Volfandt said:
XP Pro w/rev 6 explorer. I recently discovered that I couldn't access any web
sites that contain antivirus/spyware updates or fixes. This includes AVG,
SpyBot, Adaware, Malware and/or even trying to manually run Windows update.
Instead of getting the download page (where one chooses to eoither save or
run the download, I get a webpage stateing page not found"). Microsofts
Malicious Software tool didn;t find any problems but AVG ran and found
problems and fixed it but when I run the Microsoft download scanner it finds
problems but can't fix them. Other than not being able to update XP, AVG and
my other virus/spyware app's the system seems to work fine. Also, I cannot
run Spybot nor Malwares app. I deleted Spybot and reinstalled it and it will
not run.
I'm guessing the virus that got me has gotten into my registry.
Any thoughts and/or fixes?
Thanks
This can be one of two:
1- A restrictions been put in place by the Viral infection
Or
2- A Corrupt profile
Open run then type in:
regedit click [OK]
Locate this keys and see if the entries placed to restrict you from having
control on your machine and remove them if they are there!
Restriction for Programs to run:
[-] HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
Version\Policies\Explorer = remove this entry in the right pane/window:
DisallowRun
Restriction for Registry Editor:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System
= remove this entry in the right pane/window
DisableRegistryTools
Restriction for Command Prompt:
[-]HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System = remove
this entry in the right pane/window
DisableCMD
<Q from MauriceN at castlecops.com>
Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from
here:
http://cid-6aaab341ce47c5c2.skydrive.live.com/self.aspx/Public/FixPolicies.exe
* Double-click FixPolicies.exe.
* Click the "Install" button on the bottom toolbar of the box that will
open.
* The program will create a new Folder called FixPolicies.
* Double-click to Open the new Folder, and then double-click the file
within: Fix_Policies.cmd.
* A black box will briefly appear and then close.
* This fix may prove temporary. Active malware may revert these changes
at your next startup. You can safely run the utility again.
Now, logoff and restart the system, and advise and confirm for me that you
can login to Normal mode.
</Q>
Run a thorough scan by doing the following steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
Download and Update both SuperAntispyware and Malwarebytes then run a
complete scan - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://www.malwarebytes.org/rr-update/rr-free-setup.exe
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html
If you wish to send me your Hijackthis log I will be happy to help you
further or send to one of many forums on the internet!
Download Hijackthis and send me the log.
(
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
my address is : to_you_ross(at remove this and repalce with the
obvious)yahoo.co.uk ( _ is underscore)
Run disk clean up on your Drive.
You can download this tool o run clean up:
http://www.ccleaner.com/download/builds/downloading-slim
# For the second option:
How to Identify a Damaged User Profile and Create a New Profile
http://support.microsoft.com/kb/811151
HTH,
nass