XP Admin. Permission problem

By LockOutGirl ·
Got a call from a user today. XP Laptop would not boot. Kept showing a Registry File Failure. File that was affected was \systemroot\system32\config\software. So, using Microsoft's help ( - got through part one fine), I managed to swap out the affected files and once again, the laptop boots. However, the next part is causing problems.

I am logged in as the Administrator for the computer, as it was set up before the registry error. Now, though, the admin account is giving "not appropriate permission" errors when I try to do most anything. Also, I am getting what I think are corrupted error messages when I open control panel. The window that shows reads "CWBNL0202 - []\CA400RED.DLL". If I click OK, I can view the CP, but I cannot open most icons, due to the permissions error. (I cannot open user accounts, windows explorer, add/remove programs, etc. )

Thankfully, the data seems to still be on the drive, so we can pull it off and wipe if need be, but I'd love to save myself the trouble of reconfiguring the laptop.

Any help is very appreciated!

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

It looks like an infection

by Jacky Howe In reply to XP Admin. Permission prob ...

It could be W32.Yaha.K@mm

If that dosn't work try this. On a clean PC Download the following Programs.

Download Sophos and the latest IDE Files. Install it and extract the IDE files to the SAV32CLI folder. I normally create batch Files for the 4 runs.
EG: Sav1.bat

Running an information scan
To run a scan for information only, so as to create a log, type the following at the command prompt:


This will create a log of infected files, but will not disinfect or delete any infected files. You can then copy the log to a floppy disk for printing or emailing. If you run SAV32CLI without the -P command line parameter, the information on viruses will be written only to the screen.

Disinfecting infected files
To disinfect infected items with SAV32CLI, use the '-di' command line parameter.

If a file is infected more than once (either with different viruses, or several cases of the same virus), you might need to run multiple scans to disinfect all virus infections.
Do not use the command line parameter '-remove' in the same scan as '-di', as you could delete a file which could have been cleaned.
If the infection on the computer seems to be progressing rapidly, back up your data to CD or DVD before attempting disinfection.
The '-di' command line parameter will disinfect infected boot sectors, some infected program (.exe) files, and infected documents (e.g. .doc, .xls).

So, if your computer has been infected by a number of viruses, macro viruses, and worms, shut down the infected processes (either manually, or by using safe mode with command prompt), then run a series of scans to disinfect and remove these malicious programs. Make a log of all scans.

First run


Make a note of the number of files disinfected.

Run the scan again, with a different log name


If the number of files disinfected has decreased, run a third scan. If it has not, or the number is '0', remove all other virus files:


The above scans will disinfect all files that can be disinfected, and remove the rest.

During this process any infected documents will have been disinfected. Check the relevant virus analysis to find out if the virus involved could have corrupted data in the document. If you check the logs, you may well find that some worm or Trojan files were infected with a virus, so they were first disinfected, then removed.

Download Spybot - Search & Destroy 1.5.2 and install it. Update it.

Run Spybot to check if any remnants have been left.
Copy all installed Folders to a Flash Disk including HiJackThis and any batch files that I recommend creating.

Start the Suspect PC in Safe Mode and run the Programs in the order that they were downloaded with the instructions provided.

By now if still infected you should know the name of the Virus.

Collapse -

The question is.....

by bart777 In reply to XP Admin. Permission prob ...

How much is your time worth.
This one is going to be bad and take a while to get resolved. Unless you have a backup of the laptop or a good restore point available to you, you're going to be sitting there a while. That being the case I would just copy the data out, format the drive and start over.

Now, that being said, I would start with the standard recovery tools. See if ther is a system restore point that you can go back to.
Failing that you could try a repair installation of the OS to hopefully fix the bad registry and system files.

Best of luck.

Collapse -

That's what I was afraid of...

by LockOutGirl In reply to The question is.....

Thanks for the help.

Re: Virus. It may well be, but I'm highly suspicious of that being the end result. The amount of virus protection we've got here is pretty impressive. Not saying it can't happen, I'm just more inclined to look other places for an answer.

Course of action right now seems to be scrounge up a loaner to get the user running again in the mean time, and then struggle through the mire to get this one going again. Can't rush things like this, I suppose.

Thanks again!

Collapse -

Simple test

by Jacky Howe In reply to That's what I was afraid ...

run Task Manager, if you don't have permission to run it you're infected.

Edit: To make it a bit clearer.
If the error message states that ?Task Manager has been disabled by your administrator? and you haven't disabled it through Group Policy or a Local Policy you are probably infected.

Collapse -

When it comes to corrupt reg

by The Scummy One In reply to That's what I was afraid ...

unless you have a backup with all of the apps installed,
just rebuild it. Once you change the SW hive with the
repair version, the system goes back to the way it was
(pretty much) when it was just installed, with nothing on it
-- except many unknown/unwanted items that may still
be lurking.

Once I see the hive fails to install, I start thinking about a
backup data and rebuild. If it happens again, then it is
time to replace the HDD. However, it may just get fixed
by a chkdsk. But this is unlikely.

Collapse -

I have to agree with the others here

by OH Smeg In reply to That's what I was afraid ...

While gathering new knowledge is good you have to balance that against lost production time of the user so I've found it much better to just wipe & Re Image.

While you may not learn as much you have happier End Users who are not constantly complaining to the boss that they where unable to do whatever because IT messed them around when their NB failed and that failure was caused by IT as well because they didn't tell us to do it differently. The IT section is always the Scape Goat for End Users.

If the business is big enough you could pull the HDD fit it to an Identical NB and play with it when you have the time but having even a backup NB out of service for any length of time in most business isn't acceptable.


Collapse -

Reload sounds like the best bet

by jdclyde In reply to XP Admin. Permission prob ...

Once you start getting issues with the registry, the system is going to become unstable.

If you REALLY know what your doing, you might be able to fix it, but virus or bad registry, a wipe and reload is by far the quickest solution, and will give you the best end product.

Good luck.

Collapse -

system restore

by david.wallis In reply to XP Admin. Permission prob ...

once youve copied the files over you need to boot to windows, you should be able to do a system restore to go back before the errors.

Collapse -

Is it an IBM laptop?

by emerem2tor In reply to XP Admin. Permission prob ...

If Yes, then it might be the Client Access you need to have a look at. It might be no infection there, just a corrupt registry. Usualy if you update the CA the problem is solved.
I would suggest you to look on other forums, too, and perhaps you find more help there.

Collapse -

Easy Fix

by okiefishinpole In reply to XP Admin. Permission prob ...

Had the same problem on a desktop.Boot into safe mode,create new account for user, but don't delete corupt account. reboot into new user account and check to see everything works. Copy needed files and settings from bad account to new account and then delete bad account from users.

Back to Hardware Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums