Need Vius Help BADLY!

[The Magician]

Downloaded a file thru Shareaza that was supposed to be a game crack.
(yeah, yeah...I know...BAD me...but I need HELP please, not lectures)
It was a "No Cd crack.exe" and I scanned it for viruses and it came up
clean. I clicked it, and about 5 more exe's extracted with names of
various games. Something seemed fishy, and I was a bit suspicious so I
deleted them all (At least I was pretty sure I deleted them all) ...but
afterward rebooted ...and then noticed my McAfee and ZoneAlarm didn't
start at bootup. When I tried to manually run those apps thru start menu
and direct clicking on the exe files for them, I got an error message
stating:
"Operations has been cancelled due to restrictions in effect on this
computer. Please contact your system administrator."
In a panic I tried use System Restore about 3 times at dfferent time
periods with no luck...it wouldn't restore.
I tried to run msconfig and got the same message as above about
restictions, etc.
Looking around I went into Control Panel and saw a McAfee icon and ran
that. It turned on McAfee, so I downloaded some updates, and all of a
sudden McAfee found some viruses. The original 5-6 "crack" files I
downloaded. I tried cleaning and quarantining...but it only let me delete
them...so I did.
I ran my AdAware afterward, found a few spyware thingys, and deleted
them...then ran a full McAfee virusscan.
It found 2 vuruses called "W3/Generic.b@mm"
Both in the C:\_Restore folder:

C:\_Restore\Temp\A0071580.cpy
and
C:\_Restore\Archive\FS296.cab
But when all was said and done, and scanned...it wouldn't clean,
quarantine OR delete them.
I tried manually...but didn't work.
I remembered one time for some reason needing to turn off System Restore,
and reading that doing that would get rid of previous restore points.
So I tried that.
The folders are still there...but all the files inside, especially the
onesthat McAfee came up with...are gone.
BUT...when I try to reboot...Zone Alarm & McAfee still don't startup and
when I try to manually start them... still get the above message of:
"Operations has been cancelled due to restrictions in effect on this
computer. Please contact your system administrator."
(msconfig still gets the same when I try to run that too)
Systray doesn't even come on at startup and I don't get a volume control.
After McAfee deleting the original viruses, and disabling System restore
got rid of the infected files there...
Two questions...
Do you think my virus worries are over and I deleted them...?
And how the HELL do I turn ZoneAlarm, McAfee, and msconfig back on and
change that damn "System Administrator" lockout thing???
The problem seems to be no longer a virus...as it is getting the
abovementioned startup programs to work again.
Thanks ever so much if you can help!!!
The Magician



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"The dumber people think you are...
the more surprised they're going to be
when you kill them."
-William Clayton

 

[YK]

Downloaded a file thru Shareaza that was supposed to be a game crack.
(yeah, yeah...I know...BAD me...but I need HELP please, not lectures)
It was a "No Cd crack.exe" and I scanned it for viruses and it came up
clean. I clicked it, and about 5 more exe's extracted with names of
various games. Something seemed fishy, and I was a bit suspicious so I
deleted them all (At least I was pretty sure I deleted them all)
...but afterward rebooted ...and then noticed my McAfee and ZoneAlarm
didn't start at bootup. When I tried to manually run those apps thru
start menu and direct clicking on the exe files for them, I got an
error message stating:
"Operations has been cancelled due to restrictions in effect on this
computer. Please contact your system administrator."
In a panic I tried use System Restore about 3 times at dfferent time
periods with no luck...it wouldn't restore.
I tried to run msconfig and got the same message as above about
restictions, etc.
Looking around I went into Control Panel and saw a McAfee icon and ran
that. It turned on McAfee, so I downloaded some updates, and all of a
sudden McAfee found some viruses. The original 5-6 "crack" files I
downloaded. I tried cleaning and quarantining...but it only let me
delete them...so I did.
I ran my AdAware afterward, found a few spyware thingys, and deleted
them...then ran a full McAfee virusscan.
It found 2 vuruses called "W3/Generic.b@mm"
Both in the C:\_Restore folder:

C:\_Restore\Temp\A0071580.cpy
and
C:\_Restore\Archive\FS296.cab
But when all was said and done, and scanned...it wouldn't clean,
quarantine OR delete them.
I tried manually...but didn't work.
I remembered one time for some reason needing to turn off System
Restore, and reading that doing that would get rid of previous
restore points.
So I tried that.
The folders are still there...but all the files inside, especially the
onesthat McAfee came up with...are gone.
BUT...when I try to reboot...Zone Alarm & McAfee still don't startup
and when I try to manually start them... still get the above message
of: "Operations has been cancelled due to restrictions in effect on
this computer. Please contact your system administrator."
(msconfig still gets the same when I try to run that too)
Systray doesn't even come on at startup and I don't get a volume
control. After McAfee deleting the original viruses, and disabling
System restore got rid of the infected files there...
Two questions...
Do you think my virus worries are over and I deleted them...?
And how the HELL do I turn ZoneAlarm, McAfee, and msconfig back on and
change that damn "System Administrator" lockout thing???
The problem seems to be no longer a virus...as it is getting the
abovementioned startup programs to work again.
Thanks ever so much if you can help!!!

If all else fails, get HijackThis from the following site and follow the
advice. You need to post your HijackThis log into the forum so that the
experts ther can look at it.
http://www.tomcoyote.org/hjt/

From one one of the MS newsgroups: Note: most of this applies to IE
though.
The problem may be due to:
1. A spyware. Download Ad-Aware from www.lavasoftusa.com, scan the system
and eliminate the malware products. Re-apply the above fix if necessary.
** Remember to update the pattern file using WebUpdate in Ad-Aware **

( Caused by a malware called CoolWebSearch. Also, Download:
http://www.spywareinfo.com/~merijn/files/cwshredder.zip ) and unzip it and
run the CWShredder.exe then remove what it finds.

2. You have enabled SpyBot immunize (protection) feature or any other
similar software. Also, disable the following features:
"Lock IE start page against user changes"
"Lock IE control panel against opening from within IE"

More Information:
Internet Explorer Control Panel Restrictions:
http://www.winguides.com/registry/display.php/797/

 

[The Magician]

Ran McAfee after deleting the viruses, ran Adaware, and Hijack This...
For all intents and purposes...can't find anything suspicious anymore.
But somehow due to viruses...ZoneAlarm, MSCONFIG, McAfee won't run.
McAfee only runs from Control Panel icon.
Internet Explorer is fine.
Somehow these things got "misconfigured" and are somehow "blocked" out
and restricted, and won't comer on anymore at startup or otherwise.
Says see "System Administrator".
Who is that...ME right...?
It's MY machine...I'm not on a network.
So how would the "System Administrator" take the restrictions off...?
I don't get it...
Any other ideas...?
Thanks again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"The dumber people think you are...
the more surprised they're going to be
when you kill them."
-William Clayton

 

[nicky]

Ran McAfee after deleting the viruses,

disable system restore, reboot. Run McAfee again if you're sure its working
(it may not be from your description), or do an online scan like Panda's
Active Scan ( google for it there are many other free online scanners as
well you might want to try instead) see what that throws up. Quarantine or
delete the files alerted as being infected.

Once you are totally sure you are virus/worm free then you can enable system
restore again. You must keep your AV updated for new virus definitions and
try to keep away from dodgy downloads.

Nicky

 

[Ben Myers]

You may need to edit the registry. Find and delete "RestrictRun" in the
following registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

If you can find no other way to delete this value or restore a previous
registry, download
http://benjmyers.home.mindspring.com/public/runfix.inf
and save it on the problem computer as "c:\runfix.inf". Then click
"Start", "Run", type or paste

RUNDLL32 SETUPX.DLL,InstallHinfSection DefaultInstall 4 c:\runfix.inf

into the "Open" box and click "OK". Then restart the computer. If this doesn't
help, please repost with more information, including the operating system of the
affected computer.

Ben

 

[YK]

Ran McAfee after deleting the viruses, ran Adaware, and Hijack This...
For all intents and purposes...can't find anything suspicious anymore.
But somehow due to viruses...ZoneAlarm, MSCONFIG, McAfee won't run.
McAfee only runs from Control Panel icon.
Internet Explorer is fine.
Somehow these things got "misconfigured" and are somehow "blocked" out
and restricted, and won't comer on anymore at startup or otherwise.
Says see "System Administrator".
Who is that...ME right...?
It's MY machine...I'm not on a network.
So how would the "System Administrator" take the restrictions off...?
I don't get it...
Any other ideas...?
Thanks again.

I have an old IBM ThinkPad 200MHZ MMX system running WinME. It started
doing strange things and became *very* slow. No matter what I
tweaked/cajoled/deleted it was still slow. I backed up all imporant data
and FDISK removed all partitions and enabled them. I then reinstalled WinMe
and applied all MS fixes and after many reboots and insuring I was
completely up to date with my Kerio firewall and AVG anti virus the system
was *almost* as quick as my AMD 1800+ WinXP Home system. It took about 1/2
day but I am on HS cable Internet. Still took a bit of time to install
my applications I use but the speed gained is well worth it.

BTW, I would never run any McAfee, Norton, ZoneAlarm product as they are
huge system resource hogs IMHO.

 

[Manny]

Were you referring to your Windows ME machine? I run both Norton A-V and Zone
Alarm Pro on XP Home, and just for kicks I turned the automatic updaters on
both. If I'm reading Task Manager right, CPU usage varies from 0-2% with a lot
of other programs running, and the combined security programs of Norton and ZA
use less than 18 M RAM. I have 500 M RAM on my machine. Not sure that I would
call that resource hogging if I'm counting correctly.

Manny

 

[The Magician]

You may need to edit the registry. Find and delete "RestrictRun" in the =

following registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Expl=
orer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Exp=
lorer
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Ex=
plorer

OK...Ben...you seem to be a genius!
How did you know those things would be there...?
Do you work for a VirusScan company...do you write viruses...?
Anyhoo...I only saw only two entry in I believe...
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
\Explorer
and
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies
\Explorer
(I could be wrong about exactly which two...short term memory probs.)
But at any rate...one registry section had something similar to what you
described. Only it wasn't a single entry...it was a whole FOLDER full,
called "DisallowRun". Inside were a TON of things like Zonealarm.exe,
BlackIce.exe, msconfig.exe, etc.
Seemed like it was some kind of "preventative list of executables" of
various virus sniffing things, firewalls, etc.
I held my breath and deleted the whole folder.
Quite magically...the other entry seemed to disappear imn the other HKEY
thing.
Now...Zonealarm runs, MSCONFIG runs, McAfee runs...but still won't come
on at startup no matter how I try to tweak it...and my volume control
doesn't come up on my taskbar. (even tho it's checked of to do so.)
AND...I noticed "systray" no longer is in my startup list or runs when I
bring up task mgr.
You are AMAZING!
And I'm HALFWAY back to getting normal.
But how can I get the above mentioned things starting up again at bootup?
Also, was gonna try to use your second thing...but don't really
understand your description of what to do.
See your advice below:

If you can find no other way to delete this value or restore a previous
registry, download
http://benjmyers.home.mindspring.com/public/runfix.inf
and save it on the problem computer as "c:\runfix.inf". Then click=20
"Start", "Run", type or paste

RUNDLL32 SETUPX.DLL,InstallHinfSection DefaultInstall 4 =
c:\runfix.inf

into the "Open" box and click "OK". Then restart the computer.

Am I to cut and paste that whole thing AS IS into "Run"?

"RUNDLL32 SETUPX.DLL,InstallHinfSection DefaultInstall 4 =
c:\runfix.inf"

I don't understand?
Could you please explain?
Thanks EVER so much for saving me a whole lotta headache of reformatting
my whole machine, and reinstalling everything!!!
Your a LIFESAVER!!!
But could you please just talk me thru getting the rest of the stuff
going.
Thanks Ben!

eddie

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"The dumber people think you are...
the more surprised they're going to be
when you kill them."
-William Clayton

 

[The Magician]

You may need to edit the registry.

OK...Update...
Couldn't figure out what you meant with that whole regfix thing...
BUT...screwed around with a registry editor in a program I have called
Tuneup Utilities, and somehow added systray, and the other components of
McAfee I had remembered that were in my startup list.
Only thing is... I wasn't sure which registry folders they should be
in...

All Users
Run
Run Once
Run Services
Run Services Once

Current User
Run
Run Once

I don't get all that registry stuff...it scares the beejeezuz outta me
just to mess with it.!
But I again held my breath and decided to give it a whack.
I noticed some system tray things were coming up later, slower and in a
different order than did before.
(I really don't have a single CLUE as to which folders are for what,
etc..)
So I kinda jockeyed around systray and McAfee's components, and a few
other things, and put them in All Users/Run etc. and things now kinda
seem fine, and back to normal...
(I think...GOD I hope...!)
Thank you SOOOOO SO much for your help Ben.
I wish I had half the knowledge & insight you've displayed here!
Thanks buddy!
eddie

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"The dumber people think you are...
the more surprised they're going to be
when you kill them."
-William Clayton