gcmj45acp
asked on
Do not have permission to run HiJackThis or Malwarebytes
After using the search feature, I seem to be coming up short so I appologize if you've seen this before. I'm currently logged in as the local admin in safemode and cannot run HiHackThis or Malwarebytes after using Kaspersky's TDSSKiller to remove several rootkits as recommended as a solution for search engine results that are being redirected. But now that the machine has rebooted, I'm told "Windows cannot access the specified device, path, or file. You may not have the appropiate permissions to access the item."
I've checked NTFS permissions for the related folders with no indication of a problem. One odd thing is that I can't even rename the Malwarebytes or HiJackThis files. Whatever this is, it seems to know I'm trying to kill it. Seems malware just keeps getting worse and finds its way in regardless of the anti-malware and anti-virus package you choose.
I've checked NTFS permissions for the related folders with no indication of a problem. One odd thing is that I can't even rename the Malwarebytes or HiJackThis files. Whatever this is, it seems to know I'm trying to kill it. Seems malware just keeps getting worse and finds its way in regardless of the anti-malware and anti-virus package you choose.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
greg-hawkins
To Kill rootkits I would normally run rkill.exe (from mybleepingcomputer.com) I'd then install malwarebytes. I've never had a problem with it. :)
at this point a clean reload is often recommended. Its a real pain in the ass to get every bit of this virus out
Try running your clean up from safe mode . If this does not work try a live cd with a antivirus and do a full clean up ... Its lingering soem where in memory and is causing this. If its there most likely its tampering with your av as well ..
Try running your clean up from safe mode . If this does not work try a live cd with a antivirus and do a full clean up ... Its lingering soem where in memory and is causing this. If its there most likely its tampering with your av as well ..
ASKER
There's a resident process in the taskmgr that I can't seem to kill. It's 272854575:2418238045.exe and I though I've seen it on the hdd in safemode and deleted it, it keeps coming back. In the process of trying the Microsoft Standalone product now.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tried RogueKiller with no luck...No "rogue" programs were seen. Tried Microsoft's Standalone Scanner which found 73 infections and suspicious items including GoToMyPC. This seems to have gotten rid of the rogue process that I couldn't kill but, I'm still getting the same error when I try to run HiJackThis or Malwarebytes and I'm not sure what about the permissions or attributes in those folders could be the problem.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
After a lot of scanning, cursing, and drinking, I think I've cleared all the infections but, it does appear that XP itself is damaged. The machine pulls an IP and can get out to the Internet but won't talk to anything in the domain that requires AD/LDAP. I can't even rejoin the network because "networking is not installed or not properly configured." Will try the no-format re-install.
ASKER
OK, this is a new one for me...Tried the no-format re-install and after the reboot, I'm stuck with a prompt asking for the file 'asms' on the Windows XP Professional Service Pack 3 CD. I've checked my original ISO for the WinPro SP3 CD, two or three OEM CDs, and even a Dell supplied version of the OEM CD and not one of them has such a file. I even tried a CD that had nothing but the service pack on it with no luck. The only place I've ever seen an "asms" file was the uninstall folders for previous service packs and even then, that's a file extension, not a file onto itself. Any thoughts?
ASKER
Let me correct that earlier message...There is an ASMS folder on all these CDs with the exception of the Service Pack 3 CD itself.
ASKER
OK, got past the ASMS message after diagnosing a failure of the notebook to read any directories on the CD-ROM drive. I got by that by copying the entirety of the WindowsXP SP3 CD to a USB/flash drive and telling the install to look at that drive every time it asked for another file. This got me through the installation and back to a working OS.
The issue with MalwareBytes and HiJackThis was a folder permissions issue brought on by one or more of the infections/worms. I'm running through RogueKiller, TDSSKiller, Malwarebytes and HiJackThis all over again to see if I get clean bills of health all the way through. I've got 114 pending Microsoft Updates but, I can live with that.
Thanks for all your help guys...As soon as everything appears to be squared away, I'll post a final update and accept the solutions that have helped to award points.
The issue with MalwareBytes and HiJackThis was a folder permissions issue brought on by one or more of the infections/worms. I'm running through RogueKiller, TDSSKiller, Malwarebytes and HiJackThis all over again to see if I get clean bills of health all the way through. I've got 114 pending Microsoft Updates but, I can live with that.
Thanks for all your help guys...As soon as everything appears to be squared away, I'll post a final update and accept the solutions that have helped to award points.
ASKER
Folks, the Microsoft standalone system scanner and roguekiller together helped me get things turned around. I ultimately found that I couldn't run MBAM and HiJHack this specifically because the permissions to those folders had been changed. Can't thank you guys enough to broadening my toolkit for these kinds of infections. I just wish we could put contracts out on the clowns who write this stuff.