enough to repair or reload your computer. Check to see if the BIOS is also affected - changed the boot sequence, disabled CD/net boot, etc. Good luck.

alshawwa-20045078549136243675845149874891
alshawwa-20045078549136243675845149874891

all the suggestions sounds great , you need something unique that restores or at least fixes some security settings that have been changed for a reasons which it could be due to a malware , id suggest trojan remover from www.simplysup.com , you can get your 30 days trial but probably your going to use it once , run a scan , not afull scan but a smart quick scan , and remove the infections and hidden drivers and kits that is infesting the system and its going to tell you that something changes some security setting son the system do you want to undo that so yes is the answer then a final reboot i had that exact problem once and i did it with TR and then running sfc /scannow to make sure all the system files are available and not corrupted then reinstalling IE8 and ran a chkdsk /p from recovery console " using a windows xp cd" and the last thing i would say is good luck

Charles Bundy
Charles Bundy

Do you recall the last thing you did before said laptop started acting this way? Specifically did you try installing a service pack, new driver or application?

GsyMoo
GsyMoo

I've had the same thing with a friends Lappy. It was riddled with virus's. Get yourself an IDE/SATA - USB drive converter cable, I got one for about a fiver from ebay, and it truly is the most useful bit of kit you can own. Pop your drive out and plug it in to another PC with up to date security. Then you can do what you like with it, back-up/delete whatever you like, virus scan, cleanup, defrag. If you're lucky a decent virus scan will sort out 95% of your problems allowing you stick your drive back in and update your AV and Windows. If you're unlucky at least you'll have an easy way to back up your stuff before you reformat and reinstall. I've used this method several times on a variety of problems and computers and it really is the most painless way to go. Hope that helps.

RF7000
RF7000

if you suspect a virus and have an easy means to save or backup your data, if it were me I would not waste my time with it. Pop in a dell restore cd, preferably the blue XP sp3 cd and just reinstall xp, that is a guaranteed fix and it does not take long. Once xp is reinstalled, do a windows update, install software you need, and copy back saved data as you need it. other than that, you could try checking "simple file permissions" in Tools - Folder Options- View tab all the way at the bottom. And you might also try using mmc (type mmc in the Run command window) and using the 'Security Configuration & Analysis" snapin apply the setup_security.inf template from C:\windows\security\templates

Brian.Martin
Brian.Martin

A lot of good suggestions have been made. What I would do is somewhat a combination of a few of them. Without more info I am flaying by instruments because depending on if the laptop is part of a domain or not would affect some of the things I would do and in what order. I would open a command prompt and run "gpresult". This will poll policy that is applied to this laptop. Here you can see what policy is and is not applied. This will tell you what groups the user is assigned to, like adminstrator group or not. I would check Event Viewer for any errors, especially 'failed' security events. Event logs can fill up the hard drive, but it also depends on what policy is applied to the size of the logs and retention span. Check the ACL on the root of all your drives, especially the C drive. Make changes if necessary. You can also uninstall IE8 if you feel that is the culprit. If malware of some kind is thought to be the cause, turn off system restore, boot into safe mode and run your AV scan and malware scan (Adaware or SpyBot Search and Destroy). I like also using Ultimate Boot CD for Windows to run scans. This bypasses your local OS and security so can do a lot of things you may not be able to. You can also boot back to a previous time that the laptop worked fine by using System Restore feature if you feel it was an application issue that caused your problems. Worst case after all this would be to Nuke the laptop and start over. And lastly, if this is part of a domain and other domain admins like playing jokes, they could have thrown group policy to your laptop as a joke. I wont admit anything, but I have heard people have removed icons, or changed wallpaper, or other 'fun' things to mess with users. Hope you get your laptop back where you want it.

Gis Bun
Gis Bun

This sounds like [not saying it is] one of those system hijackings. Any strange icon in the system tray? Normally the hijacking would ask you to send payment via credit card to somewhere [in Russia?] and they'd give you a code to unlock your system. From what I read, they are hard to clean. You are better off taking your data off the system and wipe the system completely. If you have been down for a month, what took you so long to ask? :-)

Charles Bundy
Charles Bundy

While IE8 has added security features, they don't seem geared towards the file system level, they are related to network authentication and heuerstic determination blocking of questionable material. Your post indicates there are multiple users of the laptop that have admin rights. Might one of those users have accidentally changed FS permissions volume wide? This would also cause free space to drop to nothing as now blocked service accounts log errors exponentially. If this were the case logs will fill up again fairly quickly. Have you checked Event Viewer? Is there anything suspicious looking?

tmcentire
tmcentire

Uninstall IE8 because...I have had three different laptop's running Win XP Pro and as soon as IE8 was installed the laptop's began to behave odd as through it had a virus. I noticed this on a laptop running Win XP Home as well... Thanks, Toni

radolan7
radolan7

I had this problem and even couldn't do what trunyard suggested. The flash drive was not detected. I had to wipe the partition and reload windows.

ultimitloozer
ultimitloozer

I agree that you should check Group Policies first. If you already have MBAM (or similar) installed on the machine, run a full scan with that in Safe Mode to try to eradicate any crapware that has infected your system. If you have access to a known clean computer, you should download the Ultimate Boot CD 4 Wndows (www.ubcd4win.com) and create a bootable CD with MBAM and Avira on it at a minimum. By booting with the CD you create with this app, it doesn't matter what kind of malware is on the system since it will not execute during startup and cannot attempt to hide itself.

oroy2010
oroy2010

Another thought. Have you fully updated all your spyware and AV software? Try running a scan in safe mode as there are minimal services running. It may pick up a problem there if you do have a virus.

oroy2010
oroy2010

Good morning. Have you tried to run gpedit.msc and checked the security policy settings?

drowlfs
drowlfs

Open My Computer, right click C:, Properties, Security/Permissions, Advanced. Inside there make sure you or Administrators has Full Control on everything, and there's a check box to say you should reapply these to all files and folders. Then click it and let it rewrite permissions for the whole drive.

zeekhan76
zeekhan76

Hi Sonja, looks like your laptop has been crusaded with Malware of some critical sort. Do one thing download MalwareBytes (from download.com) to address these issues. I got an issue of the same nature and IE 8 started blocking some of my safe and secure websites. After running this malware removal software, i got a clean chit and now its all trouble free at my end !

Sonja Thompson
Sonja Thompson

TechRepublic member alpe97 has a Dell laptop running Windows XP Pro, but it suddenly decided to deny permissions and all of the IE8 icons and files are missing. Take a look at the original post to find out more details about this problem, and then please post your solution(s) in the discussion thread. If you can help this member, we'll send you a free TechRepublic coffee mug.

oroy2010
oroy2010

Is it just this laptop that you are having the problem on? Are you able to replicate it anywhere else? That would help you to eliminate if it is the AV or spyware software,etc.

trunyard
trunyard

Without special software and reinstalling Windows I suggest: 1) If IE is inaccessible, on another PC: Download an anti-malware application such as Malwarebytes onto a flash drive. If IE is accessible, download the application to your local drive 2) Boot your problem PC in Safe Mode with Networking, login with an admin account and update your AVG definitions then run a full system scan 3) At the command prompt (start menu > run > type in cmd and hit ok) type in: REG ADD HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer /VE /T REG_SZ /F /D %Service% 4) Now type in: net start msiserver 5) Install your anti-malware application you downloaded to flash drive from step 1. If you dont see the flash drive, check Disk Management and assign it a drive letter 6) Run a full scan with your anti-malware app 7) Although the AV and anti-malware apps will find the suspicious files, I always doublecheck the work it did. Go to c:\windows\system32 in detailed view and sort by date. If you find any .dll's or .exe's with suspicious file names that have been modified within a few days, rename them with an appended .bak extension. 8) Since you've noted that you cant shutdown or restart, lets open the local group policy (start menu > run > type in: gpedit.msc) and navigate to: 'Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment' and find 'Shut down the system'. Add the Administrators group. 9) Reboot into normal mode and test the stability and determine if more needs to be done to correct the problems the malicious software caused. Steps 3 and 4 are required to run the Windows Installer service which is needed to install your anti-malware app. If you run into any roadblocks just let us know. Thanks, Travis

Datacommguy
Datacommguy

I'd start by running MBAM in safe mode. If there's some malware screwing things up, there's a good chance that will resolve the problem. I'd also try logging in as the primary administrator, and then see if you see Administrative Tools in the control panel or in your programs list? Or even using Windows Explorer to scan all the user's program options under Documents and Settings to find an Administrative Tools group? If you can get to that, look at Computer Management to check the security group each user is assigned to, and then Local Security Policy to see what permissions (or denials) are set.

Dyalect
Dyalect

But first. Load up a live-cd of Ubuntu 9.04 or 9.10. You should be able to see your windows partition. Backup all your files to dvd(s) with the brasero cd/dvd burning program in ubunutu. Buy a BIGGER hard drive, proper virus scanner and reinstall windows. Before the reinstall you could try loading the virus scanner from the boot cd (norton feature). But the best and cleanest bet is a reinstall of windows, and restore your data from those dvds created with ubuntu. -- Dyalect

justagallopin
justagallopin

Good advise trunyard. I also like to boot with puppy linux to drag and drop my mbam or and ccleaner, etc to the desktop of Windows pc. This prevents infection of my thumb drive, as has happened to me in the past. I use ext3 on a thumb drive to hold my security programs to avoid being able to use it on a win machine. I also turn off system restore as many problems can reside there as well.

leo8888
leo8888

@justagallopin: USB flash drives can be great tools to assist in virus/spyware cleanups but you might want to look into one that includes a write protect switch such as some of the PQI models. It's nice knowing you can flip that switch and plug into any PC without worrying about the files on your thumb drive getting infected.

Editor's Picks