Help needed fixing modified permissions in XP Pro SP1

D

Darren Garrison

I reboot the system after 7 days of running (because of a DVD-R problem
unrelated to this). When I reboot, the first sign of a problem is when I type a
folder location into Windows Explorer's Address bar, a window pops up saying
"access to resource X has been disallowed" (with X being any folder I try to
enter). Clicking on folders manually works, though.

Next problem-- I click on the "start" button, and the "run" and "shut down"
buttons are missing. Now I'm worried about a virus or something, so I
ctrl-alt-del to see what processes are running-- only to get a dialog box that I
don't have permission to run Task Manager. Then I see that Norton Firewall and
Norton Antivirus have not restarted, and in fact none of my autorun programs in
the tray are running. I quickly switch off my cable modem and think for a
while. I run a scan with Ewido antispyware and find a couple of executables
with malware in them that didn't set off alarms in Norton while it did work and
clean them. Even when I manually start Norton Firewall, it is switched off, and
when I try to turn it on, it tells me that I don't have permission.

I reconnected my cable modem just long enough to do some googling and came up
with a way to regain access to Task Manager and there aren't running now.malware
processes running now (unless they know how to hide from view). But I'm not
sure how to fix the rest of my problems.

Here's what I need to do:

Get the system to start giving me the Administator access that I'm supposed to
have, including

1) ability to type file locations into the Address bar in Windows Explorer
2) the "run" button on the "start" menu
3) the "shut down computer" button on the start menu
4) the ability to reactivate Norton Firewall
5) the ability to restore my startup programs

I have tried fixing these problems myself, but doing logical-sounding key-word
searches in the Regestry for "switches" that can be turned on is not getting any
luck so far.

If anyone can help with this, please do so.

The piece of malware that did this is possibly one named "Dropper.Agent.anl",
which the spyware program found in an executable that I have ran within the last
week. It also found ones called Dialer.ALifeDialer,
"Not-A-Virus.VirTool.Win32.AvSpoffer.a", "Worm.Drefir.e", "Worm.Brontonk.a", and
"Trojan.Proxcrak.A" (none of which set off alarms in Norton whenever I happened
to get them).
 
D

David H. Lipman

From: "Darren Garrison" <[email protected]>

| I reboot the system after 7 days of running (because of a DVD-R problem
| unrelated to this). When I reboot, the first sign of a problem is when I type a
| folder location into Windows Explorer's Address bar, a window pops up saying
| "access to resource X has been disallowed" (with X being any folder I try to
| enter). Clicking on folders manually works, though.
|

< snip >

Answered in; a.p.s

Please don't Multi-Post.
Please learn to Cross-Post to pertinent, On Topic, News Groups instead.
 
M

Mr. Arnold

Darren said:
I reboot the system after 7 days of running (because of a DVD-R problem
unrelated to this). When I reboot, the first sign of a problem is when I type a
folder location into Windows Explorer's Address bar, a window pops up saying
"access to resource X has been disallowed" (with X being any folder I try to
enter). Clicking on folders manually works, though.

Next problem-- I click on the "start" button, and the "run" and "shut down"
buttons are missing. Now I'm worried about a virus or something, so I
ctrl-alt-del to see what processes are running-- only to get a dialog box that I
don't have permission to run Task Manager. Then I see that Norton Firewall and
Norton Antivirus have not restarted, and in fact none of my autorun programs in
the tray are running. I quickly switch off my cable modem and think for a
while. I run a scan with Ewido antispyware and find a couple of executables
with malware in them that didn't set off alarms in Norton while it did work and
clean them. Even when I manually start Norton Firewall, it is switched off, and
when I try to turn it on, it tells me that I don't have permission.

I reconnected my cable modem just long enough to do some googling and came up
with a way to regain access to Task Manager and there aren't running now.malware
processes running now (unless they know how to hide from view). But I'm not
sure how to fix the rest of my problems.

Here's what I need to do:

Get the system to start giving me the Administator access that I'm supposed to
have, including

1) ability to type file locations into the Address bar in Windows Explorer
2) the "run" button on the "start" menu
3) the "shut down computer" button on the start menu
4) the ability to reactivate Norton Firewall
5) the ability to restore my startup programs

I have tried fixing these problems myself, but doing logical-sounding key-word
searches in the Regestry for "switches" that can be turned on is not getting any
luck so far.

If anyone can help with this, please do so.

The piece of malware that did this is possibly one named "Dropper.Agent.anl",
which the spyware program found in an executable that I have ran within the last
week. It also found ones called Dialer.ALifeDialer,
"Not-A-Virus.VirTool.Win32.AvSpoffer.a", "Worm.Drefir.e", "Worm.Brontonk.a", and
"Trojan.Proxcrak.A" (none of which set off alarms in Norton whenever I happened
to get them).

The machine is gone and you should wipe it out.

http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

You should practice safehex.

http://www.claymania.com/safe-hex.html

For a machine that has a direct connection to the modem, you should
harden the NT based O/S such as Win 2k or XP to attack as much as
possible, like remove the Client for MS networks, MS File and Print
Sharing off of the NIC as you have no need to be in a networking
situation with the machine on the Internet, along with other things
explained in the link.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

Duane :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top