B
Bradley Hennon
User clicked on mypic.jpg.scr which is the PWS-Sagic Trojan that
hijacks user yahoo account info.
I can find zero evidence that the virus/malware is on the users
machine. There are no new items in any start up location and there are
no suspicious items running in the background. Nav scan, Mcafee Scan
finds no virus. Spy ware tools find the usual cookies but nothing that
point to the above infection.
The task manager and regedit have been locked out and when you try to
run either, the message is that "the administrator has restricted
them". The user is the administrator.
After logging in to the machine. I can doubleclick .reg files that i
created to edit the registry and unlock regedit and task manager.
However if I log off and log back in the symptoms are back. I also
changed the local policy for these items from do nothing to disabled.
If I QUICKLY log in, re-enable the task manager and see what is
running ... the only extra item is "userinit" This is part of windows
but what does it do?
I have tried logging on locally and to the domain with different
profiles. Same result.
I am ready to re-install windows.
Can anyone tell me how to determine what is locking out these items
during log on?
hijacks user yahoo account info.
I can find zero evidence that the virus/malware is on the users
machine. There are no new items in any start up location and there are
no suspicious items running in the background. Nav scan, Mcafee Scan
finds no virus. Spy ware tools find the usual cookies but nothing that
point to the above infection.
The task manager and regedit have been locked out and when you try to
run either, the message is that "the administrator has restricted
them". The user is the administrator.
After logging in to the machine. I can doubleclick .reg files that i
created to edit the registry and unlock regedit and task manager.
However if I log off and log back in the symptoms are back. I also
changed the local policy for these items from do nothing to disabled.
If I QUICKLY log in, re-enable the task manager and see what is
running ... the only extra item is "userinit" This is part of windows
but what does it do?
I have tried logging on locally and to the domain with different
profiles. Same result.
I am ready to re-install windows.
Can anyone tell me how to determine what is locking out these items
during log on?