Question
-
CreatorTopic
-
December 10, 2007 at 4:43 pm #2223229
Spyware on computer changed admin account to restricted account, need help
Lockedby amy571 · about 16 years, 4 months ago
I allowed a friend visiting from out of town to use my computer, he proceeded to download some files which ended up containing spyware. My computer only has ONE user, my account which is the admin account. The spyware has apparently changed the admin user to a restricted user account, and I can no longer access control panel or other parts of my computer on it, as it says it is restricted and I do not have admin access. My user account is passworded and I have not forgotten the password. It is treating my admin account as if it is a normal user account, Is there any way I can fix this? I have ran 3 different spyware/ virus scanning programs and removed or quarantined everything it has found. Any help would be greatly appreciated.
This conversation is currently closed to new comments. -
CreatorTopic
All Answers
-
AuthorReplies
-
-
December 10, 2007 at 4:43 pm #2637904
Clarifications
by amy571 · about 16 years, 4 months ago
In reply to Spyware on computer changed admin account to restricted account, need help
Clarifications
-
December 10, 2007 at 5:11 pm #2637901
out of luck
by cg it · about 16 years, 4 months ago
In reply to Spyware on computer changed admin account to restricted account, need help
if the only account on the computer was yours and it was the admin account and it somehow got changed to a restricted users account, there’s nothing you can do.
you might try logging in using the user name administrator and use a blank password but I don’t think that will work
-
December 10, 2007 at 5:17 pm #2637900
Have you tried….
by captbilly1eye · about 16 years, 4 months ago
In reply to Spyware on computer changed admin account to restricted account, need help
… to boot to Safe Mode and perform an XP System Restore using the built-in utility?
If you are using XP, performing a System Restore to a date prior to when your ‘friend’ downloaded the garbage may be the best fix.
Boot to Safe Mode by tapping F8 while booting, then go to Start-All Programs-Accessories-System Tools-System Restore.
If that doesn’t work, there is a tool from Microsoft called ‘SubInACL’ that is a command line tool that can restore administrator privileges to all keys in the Registry. That may correct the issue. I can supply you with a Batch file that will run the job after SubInACL is installed (I just have to dig it up).
-
December 11, 2007 at 8:24 am #2638967
Here’s the batch file…
by captbilly1eye · about 16 years, 4 months ago
In reply to Have you tried….
This will restore administrator and system rights to all keys in the Registry.
You need to download and install SubInACL FIRST! http://tinyurl.com/6x22x[Disclaimer – use at your own risk. I have tested this on Win2000 and WinXP machines. I offer this as a helper and do not assume liability for it’s use or misuse]
[b]Note:[/b] When making changes to the system registry, it is always a good idea to make a valid backup of the registry first!
OK… that being said, here you go…
Copy the text below the line into a .TXT file (use Notepad). Save, close and rename the .TXT file to ‘Reset.BAT’. Then double-click it.
———————————–
@echo off
cd C:\Program Files\Windows Resource Kits\Tools\
Echo This will start the Microsoft SubInACL command line utility
Echo.
Echo Please see Microsoft’s Knowledgebase article 265360 for more information on the SubInACL command line utility
Echo http://support.microsoft.com/kb/265360
Echo.
echo If you do not want to continue, press Ctrl+C to exit.
pauseEcho.
Echo =========================
Echo Start
Echo =========================
Echo.Echo Processing Registry Permission. Please wait…
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=fsubinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=fREM Echo =========================
REM Echo Processing Folder Permission. Please wait…
REM Echo =========================
REM subinacl /subdirectories %SystemDrive% /grant=administrators=f
REM subinacl /subdirectories %SystemDrive% /grant=system=fEcho =========================
Echo Finished.
Echo =========================
Echo.
Echo Please see Microsoft’s Knowledgebase article 265360 for more information on the SubInACL command line utility
Echo http://support.microsoft.com/kb/265360
Echo.
pause
exit-
December 12, 2007 at 5:47 am #2638520
I appreciate that.
by ontheropes · about 16 years, 4 months ago
In reply to Here’s the batch file…
I’ve saved your reply to an OO.o file for possible future use. Thank you.
-
-
-
December 10, 2007 at 7:06 pm #2637866
Didn’t change admin account to restricted account
by guan · about 16 years, 4 months ago
In reply to Spyware on computer changed admin account to restricted account, need help
Hi,
On my experience, the problem doesn’t cause by spyware/virus changed admin account to restricted account, but only restricted some potential admin tools (like control panel, regedit, etc)
Maybe this link can help you (http://www.dougknox.com/security/scripts_desc/nosetfolders.htm)
-
December 10, 2007 at 10:24 pm #2639135
It is Malware
by willcomp · about 16 years, 4 months ago
In reply to Spyware on computer changed admin account to restricted account, need help
Try running these 3 removal tools in order:
http://forums.majorgeeks.com/showthread.php?t=134965 ComboFix
http://www.atribune.org/content/view/24/2/ VundoFix
http://siri.geekstogo.com/SmitfraudFix.phpFollow instructions on linked pages.
Then download, install, update, and run:
http://www.superantispyware.com/download.html-
December 29, 2007 at 8:39 am #2636684
It was useful! Sincere thanks!
by omanakuttanvn · about 16 years, 3 months ago
In reply to It is Malware
Fix report – Combofix
ComboFix 07-12-21.4 – OMANAKUTTAN 2007-12-29 21:51:42.1 – NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.506 [GMT 5.5:30]
Running from: C:\Documents and Settings\OMANAKUTTAN\Desktop\ComboFix.exe
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Start Menu\Programs.\PrivacyProtector Free
C:\Documents and Settings\All Users\Start Menu\Programs.\PrivacyProtector Free\PrivacyProtector HomePage.lnk
C:\Documents and Settings\All Users\Start Menu\Programs.\PrivacyProtector Free\PrivacyProtector Online Manual.lnk
C:\Documents and Settings\All Users\Start Menu\Programs.\PrivacyProtector Free\PrivacyProtector Online Support.lnk
C:\Documents and Settings\All Users\Start Menu\Programs.\PrivacyProtector Free\PrivacyProtector.lnk
C:\Documents and Settings\All Users\Start Menu\Programs.\PrivacyProtector Free\Uninstall PrivacyProtector.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\PrivacyProtector Free\PrivacyProtector HomePage.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\PrivacyProtector Free\PrivacyProtector Online Manual.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\PrivacyProtector Free\PrivacyProtector Online Support.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\PrivacyProtector Free\PrivacyProtector.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\PrivacyProtector Free\Uninstall PrivacyProtector.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\BABUKUTTAN\Start Menu\Programs\Startup\system.exe
C:\Documents and Settings\OMANAKUTTAN\Desktop\PrivacyProtector Free.lnk
C:\Documents and Settings\OMANAKUTTAN\Start Menu\Programs\Startup\system.exe
C:\Program Files\Common Files\PrivacyProtector Free
C:\Program Files\Common Files\PrivacyProtector Free\dcsm.exe
C:\Program Files\Common Files\PrivacyProtector Free\dnse.exe
C:\Program Files\PrivacyProtector Free
C:\Program Files\PrivacyProtector Free\Activate.dat
C:\Program Files\PrivacyProtector Free\Appbase\AE_CD_Cr.dat
C:\Program Files\PrivacyProtector Free\Appbase\AReadr4.dat
C:\Program Files\PrivacyProtector Free\Appbase\AReadr5.dat
C:\Program Files\PrivacyProtector Free\Appbase\ASDSEEpv.dat
C:\Program Files\PrivacyProtector Free\Appbase\ASPack.dat
C:\Program Files\PrivacyProtector Free\Appbase\Babylon.dat
C:\Program Files\PrivacyProtector Free\Appbase\BDelphi5.dat
C:\Program Files\PrivacyProtector Free\Appbase\CatchUp.dat
C:\Program Files\PrivacyProtector Free\Appbase\CBuildr5.dat
C:\Program Files\PrivacyProtector Free\Appbase\CCGA.dat
C:\Program Files\PrivacyProtector Free\Appbase\CManager.dat
C:\Program Files\PrivacyProtector Free\Appbase\CuteFTP4.dat
C:\Program Files\PrivacyProtector Free\Appbase\CuteHTML.dat
C:\Program Files\PrivacyProtector Free\Appbase\DAcceler.dat
C:\Program Files\PrivacyProtector Free\Appbase\DiscJug.dat
C:\Program Files\PrivacyProtector Free\Appbase\ECDCreat4.dat
C:\Program Files\PrivacyProtector Free\Appbase\Far.dat
C:\Program Files\PrivacyProtector Free\Appbase\FFTsks.dat
C:\Program Files\PrivacyProtector Free\Appbase\FlashFXP.dat
C:\Program Files\PrivacyProtector Free\Appbase\FrntPage.dat
C:\Program Files\PrivacyProtector Free\Appbase\FrontPEx.dat
C:\Program Files\PrivacyProtector Free\Appbase\FtpEXP.dat
C:\Program Files\PrivacyProtector Free\Appbase\FtpVoya.dat
C:\Program Files\PrivacyProtector Free\Appbase\GetRight.dat
C:\Program Files\PrivacyProtector Free\Appbase\GoZilla.dat
C:\Program Files\PrivacyProtector Free\Appbase\GravMRU.dat
C:\Program Files\PrivacyProtector Free\Appbase\H_TxtPad.dat
C:\Program Files\PrivacyProtector Free\Appbase\HomeSite.dat
C:\Program Files\PrivacyProtector Free\Appbase\HotDogPr.dat
C:\Program Files\PrivacyProtector Free\Appbase\IconExtr.dat
C:\Program Files\PrivacyProtector Free\Appbase\iMesh.dat
C:\Program Files\PrivacyProtector Free\Appbase\ImgReady3.dat
C:\Program Files\PrivacyProtector Free\Appbase\InsShExp.dat
C:\Program Files\PrivacyProtector Free\Appbase\JASC_P_P.dat
C:\Program Files\PrivacyProtector Free\Appbase\KaZaA.dat
C:\Program Files\PrivacyProtector Free\Appbase\LView.dat
C:\Program Files\PrivacyProtector Free\Appbase\MacDir.dat
C:\Program Files\PrivacyProtector Free\Appbase\MacDrWea.dat
C:\Program Files\PrivacyProtector Free\Appbase\MicAng.dat
C:\Program Files\PrivacyProtector Free\Appbase\MicDes.dat
C:\Program Files\PrivacyProtector Free\Appbase\MM_CON.dat
C:\Program Files\PrivacyProtector Free\Appbase\MMUnDisk.dat
C:\Program Files\PrivacyProtector Free\Appbase\Morpheus.dat
C:\Program Files\PrivacyProtector Free\Appbase\MPaint.dat
C:\Program Files\PrivacyProtector Free\Appbase\MPicPub.dat
C:\Program Files\PrivacyProtector Free\Appbase\MPImaGal.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSExplorer.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSoffice.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSRegEdit.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSWMP.dat
C:\Program Files\PrivacyProtector Free\Appbase\MSWordPad.dat
C:\Program Files\PrivacyProtector Free\Appbase\Nero.dat
C:\Program Files\PrivacyProtector Free\Appbase\NetShow.dat
C:\Program Files\PrivacyProtector Free\Appbase\NTBackup.dat
C:\Program Files\PrivacyProtector Free\Appbase\pfilelst.xda
C:\Program Files\PrivacyProtector Free\Appbase\PhotShel.dat
C:\Program Files\PrivacyProtector Free\Appbase\PHPCoder.dat
C:\Program Files\PrivacyProtector Free\Appbase\PowerZIP.dat
C:\Program Files\PrivacyProtector Free\Appbase\RapidBr.dat
C:\Program Files\PrivacyProtector Free\Appbase\RealAuPl.dat
C:\Program Files\PrivacyProtector Free\Appbase\RealDown.dat
C:\Program Files\PrivacyProtector Free\Appbase\SecurCRT.dat
C:\Program Files\PrivacyProtector Free\Appbase\SL_BlWin.dat
C:\Program Files\PrivacyProtector Free\Appbase\SmartClr.dat
C:\Program Files\PrivacyProtector Free\Appbase\Sonique.dat
C:\Program Files\PrivacyProtector Free\Appbase\StuffIt.dat
C:\Program Files\PrivacyProtector Free\Appbase\TelepPro.dat
C:\Program Files\PrivacyProtector Free\Appbase\UGifAnim.dat
C:\Program Files\PrivacyProtector Free\Appbase\UltraEd.dat
C:\Program Files\PrivacyProtector Free\Appbase\UMedStud.dat
C:\Program Files\PrivacyProtector Free\Appbase\UPhImpV.dat
C:\Program Files\PrivacyProtector Free\Appbase\UPhotoEx.dat
C:\Program Files\PrivacyProtector Free\Appbase\UVidStud.dat
C:\Program Files\PrivacyProtector Free\Appbase\VNC.dat
C:\Program Files\PrivacyProtector Free\Appbase\WebFeret.dat
C:\Program Files\PrivacyProtector Free\Appbase\WebReap.dat
C:\Program Files\PrivacyProtector Free\Appbase\WinACE.dat
C:\Program Files\PrivacyProtector Free\Appbase\WinGate.dat
C:\Program Files\PrivacyProtector Free\Appbase\WinRAR.dat
C:\Program Files\PrivacyProtector Free\Appbase\WinZIP.dat
C:\Program Files\PrivacyProtector Free\Appbase\WiseInst.dat
C:\Program Files\PrivacyProtector Free\Appbase\wordslst.xda
C:\Program Files\PrivacyProtector Free\Appbase\YahooPl.dat
C:\Program Files\PrivacyProtector Free\Appbase\ZipMagic.dat
C:\Program Files\PrivacyProtector Free\atl71.dll
C:\Program Files\PrivacyProtector Free\bnlink.dat
C:\Program Files\PrivacyProtector Free\err.log
C:\Program Files\PrivacyProtector Free\img\button.gif
C:\Program Files\PrivacyProtector Free\img\button2.gif
C:\Program Files\PrivacyProtector Free\img\header.gif
C:\Program Files\PrivacyProtector Free\img\logo.gif
C:\Program Files\PrivacyProtector Free\img\spacer.gif
C:\Program Files\PrivacyProtector Free\img\top_line.gif
C:\Program Files\PrivacyProtector Free\img\top1.jpg
C:\Program Files\PrivacyProtector Free\img\top2.jpg
C:\Program Files\PrivacyProtector Free\InstHelp.exe
C:\Program Files\PrivacyProtector Free\lapv.dat
C:\Program Files\PrivacyProtector Free\license.rtf
C:\Program Files\PrivacyProtector Free\manual.url
C:\Program Files\PrivacyProtector Free\mfc71.dll
C:\Program Files\PrivacyProtector Free\msvcp71.dll
C:\Program Files\PrivacyProtector Free\msvcr71.dll
C:\Program Files\PrivacyProtector Free\pv.dat
C:\Program Files\PrivacyProtector Free\readme.rtf
C:\Program Files\PrivacyProtector Free\ScanReport.dat
C:\Program Files\PrivacyProtector Free\Schedule.dat
C:\Program Files\PrivacyProtector Free\sr.log
C:\Program Files\PrivacyProtector Free\support.url
C:\Program Files\PrivacyProtector Free\unins000.dat
C:\Program Files\PrivacyProtector Free\unins000.exe
C:\Program Files\PrivacyProtector Free\uninstall.ico
C:\Program Files\PrivacyProtector Free\UninstallPage.html
C:\Program Files\PrivacyProtector Free\up.dat
C:\Program Files\PrivacyProtector Free\updater.dat
C:\Program Files\PrivacyProtector Free\UPRP.exe
C:\Program Files\PrivacyProtector Free\UPRP.url
C:\Program Files\PrivacyProtector Free\UPRP.xml
C:\Program Files\PrivacyProtector Free\uprpcw.exe
C:\Program Files\PrivacyProtector Free\UPRPPChk.dll
C:\Program Files\PrivacyProtector Free\vbpv.dat
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\ipv6mons.dll
C:\WINDOWS\system32\oledb32.dll
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\vtr.dll
C:\WINDOWS\system32\WinAvXX.exe.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.2007-12-29 21:39 . 2007-12-29 21:39
d——– C:\Program Files\Windows Resource Kits
2007-12-28 00:11 . 2007-12-28 00:11 54,156 –ah—– C:\WINDOWS\QTFont.qfn
2007-12-28 00:11 . 2007-12-28 00:11 1,409 –a—— C:\WINDOWS\QTFont.for
2007-12-16 22:46 . 2007-12-16 22:46d——– C:\Documents and Settings\OMANAKUTTAN\Application Data\skypePM
2007-12-16 22:46 . 2007-12-16 22:46 32 –a—— C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-16 22:44 . 2007-12-29 09:17d——– C:\Documents and Settings\OMANAKUTTAN\Application Data\Skype
2007-12-16 12:26 . 2007-12-16 12:26 36,728 –ah—– C:\WINDOWS\system32\mlfcache.dat
2007-12-16 12:23 . 2007-12-29 09:17d——– C:\Program Files\Safari
2007-12-16 12:23 . 2007-12-29 09:21d——– C:\Program Files\Bonjour
2007-12-16 12:23 . 2007-12-29 09:18d——– C:\Program Files\Apple Software Update
2007-12-13 09:35 . 2007-12-29 09:18d——– C:\Program Files\Skype
2007-12-13 09:35 . 2007-12-29 09:18d——– C:\Documents and Settings\All Users\Application Data\Skype .
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2094-03-16 15:23 19,456 —-a-w C:\Program Files\html tutor 2.0.doc
2094-02-21 16:37 192 —-a-w C:\Program Files\Thanx To.txt
2094-02-21 16:33 5,632 —-a-w C:\Program Files\Order Sheet.doc
2094-02-21 16:25 336 —-a-w C:\Program Files\Read Me.txt
2094-02-21 06:51 209,408 —-a-w C:\Program Files\html tutor 1.0.doc
2007-12-29 12:58 ——— d—–w C:\Program Files\PROPHET3
2007-12-16 06:54 ——— d—–w C:\Documents and Settings\OMANAKUTTAN\Application Data\Apple Computer
2007-08-22 20:26 41,672 —-a-w C:\Documents and Settings\OMANAKUTTAN\Application Data\GDIPFONTCACHEV1.DAT
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MSMSGS”=”C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 21:54]
“swg”=”C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” []
“Yahoo! Pager”=”C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe” [2007-03-01 18:11]
“SpybotSD TeaTimer”=”C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe” [2005-05-31 01:04][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“igfxtray”=”C:\WINDOWS\system32\igfxtray.exe” [2006-04-05 23:51]
“igfxhkcmd”=”C:\WINDOWS\system32\hkcmd.exe” [2006-04-05 23:51]
“igfxpers”=”C:\WINDOWS\system32\igfxpers.exe” [2006-04-05 23:51]
“Apoint”=”C:\Program Files\Apoint\Apoint.exe” [2004-11-18 09:17]
“ehTray”=”C:\WINDOWS\ehome\ehtray.exe” [2005-08-06 02:26]
“SkyTel”=”SkyTel.EXE” [2006-05-17 06:34 C:\WINDOWS\SkyTel.exe]
“AzMixerSel”=”C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [2005-08-26 02:51]
“VAIO Recovery”=”C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe” [2003-04-20 09:38]
“SunJavaUpdateSched”=”C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-11 01:33]
“ISBMgr.exe”=”C:\Program Files\Sony\ISB Utility\ISBMgr.exe” [2004-02-21 02:42]
“VAIO Update 2″=”C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe” [2005-10-12 10:06]
“SonyPowerCfg”=”C:\Program Files\Sony\VAIO Power Management\SPMgr.exe” [2006-08-28 03:16]
“VAIOSurvey”=”c:\program files\sony\vaio survey\surveysa.exe” [2005-06-14 04:12]
“Switcher.exe”=”C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe” [2006-02-15 00:41]
“HostManager”=”C:\Program Files\Common Files\AOL\1158265598\ee\AOLSoftware.exe” [2006-04-14 02:06]
“DISCover”=”C:\Program Files\DISC\DISCover.exe” [2006-06-02 06:25]
“QuickTime Task”=”C:\Program Files\QuickTime\qttask.exe” [2007-02-16 10:54]
“iTunesHelper”=”C:\Program Files\iTunes\iTunesHelper.exe” [2007-03-02 15:24]
“TkBellExe”=”C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-08-23 00:24][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“WinAVX”=”C:\WINDOWS\system32\WinAvXX.exe” []C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk – C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-12 22:19:25]
Adobe Reader Speed Launch.lnk – C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 11:35:26]
Microsoft Office.lnk – C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Trend Micro Anti-Spyware.lnk – C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-09-15 01:49:58][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
“NoControlPanel”= 1 (0x1)
“NoWindowsUpdate”= 1 (0x1)[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}”= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-09-15 01:49 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-06-21 04:41 73728 C:\WINDOWS\system32\VESWinlogon.dllR3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-22 08:02]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-15 07:40][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fd8d1f0-b9ce-11db-bd00-0018de78301c}]
\Shell\AutoRun\command – F:\wd_windows_tools\setup.exe.
**************************************************************************catchme 0.3.1333 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 22:01:56
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
Completion time: 2007-12-29 22:02:56 – machine was rebooted-
December 29, 2007 at 11:16 am #2636633
Nothing like…..
by thumbsup2 · about 16 years, 3 months ago
In reply to It was useful! Sincere thanks!
giving the entire world access to your personal details in a forum post! Geez! No wonder you caught the nasty bug. Do you not have any idea how to hide your private details to prevent more trouble?
I would suggest you edit your post and remove ALL personally identifiable details.
-
December 30, 2007 at 5:35 am #2649750
You’re Welcome — BUT
by willcomp · about 16 years, 3 months ago
In reply to It was useful! Sincere thanks!
I should have told you not to post the ComboFix log. Realize you were just following instructions on web page.
-
-
-
December 11, 2007 at 10:34 am #2638888
Restored admin access.
by amy571 · about 16 years, 4 months ago
In reply to Spyware on computer changed admin account to restricted account, need help
Thanks for everyones help. I was able to restore admin access, and created a restricted guest account, and a 2nd passworded account with admin access.
I am following willcomp’s advice now to make sure all malware is removed.
The only thing there that doesn’t seem to be working is VundoFix. One of the things that was detected on my computer was a Vundo trojan, found by my anti virus and spyware programs, but not being detected by VundoFix, and those can’t seem to remove it. I am trying SUPERanti spyware now so hopefully it can get rid of it.
-
December 12, 2007 at 5:45 am #2638522
You might also try
by ontheropes · about 16 years, 4 months ago
In reply to Restored admin access.
AVG’s Free Anti-spyware available here: http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0
If the above doesn’t provide any relief I’d try Sunbelt software’s Counterspy available here:
http://www.sunbelt-software.com/Home-Home-Office/
Counterspy is fully-functioning trialware good for 30 days I believe. Once you’re through with it you can uninstall it using Control Panel/Add-Remove programs. I’ve seen Counterspy find spyware/trojans that other programs missed. Do a “deep” scan with Counterspy.Of course you’ll want to get all updates for both programs before scanning. Doing complete scans on a computer with many drives and/or a lot of data can take awhile, especially on older equipment.
-
December 12, 2007 at 12:14 pm #2638489
Will try Counterspy
by amy571 · about 16 years, 4 months ago
In reply to You might also try
Thanks again.
Yea, ive used AVG Anti Spy and Anti Virus. Haven’t tried the counterspy, Ill download that and give it a go as well. I know there is one that was still popping up yesterday, but a search on it showed it was a low risk one and more on an annoyance than anything, so it stand to chance there may be others.
-
December 12, 2007 at 1:46 pm #2638422
Please let me know what you think of it.
by ontheropes · about 16 years, 4 months ago
In reply to Will try Counterspy
All too often there’s no feedback on advice given here at TR. 😀
-
December 13, 2007 at 8:53 pm #2639538
Seems to have worked.
by amy571 · about 16 years, 4 months ago
In reply to Please let me know what you think of it.
Everything seems to have worked so far, no more virus pop ups. etc. seems to be running normal again 🙂
-
December 14, 2007 at 6:16 pm #2637503
Cool. Thanks for the feedback.
by ontheropes · about 16 years, 4 months ago
In reply to Seems to have worked.
I’ve always thought Counterspy to be an excellent program. Glad it was of use to you. 🙂
-
-
-
-
AuthorReplies
