Hello...
I was wondering if anyone had any insight on how to fix the following issue my friend is experiencing on his machine.
I've run through Howard's 15 preliminary steps as best I could, installed all requested applications, applied updates, ran the scans, etc., and I believe I successfully removed all the infected files that were found. As of yesterday, the AVG, AVGSpyware, SS&D, AdAware scans were all coming up "clean". The Panda rootkit scan also came up clean (no rootkits).
I had some problems running the SmitFraudFix application. It was able to create a log but when running selection #2 (Clean) it just "hung" after "Killing processes" and then "Hosts"....I left it alone for 30 minutes but there was nothing further so I stopped it. Also there was an issue running Combofix - as the functions "scrolled by", it appeared that it could a lot of "loading" of files was "not successfull", and that it did not find files or directory "runs.dat". Saving of registry key windows\currentversion\run to temp00.hiv was not successful, etc. It did go through all the stages, and perhaps these messages are indicative of nothing being found, but it is not clear to me that Combofix was successful.
I've attached the requested scan logs for HJT, Combofix, and AVG Antispyware (post scans). Actually, I'm running the AVG Antispyware again because it did not save the report from yesterday. I will post as soon as it is done, but here are the other two logs.
However, I am still experiencing a problem with administrative rights. In addition to the built-in administrator account, my friend only had his user account with full administrative rights that he used for everything. Of course, this lead to some really ugly virus/spyware/malware installations on his system.
When logging in under either his personal account (which has full administrative rights) or the built-in administrative account, I keep getting "access is denied" errors for the following : attempting to install new hardware (the monitor driver has a problem and every time the machine boots it wants to reinstall the driver to fix it - however, instead of being allowed to fix it, I get the message that I don't have sufficient rights to install new hardware and to see my system administrator).
As part of the ongoing challenge of cleaning his machine, I did a windows repair, which reverted the system back to service pack 3. I downloaded Service Pack 4 for Windows 2000 and attempted to install it and received an error that access to certain registry keys was denied (install was being done as an administrator). I believe the error was something along the lines of the client not holding sufficient priveleges for that key). I have not been able to upgrade to service pack 4.
Also, I cannot do windows updates on the system through the automatic update. I get notified the the updates are available, however, if I attempt to download the updates it just quietly does nothing. Same thing if I go to MS webpage to manually update - system just hands at the point that the download is supposed to take place.
On the other hand, I was able to download and install all the recommended antivirus and spyware software , so it does not appear that ALL admin rights have been restricted, just certain ones.
I have event viewer errors every time I boot up that say "The Point to Point Protocol module C:\\WINNT\System32\rastls.dll returned an error while initializing. The network request is not supported.", "The Control Protocol EAP in the Point to POint Protocol module C:\\WINNT\System32\rasppp.dll returned and error while initializing. The network request is not supported.", "Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The network request is not supported., "The Remote Access Connection Manager service terminated whith the following error: The network request isn ot supported."/ "The Internet Connection Manager service which failed to start because of the following error: The network request is not supported.", "Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.","The Remote Access Connection Manager service terminated with the following error: Access is denied". I understand that these services are related to network connectivity and this is a standalone machine, but I don't believe I should be receiving these errors (maybe someone can clarify).
A week or so ago he had some ugly malware/spyware/virus infections on his system (including rootkits) that now appear to be gone (based on the scans), but I can't rest until this administrative rights issue is resolved. I've created a regular user account and instructed him on its use so hopefully this does not happen again (well, that, and along with the fortress of antispyware/virus software that is now installed on the machine).
Would another windows repair do the trick as far as getting back admni rights? I ran the windows repair utility at one point when the machine would only boot into safe move to see if it would fix it (it didn't - there was a driver conflict between Kaspersky antivirus and the logitech camera that had be resolved to be able to boot into normal windows), but I DID appear to have admin rights for about a day after the windows repair (before, I assume, a resident virus/malware/rootkit/whatever took it away again).
Sorry for the long post, I just wanted to be as specific as possible...Any ideas, help, please? I realize that by this point in time I could have done a complete system restore (and maybe should have), but my friend didn't want to go that route due to potential loss of data and is about to buy a Macbook and relegate this windows machine to very basic use....
I was wondering if anyone had any insight on how to fix the following issue my friend is experiencing on his machine.
I've run through Howard's 15 preliminary steps as best I could, installed all requested applications, applied updates, ran the scans, etc., and I believe I successfully removed all the infected files that were found. As of yesterday, the AVG, AVGSpyware, SS&D, AdAware scans were all coming up "clean". The Panda rootkit scan also came up clean (no rootkits).
I had some problems running the SmitFraudFix application. It was able to create a log but when running selection #2 (Clean) it just "hung" after "Killing processes" and then "Hosts"....I left it alone for 30 minutes but there was nothing further so I stopped it. Also there was an issue running Combofix - as the functions "scrolled by", it appeared that it could a lot of "loading" of files was "not successfull", and that it did not find files or directory "runs.dat". Saving of registry key windows\currentversion\run to temp00.hiv was not successful, etc. It did go through all the stages, and perhaps these messages are indicative of nothing being found, but it is not clear to me that Combofix was successful.
I've attached the requested scan logs for HJT, Combofix, and AVG Antispyware (post scans). Actually, I'm running the AVG Antispyware again because it did not save the report from yesterday. I will post as soon as it is done, but here are the other two logs.
However, I am still experiencing a problem with administrative rights. In addition to the built-in administrator account, my friend only had his user account with full administrative rights that he used for everything. Of course, this lead to some really ugly virus/spyware/malware installations on his system.
When logging in under either his personal account (which has full administrative rights) or the built-in administrative account, I keep getting "access is denied" errors for the following : attempting to install new hardware (the monitor driver has a problem and every time the machine boots it wants to reinstall the driver to fix it - however, instead of being allowed to fix it, I get the message that I don't have sufficient rights to install new hardware and to see my system administrator).
As part of the ongoing challenge of cleaning his machine, I did a windows repair, which reverted the system back to service pack 3. I downloaded Service Pack 4 for Windows 2000 and attempted to install it and received an error that access to certain registry keys was denied (install was being done as an administrator). I believe the error was something along the lines of the client not holding sufficient priveleges for that key). I have not been able to upgrade to service pack 4.
Also, I cannot do windows updates on the system through the automatic update. I get notified the the updates are available, however, if I attempt to download the updates it just quietly does nothing. Same thing if I go to MS webpage to manually update - system just hands at the point that the download is supposed to take place.
On the other hand, I was able to download and install all the recommended antivirus and spyware software , so it does not appear that ALL admin rights have been restricted, just certain ones.
I have event viewer errors every time I boot up that say "The Point to Point Protocol module C:\\WINNT\System32\rastls.dll returned an error while initializing. The network request is not supported.", "The Control Protocol EAP in the Point to POint Protocol module C:\\WINNT\System32\rasppp.dll returned and error while initializing. The network request is not supported.", "Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The network request is not supported., "The Remote Access Connection Manager service terminated whith the following error: The network request isn ot supported."/ "The Internet Connection Manager service which failed to start because of the following error: The network request is not supported.", "Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.","The Remote Access Connection Manager service terminated with the following error: Access is denied". I understand that these services are related to network connectivity and this is a standalone machine, but I don't believe I should be receiving these errors (maybe someone can clarify).
A week or so ago he had some ugly malware/spyware/virus infections on his system (including rootkits) that now appear to be gone (based on the scans), but I can't rest until this administrative rights issue is resolved. I've created a regular user account and instructed him on its use so hopefully this does not happen again (well, that, and along with the fortress of antispyware/virus software that is now installed on the machine).
Would another windows repair do the trick as far as getting back admni rights? I ran the windows repair utility at one point when the machine would only boot into safe move to see if it would fix it (it didn't - there was a driver conflict between Kaspersky antivirus and the logitech camera that had be resolved to be able to boot into normal windows), but I DID appear to have admin rights for about a day after the windows repair (before, I assume, a resident virus/malware/rootkit/whatever took it away again).
Sorry for the long post, I just wanted to be as specific as possible...Any ideas, help, please? I realize that by this point in time I could have done a complete system restore (and maybe should have), but my friend didn't want to go that route due to potential loss of data and is about to buy a Macbook and relegate this windows machine to very basic use....