Cant access add/remove programs + others in CP

By Unlikely
Apr 26, 2008
  1. Hello,
    I had virtumonde + vundo (possibly others) infect my computer on Thursday. Symptoms were

    * IE opening whenever I opened firefox.
    * Could not connect to google.
    * Can not access add/remove programs, user managment, and others in control panel.
    * Can not access properties in desktop->right click menu.
    * Random named (EG: zxfiloerg.dll) appearing and recreating in windows/system32, also reg keys for them and some system files with the same name but .ini extension (although the ini's were binary files).

    I have done all scans as per the instructions except the online one because it was going to take 42+ hours(!)

    I couldnt find AVG AntiSpyware (because its been rolled into there main anti virus prog ?) so I used the anti virus prog instead.

    All seems fine, no pop up browsers and the dll files have stopped being created in /system32

    The problems I am left with are just not being able to access Add remove progs, and Users. Plus 'properties' in the right click menu on the desktop. The error is a MessageBox that says

    " Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.". Click OK and it disappears.

    I CAN access these if I boot in to safe mode. I have tried creating new users but they cant access the CP items in normal mode either.

    Just looking for suggestions...

    Very many thanks.
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,523


    It contains a program written by Rathat, and it is a Policy Controller.
    Save and extract this program to the desktop.
    Once extracted, click on the RatsCheddar.exe file.
    Enable everything, then click Exit
    Reboot your Computer.
  3. Unlikely

    Unlikely TS Rookie Topic Starter

    Thanks for the reply and info kimsland. Unfortunately it didnt fix my problem, but fortunately I remembered I had quarantined rundll32.exe with Comodo when the pc first got infected... it was that that was causing me to not be able to access the CP items... doh.

    One other thing is still happening that Im not sure about. I set Comodo into 'paranoid' mode, and it keeps saying whenever I run a program (not every time, but very frequently) that the program is trying to run winlogon.exe, should programs be trying to run that or might it be a sign that everything is still not right ?
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...