• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 774
  • Last Modified:

Malware has restricted access to Control Panel - how to lift restrictions

This is an interesting problem.

Customer brought in a Dell 4600 running XP SP2 Home with Win Antivirus Pro 2007 on it, along with other goodies, viruses, spyware, adware.  I cleaned it, did a repair install, put in Webroot Spysweeper and Desktop Firewall and AVG antivirus.  I think I got most of it, but I still cant get to the control panel or the Display Properties (the malware took over the desktop with its warning message).  

Ive gone into the administrative userid in safe mode but still when I try to access the control panel or other major functions, I get:  This operation has been cancelled due to restrictions in effect on this computer.  Please contact your system administrator. 

This is covered by Microsoft here:
http://support.microsoft.com/kb/278839

But that doesnt work if every userid is locked out.  I cant get to the User Configurations to change the permissions.  How do we get out of this?

Thanks,
Al

0
alanlsilverman
Asked:
alanlsilverman
  • 2
2 Solutions
 
pwrBallCommented:
Can you run gpedit.msc from the Run dialog box?

Maybe check the permissions on c:\windows\system32\control.exe file, and make sure the permissions have not been modified. Admins should have full control as well as the SYSTEM account
0
 
cuziyqCommented:
The virus has basically applied a group policy settings in your registry.  Group policy is used by administrators in an Active Directory domain to lock peons out of sensitive areas of the operating system.  Although XP home does not support being joined to a corporate domain, it will still recognize the GPO settings in the registry because XP Home is basically just a deliberately handicapped version of XP Pro.  The virus has taken advantage of this behavior.

Try to run gpedit.msc by going to Start -> Run.  If windows complains that the file can't be found, see if you can obtain it from a clean XP Pro machine.  Hopefully, Microsoft didn't "break" the ability to use that tool in the Home version.

Once you get your hands on that file (assuming you can get it up and running), unset anything that has been set.  There are a bazillion policies in there, and most of them should say "Not Defined"  There is plenty of documentation on M$'s web site about GPO objects.  You're looking for the ones that restrict access to the display control panel and the like.

The virus has probably disabled registry editing too.
0
 
alanlsilvermanAuthor Commented:
I actually could get regedit to work.  I found this site about and did what it said below.
Thanks to you both, your suggestions would have worked as well
Al


http://www.dslreports.com/forum/r18901642-pro-This-operation-has-been-cancelled-due-to-restrictions

NoAddRemovePrograms
NoControlPanel

If your system is attached to a domain, your network administrator may have

disabled the Add or Remove Programs applet. For standalone systems, follow

the steps below to unlock the restrictions.

Click Start, Run and type Regedit.exe

Navigate to the following branches one by one:

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \

Policies \ Uninstall
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \

Policies \ Uninstall

Delete the NoAddRemovePrograms value if present in the above locations.
Then, navigate to following locations:

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \

Policies \ Explorer
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \

Policies \ Explorer

Delete the NoControlPanel value in the above locations.
Close Regedit.exe
0
 
cuziyqCommented:
Yep, that's exactly what GPO does to the registry.  You just took the long way around :-)
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now