lost administrator rights to virus
client got a virus. He is on Win 7. Now when I try to install malwarebytes or use any other antivirus software (besides Microsoft Security Essentials) it tells me I need admin rights. I am logged in as admin.
Tried creating a new user but won't let me.
Also tried safe mode. Same problem.
There is a hijack software called Register RegCleanPro that is asking for money.
How can I get my admin rights back to I can remove this thing.
I did try killing it in the task manager but it comes back and never to I get the admin rights.
Can't roll back the registry either because of the same admin rights problem.
Tried creating a new user but won't let me.
Also tried safe mode. Same problem.
There is a hijack software called Register RegCleanPro that is asking for money.
How can I get my admin rights back to I can remove this thing.
I did try killing it in the task manager but it comes back and never to I get the admin rights.
Can't roll back the registry either because of the same admin rights problem.
ktaczala
install Hard drive in another pc as second drive run A/V tools against it. if you can get rid of the files, then you may be able to boot it and access registry. Then run A/V tools on it again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.bleepingcomputer.com/forums/t/79211/how-to-remove-registry-cleaner-25-removal-instructions/
the key being the tool smitfraud.
putting the drive in another computer is often a good way of getting rid of most viruses - however registry edits and dns redirects can still be in place.
reimaging/formatting is a solution to getting rid of the virus - but it should be a last resort as you will either lose so many important settings, software etc or when you try and copy your data first you may end up copying the virus also.
the key being the tool smitfraud.
putting the drive in another computer is often a good way of getting rid of most viruses - however registry edits and dns redirects can still be in place.
reimaging/formatting is a solution to getting rid of the virus - but it should be a last resort as you will either lose so many important settings, software etc or when you try and copy your data first you may end up copying the virus also.
i would backup, and do a fresh install - be sure to format the drive, or delete the partition firts
it takes time, but in the end- you'll be sure that it is clean, and you have a fresh install also -
this save stime in the end
it takes time, but in the end- you'll be sure that it is clean, and you have a fresh install also -
this save stime in the end
I'm with nobus. Backup and fresh install
This is a good reason to have an image of your basic OS and tools and have installs and serials ready. A tech can do this while doing multiple other things while a virus scan and the after effects make him specifically focus on a single task to try and remove the issues.
Better to be safe than sorry. Imagine this thing on more computers.
This is a good reason to have an image of your basic OS and tools and have installs and serials ready. A tech can do this while doing multiple other things while a virus scan and the after effects make him specifically focus on a single task to try and remove the issues.
Better to be safe than sorry. Imagine this thing on more computers.
this is a tricky method if you do it in a right way. for the first part, you will have to act very fast before virus services gets active.
re-start your computer, press windows > R or go to start > run > type msconfig and hit enter. go to startup tab and quickly un-check the virus service and click apply.
you can identify virus service easily by looking at the Location column as for the most of the sevice it will start with HKLM and for virus it should be something else or you can also check with command as it usually start with c:\programm files. You can also have a look or identify it before restarting the computer so that you can quickly kill it next time you reboot and also keep msconfig typed in start > run box to reduce the time required to execute all this.
(this part has to be done quickly before virus service gets started at the time of computer start-up as virus will not allow you to do anything once it gets activated).
once you disable the virus then you have ample of time to clean it now. just download Mcafee stinger and scan your computer to clean the infection and then reboot it to test if it is working as expected.
I have used this method several times when virus does not allow you to do anything (even it blocks internet connectivity by changing proxy settings).
re-start your computer, press windows > R or go to start > run > type msconfig and hit enter. go to startup tab and quickly un-check the virus service and click apply.
you can identify virus service easily by looking at the Location column as for the most of the sevice it will start with HKLM and for virus it should be something else or you can also check with command as it usually start with c:\programm files. You can also have a look or identify it before restarting the computer so that you can quickly kill it next time you reboot and also keep msconfig typed in start > run box to reduce the time required to execute all this.
(this part has to be done quickly before virus service gets started at the time of computer start-up as virus will not allow you to do anything once it gets activated).
once you disable the virus then you have ample of time to clean it now. just download Mcafee stinger and scan your computer to clean the infection and then reboot it to test if it is working as expected.
I have used this method several times when virus does not allow you to do anything (even it blocks internet connectivity by changing proxy settings).
Have you tried using chameleon from mbam? It's not an install. On a clean computer download chameleon to a USB drive or burn to a CD. On the infected Conley attach the device (CD or USB) you just created. Run the services file. This should kill processes that are suspicious then run malwarebytes anti-malware.
Malwarebytes.org/chameleon
I believe is the link.
Malwarebytes.org/chameleon
I believe is the link.
Run these 2 after you have run them and if it's still there rerun them in safe mode.
Download free version after downloaded check for updates then run.
http://www.superantispyware.com/download.html
Then run Microsoft security essentials,
http://windows.microsoft.com/en-CA/windows/security-essentials-download
Reboot computer when scans are complete.
Download free version after downloaded check for updates then run.
http://www.superantispyware.com/download.html
Then run Microsoft security essentials,
http://windows.microsoft.com/en-CA/windows/security-essentials-download
Reboot computer when scans are complete.
with the time spent in scanning and study for repair - you can also do the fresh install
if it does not work out in less than an hour or 2 -i always do the fresh install
if it does not work out in less than an hour or 2 -i always do the fresh install
^ Ditto
ASKER
I'm going to get him to get a new hard drive and do a clean install. Got the major licenses he needed and I'm just going to go with that.