Solved

I am administrator but am locked out of administrator functions

Posted on 2007-11-30
8
1,629 Views
Last Modified: 2008-02-01
The OS is XP-Home.   Recently, someone installed a high-speed internet modem and software on this computer, which belongs to a friend.  Now, even though he is the only administrator for this computer, he does not have access to his control panel, nor can he run regedit or control.  Basically, he is told that the action has been canceled because he lacks permission and should contact his administrator.  He cannot run a restore operation.   There isn't any obvious way to get to his "users" area to make any changes, since he has no access to his Control Panel.
The usual tricks don't work:  Cannot access any Control Panel operations and can not edit registry.

Open in new window

0
Comment
Question by:rdaves
8 Comments
 
LVL 22

Accepted Solution

by:
orangutang earned 167 total points
ID: 20387275
0
 
LVL 32

Assisted Solution

by:and235100
and235100 earned 167 total points
ID: 20387279
This sounds like a malware-related issue that has changed a couple of registry entries.
Run a full system scan with an updated version of SuperAntiSpyware:
http://www.superantispyware.com/download.html

Then, try a full online scan using Housecall:
http://housecall.trendmicro.com/

Otherwise, post a HJT log:
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php
Do not fix anything - just post the log to this question for the time being.
0
 
LVL 32

Expert Comment

by:and235100
ID: 20387283
This is the most likely entry that has been changed to stop registry editing:
http://www.pctools.com/guides/registry/detail/543/

I would run this tool from symantec - it should give you registry control back:
http://securityresponse.symantec.com/avcenter/venc/data/tool.to.reset.shellopencommand.registry.keys.html
0
 
LVL 1

Assisted Solution

by:veaygn
veaygn earned 166 total points
ID: 20387886
This is a malware infection (w32.brontok or w32.fujacks IIRC).  You will also not be able to see any hidden files and folders in Windows, even when you make changes under "Tools > Folder Options > View".

What anti-virus product do you have installed?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:rdaves
ID: 20389467
and235100: I will do the downloads you suggest and give it a try.

veayqn: The fellow who owns this computer is not computer literate.  I cannot find any anti-virus on his machine.  He goes on the internet via a DSL modem, which is a hardware firewall, however, he has no anti-virus program for offline projects.  I don't know if he has his windows firewall turned on, since he lacks privilege.

Both you guys:  I will spend about another half hour on this project (have already spent about 3-hours) and then I am going to reformat his hard drive and reinstall Windows XP.  In my experience, a computer this screwed up can't be fixed and rather than spend the rest of my life on earth trying to fix it, I am going to spend an hour wiping the HD and reinstalling.  Malware cannot survive this and it is often the best way to go.

0
 
LVL 32

Expert Comment

by:and235100
ID: 20389474
To ensure that a viral infection (if that is the issue) does not remain - crate a bootable cd of DBAN (http://dban.sourceforge.net/) and wipe the computer's hard disk with it. This will ensure no data is present on the disk.
Some data can actually survivie a windows-style format - as the format is a high-level format - not a "low-level" - which is much more effective. DBAN uses a proper low-level format.
0
 

Author Comment

by:rdaves
ID: 20390494
System was too fouled up.  Wiped HD and reinstalled software.
0
 
LVL 32

Expert Comment

by:and235100
ID: 20391844
Thanks - no problem.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Are you unable to synchronize your OST (Offline Storage Table) file with Microsoft Exchange Server? Is your OST file exceeding 2 GB size limit? In Microsoft Outlook 2002 and earlier versions, there is a 2 GB size limit for the OST file. If the file …
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now