Trapped by MS Security

[Maurice]

Working with Vista Ultimate. [Toshiabe A40 Laptop with 2.66 Ghz processor,
2Gb memory] Worked exceptionally well until this day. Noticed a red security
alert icon on the tray. From that point on I could click on nothing witout
generating access denials. No apps, Internet, etc. Logged out of my
standard account for the administrator and find virtually the same access
denials. Apparently, I do not even have the right to shut down/restart.
Nothing new was configured this day. Safe mode won't allow anything... even
the event log. Strangely, I do have access to the services and can change
them. Don't want to make things worse. Upgrade from XP Pro was about one
month ago and did not get around to a restore point. Guidance sought

 

[Peter Foldes]

Maurice

You are probably infected with some sort of malwaye

The following is copied from a post from Malke MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

<snip>

Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html
or here Malwarebytes malware removal guides - http://tinyurl.com/5xrpft

If you are infected with XP Antivirus or Antivirus 2009/10, here are removal
steps:

http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009
http://www.bleepingcomputer.com/forums/topic154529.html (earlier versions)

Removal instructions for Antivirus 2010:
http://www.malwarebytes.org/forums/index.php?showtopic=6703

Removal instructions for Antivirus 2009:
http://www.malwarebytes.org/forums/index.php?showtopic=5178

These may work for you and all may be well. However, in many cases the
computer will also be infected with Zlob and/or Vundo trojans and protected
by a rootkit. These machines are extremely difficult to clean.

If your machine is one of these cases, either get guided help at one of the
specialty forums below OR back up your data and do a clean install of
Windows. It is your choice. If you are unsure how to back up your data or
how to do a clean install, you can take your machine to a local computer
professional. I don't recommend using BigComputerStore/GeekSquad types of
places.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7


<end snip>

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

Working with Vista Ultimate. [Toshiabe A40 Laptop with 2.66 Ghz processor,
2Gb memory] Worked exceptionally well until this day. Noticed a red security
alert icon on the tray. From that point on I could click on nothing witout
generating access denials. No apps, Internet, etc. Logged out of my
standard account for the administrator and find virtually the same access
denials. Apparently, I do not even have the right to shut down/restart.
Nothing new was configured this day. Safe mode won't allow anything... even
the event log. Strangely, I do have access to the services and can change
them. Don't want to make things worse. Upgrade from XP Pro was about one
month ago and did not get around to a restore point. Guidance sought

 

[Andre Da Costa]

Definitely sounds like malware as Peter notes. Follow the recommended
instructions and download RRT to repair the group policy restrictions
residue that might still exist after removing the malware.

 

[Mick Murphy]

Download and save Spybot Search & Destroy, and Malwarebytes setup.exes to a
Flash Drive/memory Stick on the computer you are using to get here.

Then boot the problem Vista computer into "Safe Mode with Networking"
Install them from FD, update, and scan while in that Mode.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

If unable to install above Programs in Normal Mode:
Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating
Programs to remove them.
If that happens, reboot into Safe Mode with Networking, and install, update
and scan from there.

 

[Maurice]

Much thanks for your informative respsonse. I found this account while in
safe mode with networking. Unchecked the account disabled box. My concern
is that if rebooted, an administrator account is supposed to have a
password... one could not be established on this account panel. Also know
that malware bytes was installed from safe mode. Only two instances of
adware was found and did not remove what I believe to be the main problem...
In the tray, the security center icon is red and launches the ballon: "The
security center service is not running" Following the advice to click this
balloon only generates some hard drive activity but nothing develops. As a
safemode user, virtually nothing can be launched. Access and permissions
warnings are generally the message yet as safemode administrator, I am online
writing this message and other things such as viewing the services in
administrative tools. I found that booting to last known good configuration
gave me the same limitations as a user in safe mode. How can an I reboot to
an administrator account without first setting a password? Continued
guidance sought.

Working with Vista Ultimate. [Toshiabe A40 Laptop with 2.66 Ghz processor,
2Gb memory] Worked exceptionally well until this day. Noticed a red security
alert icon on the tray. From that point on I could click on nothing witout
generating access denials. No apps, Internet, etc. Logged out of my
standard account for the administrator and find virtually the same access
denials. Apparently, I do not even have the right to shut down/restart.
Nothing new was configured this day. Safe mode won't allow anything... even
the event log. Strangely, I do have access to the services and can change
them. Don't want to make things worse. Upgrade from XP Pro was about one
month ago and did not get around to a restore point. Guidance sought

See if you can activate the built-in hidden account and trouble shoot
with it. The Administrator account could still be disabled when
activated. So, you'll need to goto Control/Panel/Admin Tools/Comp
Management/Local users and groups/right-click the user
account/Properties to enable the account to make it show so that you can
login with it.

<http://www.howtogeek.com/howto/wind...idden-administrator-account-on-windows-vista/>