Permissions Denied Virus for Vista

Discussion in 'System Security & Infection Support' started by Goober, Sep 25, 2009.

  1. Goober

    Goober THQ's Jester Moderator

    Joined:
    Jul 26, 2004
    Messages:
    2,864
    Likes Received:
    35
    Location:
    Colorado
    At work I have this wonderful Vista tower with a wonderful virus. I can install SuperAntiSpyware and Malwarebytes and usually get them to run once. After they run and ask to restart the computer to remove the rest of the virus and I click ok to restart, the AV has permissions disabled upon the reboot. I cannot run HJT (well I can for 3 seconds) IE and FF pages do not load all the way. And I cannot physically delete the AV or run the uninstaller. There is no difference if I choose safe mode. My coworker when he first received this computer installed SP1 and there are not any restore points beyond that install and the virus has been on the system before that.

    If I cannot find a resolution today I will be format/reinstalling Vista which I do not want to do but I need to do something quickly for my client.


    EDIT: Oh and I can change permissions but it doesn't effect anything. Yes I am logged in as an administrator account. I have tried creating a second account but it has the same effect.
     
    Last edited: Sep 25, 2009
    Goober, Sep 25, 2009
    #1
    1. Advertisements

  2. Goober

    Zeus Moderator

    Joined:
    Jun 20, 2005
    Messages:
    2,006
    Likes Received:
    33
    Location:
    Virginia
    Try this and see if it cleans it.
     
    Zeus, Sep 26, 2009
    #2
    1. Advertisements

  3. Goober

    Core in pounce mode Moderator

    Joined:
    Jun 30, 2003
    Messages:
    1,557
    Likes Received:
    24
    Location:
    Akaa, Finland
    Download a trial of Norton Internet Security 2010 and run that to see if it can clear it up. This sounds like entirely an issue with the product you're using... Is UAC turned off?
     
    Core, Sep 26, 2009
    #3
  4. Goober

    Goober THQ's Jester Moderator

    Joined:
    Jul 26, 2004
    Messages:
    2,864
    Likes Received:
    35
    Location:
    Colorado
    Here's what happened:

    The virus became worse knocking out the network connections and then services.msc. I could no longer open up FF and IE hangs up the system. I went off and did some more research at a few other sites and some of the tools they offered for others to use just opened and closed when the virus found something scanning for it. It also embedded its self into the recovery partition of the hdd, so no factory defaults with drivers installed for me.

    @Core: Yes UAC was turned off

    Its been a while since I have seen a virus to this degree and I do personally feel that its going to get worse with Vista, and possibly with Win 7.

    On a good amount of the AV forums out there there is a lot of talk about not being able to run HJT and xyz AV.
     
    Goober, Sep 28, 2009
    #4
  5. Goober

    Maurice Bloody good bloke VIP Member

    Joined:
    Jun 25, 2009
    Messages:
    352
    Likes Received:
    16
    Location:
    London England
    It sounds like a wipe and start all over again is the best bet and then get hime to install a decent Firewall and AV solution.

    Oh, and tell him to stay away from naughty websites and never open emails unless 100% sure of their authenticity.
     
    Maurice, Sep 28, 2009
    #5
  6. Goober

    Core in pounce mode Moderator

    Joined:
    Jun 30, 2003
    Messages:
    1,557
    Likes Received:
    24
    Location:
    Akaa, Finland
    And to keep UAC on.

    At any rate, even if you were able to remove the virus, I'm not sure I'd even recommend it at this point...it seems too resilient; I wouldn't personally be comfortable carrying on without a full reformat/reinstall. Sounds like it's a particularly nasty one...haven't seen one that bad in a while.
     
    Core, Sep 28, 2009
    #6
  7. Goober

    Maurice Bloody good bloke VIP Member

    Joined:
    Jun 25, 2009
    Messages:
    352
    Likes Received:
    16
    Location:
    London England
    There is another option. Take the infected drive out of the Pc and hook it up as the 2nd drive (usually in place of an optical drive) on another know clean PC. Boot that PC up and then get it to do a full scan of the infected drive. Once it has cleaned it then backup all essential data files in case they are needed later.

    Re fit the drive back into its own Pc and then boot up and see if all is now ok. If there is still a virus problem then a wipe/reinstall can be done and as the files were backed up on the other Pc they can then be recovered to this one - and rescanned again.
     
    Maurice, Sep 28, 2009
    #7
  8. Goober

    Zeus Moderator

    Joined:
    Jun 20, 2005
    Messages:
    2,006
    Likes Received:
    33
    Location:
    Virginia
    With all the problems he is having with the virus embedding itself and not going away, doing this would be a serious risk to the clean PC.

    What is the name of the virus?
     
    Zeus, Sep 28, 2009
    #8
  9. Goober

    Goober THQ's Jester Moderator

    Joined:
    Jul 26, 2004
    Messages:
    2,864
    Likes Received:
    35
    Location:
    Colorado
    No Core, I tured UAC off to see if that was effecting the AV/HJT

    Maurice, I did scan it externaly with out any results being pulled from my trusted scanners. As Zeus said, even if it were to work at this point its way to far for the system to be stable. I didn't feel safe either as Core points out.

    Good question Zeus, I don't know the name of it because I couldn't get an AV to pull up a name without crashing and scanning it externally didn't pull any results. This virus definitely planted its happy rear into system files and the registry.
     
    Goober, Sep 28, 2009
    #9
  10. Goober

    Zeus Moderator

    Joined:
    Jun 20, 2005
    Messages:
    2,006
    Likes Received:
    33
    Location:
    Virginia

    Well then if there is no name, then the virus does not exists. I conclude the problems must all be in your head. ;)

    Looks like you may have a zero day virus on your hands. I'll check my security networks and see what I find.
     
    Zeus, Sep 28, 2009
    #10
  11. Goober

    danperteet I broke it again. VIP Member

    Joined:
    Dec 17, 2008
    Messages:
    221
    Likes Received:
    5
    Location:
    Georgia
    I had one of those on my laptop. I had to use a live cd. The virus was in system files, and by deleting the virus, I deleted files that are needed to make the computer run properly. I eventually just nuked it and put Windows 7 on here. Had Windows 7 since February or March with no problems. Too bad it won't be in stores till October 22.
     
    danperteet, Sep 28, 2009
    #11
  12. Goober

    Zeus Moderator

    Joined:
    Jun 20, 2005
    Messages:
    2,006
    Likes Received:
    33
    Location:
    Virginia
    OEM version is now available on newegg.
     
    Zeus, Sep 28, 2009
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.