Help with this Virus please.

C

Chroniclehome

Baseband Member
Messages
24
Location
utah
I really dont want to have to do a B&R but I will if need be. So basically this virus has this computer locked down. If you try to click on ANYTHING it pops up requiring administrator access. The owner has tried the admin pass and says it is NOT the same for sure. We try to run anti-virus admin access required, this both in regular windows and safe mode. Can't open folders in C:drive to look for anything manually, can't force shut down anything in task manager. Any help would be nice. Thanks in advance.
 
Chroniclehome said:
I really dont want to have to do a B&R but I will if need be. So basically this virus has this computer locked down. If you try to click on ANYTHING it pops up requiring administrator access. The owner has tried the admin pass and says it is NOT the same for sure. We try to run anti-virus admin access required, this both in regular windows and safe mode. Can't open folders in C:drive to look for anything manually, can't force shut down anything in task manager. Any help would be nice. Thanks in advance.
Click to expand...

Does all of this still happen in safe mode with networking?
 
Booting up in safe mode with networking would be a good start. Then attempt a system recovery from a previous backup.
 
If you do not have admin rights on the machine, you can get a copy of Hirens Boot CD to reset the administrator account.

If you cannot do that, you will need to pop in a CD and install Windows all over again.
 
Chroniclehome said:
It does occur in safe mode as well yes. System recovery requires admin rights......
Click to expand...
It looks like it's a difficult one then. Easiest method would be taking out the hard drive, backing it up, and re-installing windows.

The other methods involve creating a visual basic script to disable the restrictions on the task manager, so that you can possibly terminate the malicious process (Spyware/virus has taken over Administrator [Solved] | Kioskea), or making an anti-malware rescue disk to boot from and see if that can get rid of it.

But that may still not release the admin rights.
 
Free Bootable AntiVirus Rescue CDs Download List

Try a bootable AV. Try out the Kaspersky one first.

Before running it, boot into Safe Mode (not networking), and run msconfig (Start > type in msconfig in the search box > run it). See if it will letyou open it or not. If it does, disable everything from startup, and then look for things trying to start from AppData usually. Go and track those files down and delete them manually. If it won't let you delete it, you may have to uncheck them in MSConfig first, reboot back into Safe Mode, and then delete them.

If it won't let you run MSConfig, then try the bootable AV.
 
Chroniclehome,

Can you tell us what operating system the computer is running?

If the computer is running Windows 7, and, assuming there is no Administrator account on the system, is it possible to do the following:

Boot into Safe Mode with Command Prompt

Log in as a User with administrative rights

At the blinking cursor of the Command Prompt, type in:
net user administrator /active:yes
Click to expand...
Press: Enter

You should get a message stating the command was sucessful.
Log off and reboot.

Any luck?
 
Last edited by a moderator:
Thank you all for the advise, unfortunately none of these solutions worked in this case. Client has requested us to B&R it. Thank you again for all the advice.
 
You must log in or register to reply here.

Similar threads

M
Upgrading Old Computer- Please help
Replies
2
Views
734
PP Mguire
PP Mguire
P
ComboFix Replacement
Replies
5
Views
518
PC_Cone
P
O
hello & mostly clueless & would appreciate mac security help after trojan attack!
Replies
0
Views
931
once2023
O
A
Microsoft Outlook 2021 Does Not Install Important Add-In Tool Anymore - Please Help
Replies
0
Views
2K
Azam.biz
A
CloudniumSupport
Deciding on the right hosting provider:
Replies
1
Views
568
brownelsa1318
B
Back
Top Bottom