• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 231
  • Last Modified:

admin permissions have changed

The computer has gotten a virus which has locked it up by changing the permissions so that we dont have access to any services, system restore,  etc.

Internet is a no go - we have tried using different nics and usb to ethernet adapters. installing Mbam, & SAS doesn't work. We did get Avast in and have run a boot time scan but found nothing.

It's important to try and salvage rather than reformat - ideas?

Thanks.
0
sio2y
Asked:
sio2y
  • 4
  • 2
  • 2
  • +1
3 Solutions
 
arnoldCommented:
Have you tried booting the system into Safe mode?
you could use the ultimate boot cd to boot the system and scan the drive.
http://www.ultimatebootcd.com/

If the virus your system was infected was so pervasive, you might as well reinstall after you get your data off.  Or you may overlook something i.e. backdoor, trojan, keylogger that will cause you more pain later.
0
 
debuggerauCommented:
ComboFix is helpful too
0
 
TDKDCommented:
I would personally connect the drive as a secondary drive and backup the data you want before re-imaging the PC.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
sio2yAuthor Commented:
All good suggestions and several have been tried..... thank you.

The issue is that this is an appointment computer and the software is not readily available.

We have added as a drive to two different systems for scanning, one vista one xp. Both systems had updated tools and both froze after a few minutes of scanning. We will try combo fix and if that doesn;t work we will verify our data on the external and then do a non destructive  ystem recovery and hope we can find the appointment software.



0
 
arnoldCommented:
A repair install may work, but all will depend where the virus is hidding.
The issue can be as trivial as the virus being part of an ActiveX control mistakenly/erroneously  installed in IE.

The freezing part might suggest that the hard drive maybe going bad.
0
 
sio2yAuthor Commented:
Update.....

Combofix at least removed a bunch of other stuff but still no ability to change permissions or start services.

0
 
TDKDCommented:
Hi sio2y,

Are you sure the application's exe file isn't saved somewhere local on the system in question? Perhaps who ever installed it originally kept the installation program?
0
 
debuggerauCommented:
after combofix stoped the virus, have you restored to a previous state?
0
 
sio2yAuthor Commented:
Sorry for the delayed response, I got really sick.

TDKD: great suggestion! Although they did not save the .exe we were able to get the company to allow us an internet download which we installed on a different computer. I was able to trnasfer all data by connecting the hd to a different machine and taking ownership of the files.

debuggerau: we had no permissions at all - meaning no access to system restore from the gui or command line, no services no nothing. A friend of mine suggested running Net start(service) to check permissions but I don't have access t the machine any more.

Thanks for the responses -




0
 
sio2yAuthor Commented:
Thanks for the help - all good suggestions, simply ran out of time.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now