Lost privileges on an admin account

[isaac]

Hi Guys i really need some help./

My computer was infected with a virus and my internet explorer wasn;t working. i was able to scan the computer in safe mode and fix the problem with IE. But now sometimes i get a message saying that i can't do certain things due to lack of admin privileges. I have scaned my pc with adware, avg, norton, but i allaways get the same virus thread eventhough a i clean them. can any body help.
i also used windows advanced personal care

also if i try login in to any email account or bank account ( anything that requires login) i get a page can not be display.
i could browse to any other websites but nothing containg login credentials.

also when i used adware to clean the threads there are three virus thread that seem to be host files but they wont go to quarantine nor can they be removed.

Can any one help Please... i would really appreciate it.\

Thanks in advanced.

 

[howard_hopkinso]

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard

This thread is for the use of only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[isaac]

Problems

ok so far i'm up to step 13, however the Panda Antirootkit programme did not run properly, i ran it three times and it gave an error saying that the program encounter some problems and needed to close, it allways does that when it's by the second level of cleaning.

virto mundo did not find anything.

also the only virus scan never finished and it ran for 45 minutes so i terminated.

i'll be posting the reports later on as soon as i do the hijact this. so i ncould post them all together..


Thanks For your help.

 

[howard_hopkinso]

Since you`re having problems with the Panda Antirootkit programme, try the AVG Antirootkit programme instead.

Regards Howard

This thread is for the use of isaac only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[isaac]

Hey guys these are the reports, hope this is helpfull.

The computer is running much better but i still don't have admin rights on the account.

Test results:

Vundofix = clean
AVG antirootkit = nothing found
avg antivirus was clean
SS&D found a few errors and fixed them
Adware found 68 but nothing really bad. also removed them

Note: i Attached two Avg antispyware logs becasue the first one i thought that didn't save the report and this one found 2 tracking cookies. and the second one i ran it just to make sure.
Sorry for the inconvinience if any.

attached are the final reports/

Thanks

the computer is running much much better, But i still can't do admin task/

i can't get to control panel
i can't right click on my computer etc/.

Can you please help..

I'll appreciate.

Thanks in advance and for your previous help.

 

[howard_hopkinso]

Doqwnload and run this Symantec/Norton removal tool.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\WINDOWS\system32\drivers\rbludhiwbaej.sys
C:\WINDOWS\system32\drivers\qjhjfebtvpdu.sys
C:\WINDOWS\system32\ttstv.ini2
C:\Program Files\ini.ini
C:\WINDOWS\frexup2.exe
C:\Program Files\TTC.dll
C:\WINDOWS\system32\tecnava.sys
C:\windows\system32\xxyawtt.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
C:\WINDOWS\system32\xlgkmjmq.dll
C:\WINDOWS\plite731.exe
C:\WINDOWS\system32\WinAvXX.exe

Folder::
C:\VundoFix Backups
C:\PROGRA~1\MYWEBS~1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB8BBE72-3CEC-4469-A9DD-5F48306A396B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyawtt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\18a190a2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\plite731]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.


Regards Howard

This thread is for the use of isaac only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[isaac]

hey guys,

attached are the hjack2 AND THE combofix logs.

Hope this is helpfull.

As i said the computer is running much better but i still don't have admin rights on the account. i Appreciate all the help you've given so far, thank you so much.

Let me know how those reports look, or if i have to fix anything.

Thanks

can anybody help reading those logs please.

Thanks!

 

[howard_hopkinso]

All clean.

Delete the following folder.

C:\qoobox.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

Go HERE, download and install the latest version of Java.

Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of isaac only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[isaac]

Admin rights

hey guys thanks for all your help. I'm glad to hear the computer looks clean on the reports. it actually runs much better and this would not have happened without your help. However after following all your recomendations i still don't have admin rights on the original account even though it's an admin account.
i can't change my desktop, can't go to control panel, can do updates etc.

Infact to do most of the task recomended by you guys i had to create a new account becasue there were certain things that it would not let me.

Can anyone help me on this.

Also regarding Java.
in control panel there is two things pertaining to java :\
the one that i just downloaded (java 6 v3) and there is also Java runtime 2

should i delete that one two. because i'm not sure is this is the same.

Thanks guys/.

 

[howard_hopkinso]

Yes, you should uninstall all previous version of java.

I`m not sure what your problem is with your admin rights and suggest you open a new thread for this in our Windows OS forum.

Regards Howard

This thread is for the use of isaac only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.