• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 614
  • Last Modified:

Do not have permission to run HiJackThis or Malwarebytes

After using the search feature, I seem to be coming up short so I appologize if you've seen this before.  I'm currently logged in as the local admin in safemode and cannot run HiHackThis or Malwarebytes after using Kaspersky's TDSSKiller to remove several rootkits as recommended as a solution for search engine results that are being redirected.  But now that the machine has rebooted, I'm told "Windows cannot access the specified device, path, or file. You may not have the appropiate permissions to access the item."

I've checked NTFS permissions for the related folders with no indication of a problem.  One odd thing is that I can't even rename the Malwarebytes or HiJackThis files.  Whatever this is, it seems to know I'm trying to kill it.  Seems malware just keeps getting worse and finds its way in regardless of the anti-malware and anti-virus package you choose.
0
gcmj45acp
Asked:
gcmj45acp
3 Solutions
 
pjamCommented:
Suspect malware/virus has control now.  first thing to go is ability to run these good programs and task manager to kill processes.
have you tried mcafees standalone program Stinger.  It requires no install and in the past I have had good success with it.
If not You will probably need to boot to a CD and run from there.  Microsoft Standalone System Sweeper is a good place to start.  You will need a clean computer to make the boot CD or USB.  You can download either a 32-bit or 64- bit here:
http://connect.microsoft.com/systemsweeper


0
 
greg-hawkinsCommented:
To Kill rootkits I would normally run rkill.exe (from mybleepingcomputer.com) I'd then install malwarebytes. I've never had a problem with it. :)
0
 
coolfigerCommented:
at this point a clean reload is often recommended. Its a real pain in the ass to get every bit of this virus out
 Try running your clean up from safe mode . If this does not work try a live cd with a antivirus and do a full clean up ... Its lingering soem where in memory and is causing this. If its there most likely its tampering with your av as well ..
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
gcmj45acpAuthor Commented:
There's a resident process in the taskmgr that I can't seem to kill.  It's 272854575:2418238045.exe and I though I've seen it on the hdd in safemode and deleted it, it keeps coming back.  In the process of trying the Microsoft Standalone product now.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Use Rogue Killer to stop the processes see this article by younghv: http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html
This is a must read also: http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_5124-Stop-the-Bleeding-First-Aid-for-Malware.html

DO NOT REBOOT after using rogue killer and you should not have a problem running MBAM.
0
 
gcmj45acpAuthor Commented:
Tried RogueKiller with no luck...No "rogue" programs were seen.  Tried Microsoft's Standalone Scanner which found 73 infections and suspicious items including GoToMyPC.  This seems to have gotten rid of the rogue process that I couldn't kill but, I'm still getting the same error when I try to run HiJackThis or Malwarebytes and I'm not sure what about the permissions or attributes in those folders could be the problem.
0
 
pjamCommented:
With that many infections your XP may be damaged.  You can try Fred's no ofrmat re-install, i have used that many times.
You see directions at Information Week:
http://www.informationweek.com/news/windows/operatingsystems/189400897
Unless you have an XP SP3 slip you will need to reinstall SP3 and 100 plus updates when finished.  But you will not need to re-install Apps.
0
 
gcmj45acpAuthor Commented:
After a lot of scanning, cursing, and drinking, I think I've cleared all the infections but, it does appear that XP itself is damaged.  The machine pulls an IP and can get out to the Internet but won't talk to anything in the domain that requires AD/LDAP.  I can't even rejoin the network because "networking is not installed or not properly configured."  Will try the no-format re-install.
0
 
gcmj45acpAuthor Commented:
OK, this is a new one for me...Tried the no-format re-install and after the reboot, I'm stuck with a prompt asking for the file 'asms' on the Windows XP Professional Service Pack 3 CD.  I've checked my original ISO for the WinPro SP3 CD, two or three OEM CDs, and even a Dell supplied version of the OEM CD and not one of them has such a file.  I even tried a CD that had nothing but the service pack on it with no luck.  The only place I've ever seen an "asms" file was the uninstall folders for previous service packs and even then, that's a file extension, not a file onto itself.  Any thoughts?
0
 
gcmj45acpAuthor Commented:
Let me correct that earlier message...There is an ASMS folder on all these CDs with the exception of the Service Pack 3 CD itself.
0
 
gcmj45acpAuthor Commented:
OK, got past the ASMS message after diagnosing a failure of the notebook to read any directories on the CD-ROM drive.  I got by that by copying the entirety of the WindowsXP SP3 CD to a USB/flash drive and telling the install to look at that drive every time it asked for another file.  This got me through the installation and back to a working OS.

The issue with MalwareBytes and HiJackThis was a folder permissions issue brought on by one or more of the infections/worms.  I'm running through RogueKiller, TDSSKiller, Malwarebytes and HiJackThis all over again to see if I get clean bills of health all the way through.  I've got 114 pending Microsoft Updates but, I can live with that.

Thanks for all your help guys...As soon as everything appears to be squared away, I'll post a final update and accept the solutions that have helped to award points.
0
 
gcmj45acpAuthor Commented:
Folks, the Microsoft standalone system scanner and roguekiller together helped me get things turned around.  I ultimately found that I couldn't run MBAM and HiJHack this specifically because the permissions to those folders had been changed.  Can't thank you guys enough to broadening my toolkit for these kinds of infections.  I just wish we could put contracts out on the clowns who write this stuff.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now