Spread the love! TechSpot Tech Gift Shortlist 2017

Permissions Hostage! College Student in Desperate Need

By Ryyy ยท 5 replies
Oct 23, 2009
  1. Hello all. I have been lurking these forums for quite sometime now and never came around to actually signing up until now. I am here desperately asking for some advice or assistance with my computer that has been taken hostage by some sort of virus.

    I was doing my normal SUPERanti-virus scan when all of a sudden it froze. Alt\ctrl\dlt was not working so I just hit the power button on my tower. When I booted up, all hell broke loose.

    I tried to restart my program but it said that I did not have permission to run the program. I tried my other program (Malware Remover) and it did the same thing. I restarted the computer in safe-mode and signed in under the Administrator and it still had the same result. I went into my user permissions and I noticed there was a new user named something like, "Unknown User S-1-2-3-4" (the 1234 is not correct but it was just random numbers as the name). I tried to delete the user but it said that it was inheriting another users permissions and I could not delete until I took them away. I tried to by clicking DENY on all of the boxes, but it seems to just re-vert every time I press apply.

    Also, there is some fake anti-virus alerts from a fake program that keep popping up. At first it looks real, but I realized that I have never installed this program on my computer before.

    I've been trying to install other programs via USB memory stick but they either crash out during the middle of install, or fail to open after installation.

    I am desperately in need for help and I do not want to take my computer to a store to try to get fixed. College student budget has no room for something like this to spend on. I have about 5 papers that I have been working on and I do not wish to delete everything from my drive and re-install windows.

    Any suggestions?

    Windows XP
    Service Pack 3
  2. raybay

    raybay TS Evangelist Posts: 7,241   +10

    Can you boot in <SAFE MODE> then run MalwareBytes from there as a start. You will have to download it first. I don't think SuperAntiSpyware will work in SAFE MODE, but other scans will, and that will give you a start into cleaning up your system.
  3. Ryyy

    Ryyy TS Rookie Topic Starter

    I tried to do that but it had the same result in saying I do not have the right permissions.

    It does that even for my task manager as well!

    I just tried to reinstall Malware.

    It installed fine but when I go to scan my computer, the program automatically exits!
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Welcome to TechSpot, Ryyy. Maybe I can help you with the permissions. Chances are the malware has locked you out, but it's worth a try.

    You'll have to download this on the flash drive and install on the problem computer, so adapt the 'save' instructions::

    FixPolicies.exe from Bill Castner:
    • Download FixPolicies by Bill Castner and save to your desktop
    • Double click on FixPolicies.exe to run it.
    • Click on Install. It will create a folder named FixPolicies on your desktop.
    • Open the FixPolicies folder.
    • 5Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly; this is normal.

    When you have finished, reboot the computer- see if it resolved the permission problem so you can run the appropriate scans.

    There is also a File Management download here to take ownership of a file:
    File Security Manager

    If neither of these is effective, try to get a scan with the antivirus program so I can see what we're working with.
  5. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +184

    Hi Ryy

    In addition to Bobbye's advice, here's some additional info/instruction to (at least in part) help fix what you're seeing

    > Windows accommodates us humans with user-friendly userid strings (like johndoe)
    > But internally Windows uses something called Security Identifiers (SIDs)
    > Windows maps each userid to an SID
    > You're seeing an SID (like S-1-2-3-4) which doesn't map to any user id (so Windows displays the SID for Unknown User)
    > This can occur for different reasons tho in your case probably a side affect of the infection

    You need to "take back ownership of the files and folders you can't access - and things which have an Unknown User ID) See How to take ownership of a file or a folder in Windows XP
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Thank you LookinAround.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...