Re: No System Restore/no Defrag/No adminstrator rights.


"Jose" <jose_ease@xxxxxxxxx> wrote in message
news:c90b951b-c774-4f4c-829f-505b704c61bd@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Aug 15, 10:29 am, "antioch" <anti...@xxxxxxxx> wrote:
"Paul" <nos...@xxxxxxxxxx> wrote in message

news:h656co$t6b$1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx





antioch wrote:
WIN XP SP3 - OE6, IE6
Yet to get round to this months Black Tuesday updates.

Having spent quite a bit of time over the last couple of days, cleaning
the machine of 'nasties' {see post 11 Aug - Strange Start-up}. Problems
have somewhat increased.
I have done three scans with three different pieces of software -
Malwarebytes, Superantispyware, Spybot S & D, plus my ISP's in-house AV
and antispy.
At the last pass earlier today, nothing was found by any of them. I
have
not yet done an HJT - thought I would post first in case there are
other
ways and means.

I have now discovered that I no longer have Admin permission etc for
what
appear to be very minor actions, when one considers what I have been
trying to do as set out below. I tried to DL an update and save to disc
which it would let me do - I was hoping that a Restore Point might have
been placed in System Restore.

However, I have also discovered since the last scans, that I cannot
Defrag - cannot reset System Restore{I have gone through the whole of
this - most of which did not work}
http://bertk.mvps.org/html/srfail.html

I am rather at a loss now as to which course to take.

I cannot even get into Safe Mode with F8 - all I get is the Boot
choices.
From the above link, the last two things to try are -

a.. If System Restore fails at this point, reinstall System Restore.
a.. If all else fails perform a Repair Install.

I am rather at a loss now as to which course to take.

I appreciate that I have not fully given full details of what I have
done
etc, but this post could have gone on and on.

Rgds
Antioch

You can run a scan for malware with this.

ftp://downloads2.kaspersky-labs.com/devbuilds/RescueDisk/

kav_rescue_2008.iso 116896 KB 7/20/2009

Download the file. Burn a CD with it. I used Nero to parse
the ISO9660 file and burn a bootable CD with it.

When the CD boots, the first thing the "kav" program does, is
update the virus definitions. I make sure the computer is
able to make connections via DHCP, before booting the CD.
That way, the Gentoo Linux environment on the CD, is able
to use DHCP to get an IP address, and connect to the
Kaspersky server. (If your ADSL modem is logged out,
then "kav" won't be able to update the virus definitions.)
There is no web browser on the CD - the CD is very basic
and has limited onboard tools.

Once the virus update is downloaded, you can select the disks
to scan from the menu. The drive letter labeling isn't exactly
the same as in the Windows environment, so be careful you're
selecting the correct partition to scan. (Partitions are lettered
in sequential order, by scanning the partition table, and may not
match your Windows lettering scheme.) You can scan all the partitions
if you want. Based on experience, I leave this running
overnight, as it takes a lot longer than it should.

The initial scanning is quick enough, but it doesn't take too
long, before the program becomes more lethargic. Which is why,
if your partitions are very big, this scanning takes forever.

On my last test run, I tried downloading the EICAR test file,
just to make sure the scanner has at least one thing to detect.
And indeed, the scanner responded to this. EICAR is a benign
file, intended to test whether scanning software is
actually doing anything or not.

http://en.wikipedia.org/wiki/Eicar_test_file

One of the minor irritations with this rescue CD, is the
CD must stay in the drive. There is a way to get around this.
When the CD starts to boot, there is a boot prompt. You must
start typing immediately. Type at the boot prompt -

rescue docache

What that does, is copies the contents of the CD to RAM.
The CD is only 116896 KB, so most modern systems should
have room to fit that into RAM.

Using the menu on the lower left, open a terminal window.
Identify the mount point of the CDROM. I don't remember
the exact name, but it could be something like "/mnt/cdrom"
or the like. From the prompt in the terminal, type
"umount /mnt/cdrom". Now, press the eject button on the
CDROM tray - the tray should open, if the umount succeeded.
*Very quickly* remove the CD. The drawer will close automatically
in a matter of seconds. I don't know why it is set up that way,
but be careful not to jam your newly made CD in the drawer. I
don't think the environment has an "eject" command, so I couldn't
use that command.

The above allows a scan to be conducted, without WinXP running.
It is one more weapon in your tool belt.

HTH,
Paul

Hi Paul
Many thanks for your reply/suggestions.
At the moment, my CD/DVD Rom and/or Nero is playing up as well - so might
have to got out-of-house to handle your suggestion - does not help with
doing a backup and burning with no Admin permission does not help either.
I have done the on-line Symantec but had not thought about Kaspersky.
A lot of what you have suggested is above my comprehension, but I can
follow
certain instructions.
If the computer remains stable enough for long enough, I will have a go.
But at the end of the day, a fresh install may be the quickest solution.

Rgds
Antioch

Some of your issues sound like malicious software infections or the
remnants after they are removed. Sometimes these things are not too
hard to resolve.

First, establish a reasonable troubleshooting base if you can still
get on the World Wide Web.

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

Then pick one problem at a time ad fix it - I doubt you will come
across one magic bullet here.


Hello
Please read my original post -

Agreed - I think I now have cleaned the system - damage is left.
All four scanners are being done twice a day and so far nothing found for
the last 2 days.

I have not had any problems browsing - so far nothing has been happening -
well
yesterday was the first time - managed to DL and install all the Black
Tuesday updates. Could not burn to disc though - needed admin permission,
but could save to desktop - which seems a bit daft.

MBAM/SAS are permanent features on my system - see orig post.

I am now working on each bit of 'damage' left - no System Restore[even the
install of the updates produced nothing, and they have stuck] - minor admin
permissions for certain functions - cannot defrag - cannot get into safe
mode[F8].

I am browsing and looking through saved troubleshooting stuff and compiling
what help I can find - I am concentrating on the System Restore first.

As yet I have not done an HJT as IE6 seems stable.

Thanks for your interest in my post.

Rgds
Antioch





.

Loading