Virus has disabled administrator access

G

Guest

I have a user that has picked up a virus or worm that has disabled the
control panel from any user that is logged on to the system in Windows XP SP2
(with all security fixes installed) running Symantec Corporate Edition 10.0
with current virus signatures. If I log in using the local administrator
account, I cannot open the control panel. I get a message saying that this
has been disabled, contact my local administrator. I cannot open the control
panel from the run command either. I cannot get into the add/remove programs
and I cannot disable the system restore to try to clean up some of these
virus files. Any ideas?

Thanks in advance,
Allen
 
M

Malke

Allen said:
I have a user that has picked up a virus or worm that has disabled the
control panel from any user that is logged on to the system in Windows XP SP2
(with all security fixes installed) running Symantec Corporate Edition 10.0
with current virus signatures. If I log in using the local administrator
account, I cannot open the control panel. I get a message saying that this
has been disabled, contact my local administrator. I cannot open the control
panel from the run command either. I cannot get into the add/remove programs
and I cannot disable the system restore to try to clean up some of these
virus files. Any ideas?

Thanks in advance,
Allen
Click to expand...

Since this is a corporate machine, I'd just wipe it and reapply your
image. It's the safest way to make sure the machine is clean.


Malke
 
G

Guest

Yes, this is a corporate machine. I prefer another method OTHER THAN the
shotgun method of reformat, reload. Because of the custom applications
installed on this workstation, it is not quite as simple as secretary's
system that only has XP, Office, and IE installed. Does anyone have a
workable solution to this issue?

Thanks in advance,
Allen Clark
 
E

Elmo

Allen said:
I have a user that has picked up a virus or worm that has disabled the
control panel from any user that is logged on to the system in Windows XP SP2
(with all security fixes installed) running Symantec Corporate Edition 10.0
with current virus signatures. If I log in using the local administrator
account, I cannot open the control panel. I get a message saying that this
has been disabled, contact my local administrator. I cannot open the control
panel from the run command either. I cannot get into the add/remove programs
and I cannot disable the system restore to try to clean up some of these
virus files. Any ideas?

Thanks in advance,
Allen
Click to expand...

- From a post by Doug Knox:

See http://www.dougknox.com, Win XP Utilities, Windows XP Security
Console. This restriction, and many others, can be controlled with this
utility.

- Or try some online virus scanners. Try one of these free online virus
scans:

This one has a choice of a Quick or a Complete check
http://www.pcpitstop.com/

Symantec
http://security.symantec.com/default.asp?productid=ssr&langid=ie&venid=sym

<url:http://security2.norton.com/us/home.asp?j=1&venid=sym&langid=us&plfid=20&pkj=IHBEXIBVEMBQAUWZKTK>
then click the Security check link.

http://housecall.antivirus.com/ free online virus scan

http://www.ewido.net/en/

Avast! has a boot scan that might get control of the malware before it
disables the av protection. Whether that would restore administrative
control, I can't say.

You might try an a/v newsgroup where more ideas can be suggested.
 
M

Malke

Allen said:
Yes, this is a corporate machine. I prefer another method OTHER THAN the
shotgun method of reformat, reload. Because of the custom applications
installed on this workstation, it is not quite as simple as secretary's
system that only has XP, Office, and IE installed. Does anyone have a
workable solution to this issue?
Click to expand...

No image? Consider making one after you get this sorted. The problem is
that you don't have the administrative privileges you need so you will
have to try to clean up the machine outside of Windows, at least to the
point where you regain control over the machine. This can be done by
slaving the hard drive in a working XP machine and scanning from there
or by booting the original machine with a Bart's PE that you've made and
scan with virus/malware-removal tools from the Bart's. The latter is
preferable because it avoids the possibility of the host machine
becoming infected.

Once you have the machine pretty well cleaned up outside of Windows, you
can put the drive back in the original machine (if that's the way you
did it) or boot into Windows and continue cleaning first-hand so to
speak. Make sure you don't have that machine on your corporate network
until you know it is completely clean.

General malware removal:

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to
do all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://pcdid.com/Multi_AV.htm - download

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).


Malke
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Task manager disabled, among other things 5
Tweakui has been disabled by your administrator ! 3
XP Restrictions - can't open Control Panel 4
Control panel issue 2
Had a trojan - no longer have administrative rights 1
Missing Administrator rights 1
DOWNLOADED VIRUS THAT WILL NOT LET ME ACCESS CONTROL PANEL 4
Operation has been cancelled due to restrictions in effect..... 7

Top