According to this part of his post, it sounded like he did install it:
Though he said he didn't use it to install Updates...it's possible the software itself is somehow corrupting permissions.
Power User loses rights after updates.
- Thread starter bph
- Start date
According to this part of his post, it sounded like he did install it:
Though he said he didn't use it to install Updates...it's possible the software itself is somehow corrupting permissions.
Whatever we're not going to continue rambling on about this. :|
Lets wait and see what happens next with his issue.
Thanks - hard to comment on so many suggestions! I've downloaded the ISO image of Eset Rescue live. I have an appointment elsewhere shortly, but I'll burn the disc and try it this evening.
All the other suggestions look well worth trying, so I'll work my way through and hope something works. To clarify, I installed WUD downloader on this second machine a while ago, but never used it to download updates. The machine was working normally at this time, which makes me think the problem is something to do with the USB stick rather than WUD.
It seems a damned funny sort of malware, though, because I seem to be the only one in the world afflicted. I've run several Google scans for the problem, and the only result that comes up looking relevant is this thread!
All the other suggestions look well worth trying, so I'll work my way through and hope something works. To clarify, I installed WUD downloader on this second machine a while ago, but never used it to download updates. The machine was working normally at this time, which makes me think the problem is something to do with the USB stick rather than WUD.
It seems a damned funny sort of malware, though, because I seem to be the only one in the world afflicted. I've run several Google scans for the problem, and the only result that comes up looking relevant is this thread!
I ran an Eset scan first on the HDD. Three "threats", but false positives I'm sure - software installation programs that have been around for years. Ran a separate scan on the suspect USB drive - no threats at all.
I'd give up and start again from scratch, but unless I can find what is wrong, how can I be sure whether any of my drives or media are safe?
I'll try others of your suggestions tomorrow.
I'd give up and start again from scratch, but unless I can find what is wrong, how can I be sure whether any of my drives or media are safe?
I'll try others of your suggestions tomorrow.
.
Joe C
Golden Master
- Messages
- 5,006
- Location
- Great Lakes State
what are these software programs giving the false positives?
Sorry, can't remember - just deleted them. I should have said installation files rather than programs. There were two and one item in system restore.
I've run Panda Anti-Rootkit, TDSSKiller, and MalwareBytes Anti-Rootkit - nothing!
Also downloaded and burnt lubuntu 14.10 to try carnageX's suggestion of looking for hidden files, but the CD won't boot. I have an "Ultimate Boot Disc for Windows" that I made a long time ago, and I have used that to look at the suspect USB drive and cannot see any files that shouldn't be there.
I agree that the problem I'm having looks as though it must be malware, but as I said before it seems a damned funny sort of malware. What is the point of it? Why does no one else have the problem? If it isn't anything in the files, where is it, and would it go away even if I formatted everything? I rather have the feeling it could turn out to be something really simple, and I am going to end up looking pretty stupid!
Last edited:
What about this XP Home machine I am using now? That flash drive has been in this machine. Could this computer be infected but, since it has no Power User group, asymptomatic? And several other flash drives have been plugged in this machine; couldn't they be infected? I'm away from home and keeping the 'master' copy of files on flash drives, so it's tricky.
I know very little about malware, or how insidious it could be. Unless I can locate the problem I don't see how I can ever know what is safe. If it is malware, surely some scanner ought to be able to find it?
I know very little about malware, or how insidious it could be. Unless I can locate the problem I don't see how I can ever know what is safe. If it is malware, surely some scanner ought to be able to find it?
So here's the plan; it may take a while, and I'm not sure it will prove anything, but it might indicate whether there is malware involved, whether it is on this USB stick, and possibly whether other flash drives are infected:
I will take the HDD out of this machine and fit another, probably the one from the previous machine. I'll format it using a G-parted CD, and then do a clean XP Pro install, adding a Power User account, and checking that it works correctly.
Then I will insert the suspect USB stick and see if it still works, and maybe open one or two files.
If the fault reappears, then I will delete the Windows updates on the stick, reformat the HDD and repeat the process.
If the fault appears again, I will format the USB stick and do it again.
If the fault is gone I will know it was on the stick, and I can try other flash drives to see if they cause the fault, and are therefore infected.
If the fault does not reappear at any stage, I will still not know where it came from, but at least I should know I can do a clean install without it occurring.
I will take the HDD out of this machine and fit another, probably the one from the previous machine. I'll format it using a G-parted CD, and then do a clean XP Pro install, adding a Power User account, and checking that it works correctly.
Then I will insert the suspect USB stick and see if it still works, and maybe open one or two files.
If the fault reappears, then I will delete the Windows updates on the stick, reformat the HDD and repeat the process.
If the fault appears again, I will format the USB stick and do it again.
If the fault is gone I will know it was on the stick, and I can try other flash drives to see if they cause the fault, and are therefore infected.
If the fault does not reappear at any stage, I will still not know where it came from, but at least I should know I can do a clean install without it occurring.
