Jump to content
Sign in to follow this  
tb40nd

Cleaned Up Malware NOW can't access CP, Syst. Propert., Add/Remove

Recommended Posts

Hello all, I have a terribly frustrating problem with this Dell notebook after using Combofix, SmitFraudFix, and Fixwareout to clean up a host of malware problems.

 

Although all the infections seem to be cleaned I now am unable to access...

 

control panel

usb drives

system properties / device manager

add/remove programs

firewall settings

 

...and these are just the ones that I can remember off the top of my head. I was also locked out of the registry editor AND task panel but found registry fixes for those two.

 

This is on a Dell notebook running WinXP Home with SP2 and using an Administrator account.

 

Any help would be greatly appreciated!

 

RTBrooks

Share this post


Link to post
Share on other sites

Hi RTBrooks,

 

Welcome to the Pit. :)

 

I would suggest you have a look at these links:

 

http://www.techspot.com/vb/topic70127.html

 

http://www.2-viruses.com/smitfraudfix-tutorial.html

 

The following link was posted as a fix for Fixwareout:

 

07/29/2004

Click this link & scroll down to XP_FIX.EXE

http://www.visualtour.com/downloads/default.asp

 

XP_FIX.EXE

(140 Kb)

This installaton program will reinstall the missing or corrupt Windows XP system files command.com, autoexec.nt and config.nt. The absence or corruption of one or more of these files causes a "16 Bit Subsystem" error.

We recommend that you download this file and save it to your desktop or to another location where you can find it. Double click on the file to run it once it's downloaded. If problem reoccurs in the future, simply re-run this program.

 

I have never used it so I can't comment on how good it works.

 

Let us know how you get along please.

 

Regards,

 

Hawk :b33r:

Share this post


Link to post
Share on other sites

Hi RTBrooks,

 

Welcome to the Pit. :)

 

I would suggest you have a look at these links:

 

http://www.techspot.com/vb/topic70127.html

 

http://www.2-viruses.com/smitfraudfix-tutorial.html

 

The following link was posted as a fix for Fixwareout:

 

07/29/2004

Click this link & scroll down to XP_FIX.EXE

http://www.visualtour.com/downloads/default.asp

 

XP_FIX.EXE

(140 Kb)

This installaton program will reinstall the missing or corrupt Windows XP system files command.com, autoexec.nt and config.nt. The absence or corruption of one or more of these files causes a "16 Bit Subsystem" error.

We recommend that you download this file and save it to your desktop or to another location where you can find it. Double click on the file to run it once it's downloaded. If problem reoccurs in the future, simply re-run this program.

 

I have never used it so I can't comment on how good it works.

 

Let us know how you get along please.

 

Regards,

 

Hawk :b33r:

 

thanks for the reply hawk!

 

i would love to run these programs however i am basically limited to correcting these things via the registry as i can't access any of the usb drives that i have when i connect them to the notebook. whenever i try to access a usb drive (or control panel or device manager or system properties etc) i get the same error message...

 

Restrictions

 

This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.

 

...and as i said before, i am using the administrator account. this happens in safe mode as well.

 

would there be a way to restore access to these areas via the registry? it seems as though the malware disabled a bunch of settings in group policy or something.

 

if i could at least access my usb drives i could move forward with your initial instructions.

 

oh yeah, i also tried making a data cd but whenever i click on the cdrom i don't get an error message but it never opens the drive.

Edited by tb40nd

Share this post


Link to post
Share on other sites

Try Kellys Corner.

Many tweaks and repairs, a lot of which are reg. entries.

#256 (about 2/3 down the page) looks promising to start with. I haven't tried it, but have seen referrals to the site from respected members at another forum. Often the referred fixes reportedly did the job, or helped make the job do-able.

Share this post


Link to post
Share on other sites

okay Hawk, i think i spoke too soon. after restarting the notebook a second time some of the fixes in xp_fix did actually take hold. i was able to open add/remove programs again for one. i'm not sure what all else was fixed by the xp_fix b/c as soon as i saw add/remove open up and then applied the control panel tweak from kellys korner suggested by markjoy and i am now able to access everything!

 

so thanks so much m8! this was giving me the blues until you all lent me a hand - thank you!

 

Try Kellys Corner.

Many tweaks and repairs, a lot of which are reg. entries.

#256 (about 2/3 down the page) looks promising to start with. I haven't tried it, but have seen referrals to the site from respected members at another forum. Often the referred fixes reportedly did the job, or helped make the job do-able.

 

thanks a bunch to you too markjoy as i think between the xp_fix and the controlpanel regfix from kellys korner (a place i have visited often over the years and yet forget to bookmark for whatever reason) as these were the only two things i have done tonight to the notebook and EVERYTHING is accessible again now.

 

i mean i couldn't even right click on the desktop and go to properties to access the display properties along with all the other things i mentioned earlier so thank you all so much!

 

i've been a member at pcpitstop for many years but it says i'm a new member for some reason? did they purge the old server or something as i notice it's gotten an nice facelift since i visited last.

 

all the best to you two!

Share this post


Link to post
Share on other sites

okay, i spoke too soon :pullhair:

 

i still can't access my cdrom OR any of my usb removables!

 

can someone please help me with this and i'll be out of your hair.

 

tia.

Share this post


Link to post
Share on other sites

Also at kellys korner, IIRC there are fixes to enable device manager, with which you might be able to access the USB hub, and I think to restore the CD drive.

 

i think i did exactly what you were telling me to last night. i deleted the cdrom in device manager and upon restarting the cdrom drive was accessible again.

 

i'm about to check on the usb now but i think it will probably be the same as i get the same error when trying to access anything on either of the flash drives i plug in.

 

i'll post back with the results

 

thanks some more mark

Share this post


Link to post
Share on other sites

okay, deleting the cdrom entry in device manager worked perfectly but it didn't work at all on the usb flash drives.

 

the funny thing is when i connect a usb external hard drive it's accessible but the flash drives come up ACCESS DENIED everytime and i've tried two different flash drives.

 

anyone have a clue as to what's happening here?

 

while in device manager i deleted all the usb controllers and the generic storage device but after restarting and letting everything reinstall the flash drives are still giving the ACCESS DENIED error.

Share this post


Link to post
Share on other sites

Sorry, tb40nd, I can only guess at this point, have no experience or knowledge of how to proceed.

If it was me I'd restart in safe and see if access was possible, try and find the application in windows explorer with a view to re-set the permissions, or try and find something that would do the trick at KellysKorner, or use a registry tool to try and find the problem.

Or I'd ask here, or another forum, and hope someone a bit more skilled than me would post an executable that would fix the computer when run, along with curing cancer, creating world peace, ending hunger....

Good luck.

Share this post


Link to post
Share on other sites

tb40nd, you may think you've cleaned up all the malware, but you may have some left.

 

Please follow these instructions and we'll try get rid of the rest of malware you have:

 

Download HijackThis! from here:

http://www.merijn.org/files/hijackthis_sfx.exe

 

Double click HijackThis_sfx.exe and select Unzip. When done click "OK".

Close the WinZip self Extractor window. You can now delete HijackThis_sfx.exe.

 

Navigate to C:\Program Files\HijackThis and double click HijackThis.exe. Click "Do a system scan and save a logfile" then post the new log

 

Start a new topic in our HJT forms

http://forums.pcpitstop.com/index.php?showforum=25

 

Copy and paste the HJT log from notepad in that new topic

 

Please be patient as we have a lot of people with malware infections

and all of our HJT Trusted Advisors work on many

forums :adios:

 

DO NOT post your HJT log in this

thread

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...