We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

admin permissions have changed

sio2y
sio2y asked
on
Medium Priority
239 Views
Last Modified: 2013-12-04
The computer has gotten a virus which has locked it up by changing the permissions so that we dont have access to any services, system restore,  etc.

Internet is a no go - we have tried using different nics and usb to ethernet adapters. installing Mbam, & SAS doesn't work. We did get Avast in and have run a boot time scan but found nothing.

It's important to try and salvage rather than reformat - ideas?

Thanks.
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Have you tried booting the system into Safe mode?
you could use the ultimate boot cd to boot the system and scan the drive.
http://www.ultimatebootcd.com/

If the virus your system was infected was so pervasive, you might as well reinstall after you get your data off.  Or you may overlook something i.e. backdoor, trojan, keylogger that will cause you more pain later.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
ComboFix is helpful too
TDKDTechnical Liaison
Commented:
I would personally connect the drive as a secondary drive and backup the data you want before re-imaging the PC.

Author

Commented:
All good suggestions and several have been tried..... thank you.

The issue is that this is an appointment computer and the software is not readily available.

We have added as a drive to two different systems for scanning, one vista one xp. Both systems had updated tools and both froze after a few minutes of scanning. We will try combo fix and if that doesn;t work we will verify our data on the external and then do a non destructive  ystem recovery and hope we can find the appointment software.



CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
A repair install may work, but all will depend where the virus is hidding.
The issue can be as trivial as the virus being part of an ActiveX control mistakenly/erroneously  installed in IE.

The freezing part might suggest that the hard drive maybe going bad.

Author

Commented:
Update.....

Combofix at least removed a bunch of other stuff but still no ability to change permissions or start services.

TDKDTechnical Liaison

Commented:
Hi sio2y,

Are you sure the application's exe file isn't saved somewhere local on the system in question? Perhaps who ever installed it originally kept the installation program?
after combofix stoped the virus, have you restored to a previous state?

Author

Commented:
Sorry for the delayed response, I got really sick.

TDKD: great suggestion! Although they did not save the .exe we were able to get the company to allow us an internet download which we installed on a different computer. I was able to trnasfer all data by connecting the hd to a different machine and taking ownership of the files.

debuggerau: we had no permissions at all - meaning no access to system restore from the gui or command line, no services no nothing. A friend of mine suggested running Net start(service) to check permissions but I don't have access t the machine any more.

Thanks for the responses -




Author

Commented:
Thanks for the help - all good suggestions, simply ran out of time.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.