1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Admin rights stripped and scans restart my computer

By PJ87
Jul 4, 2009
  1. I'm new and have a nasty problem. As the title states something has rid my username of admin rights, for example my task manager and registry have been disabled.
    I'm running XP Home up to date.
    Also behind a router.

    I've done the 8 step guide and here's what happened.
    The two recommended antivirus programs won't install. They start to, but the program suddenly closes.
    CCleaner worked fine with no problems.

    Superantispyware and malwarebytes fail to complete a scan without my computer restarting. It's difficult to tell which file the scan runs across when the computer restarts. However, in using SUPERAntiSpyware I noticed that the computer restarted when it was on the registry part of the scan. The computer restarted shortly after Malwarebytes went into the 2nd phase of scanning the "heuristics" scan I believe.

    Tried to update JAVA, did not succeed. I can give details of the error if you need them.

    A couple things I managed to do with malwarebytes was run a full system scan and aborted when it found one lone entry, which only took about a minute to find. Using the same program I used the quick scan (or smart scan pending on what program you use) and again aborted the scan before my computer restarted when it found 4 entry's. All 5 have been removed.

    By typing,

    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

    in "Run" I have managed to get into my registry and find the two entry's that disable my task manager and registry, however after I manually delete them they reappear almost immediately. I can actually get my task manager up if I hit control+alt+del immediately after I delete the entry that disables it.

    I've tried booting in safe mode but system restarts right after the last file has loaded.
    Same thing happens with "Last Known configuration"

    Programs I had installed prior to this are Spybot (with TeaTimer) and HiJackThis. Spybot will not open since the infection but the updater will. I have successfully downloaded, installed, and ran, adaware SE. Computer restarts before a scan can complete as well. However the "Ad-Watch Live!" feature of adaware has caught some garbage named (for example bhakw.exe winavndt.exe etc.) processes from running. It may have kept a log of this.

    I have not tried yet,
    1. Unplugging the drive with my operating system on it and scanning it on another computer.
    2. Creating another account and trying to scan from there.

    Sorry for the huge story, just thought it would be helpful to include as much as possible.

    I'm at a bit of a loss here :(

    Help would be much appreciated. Any ideas?
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...