Security Policies

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello:
My computer doesn't allow changes in Security Policies. Also neither allow
to update windows, it remains at an infinit cicle, like a continuous refresh.
For example, if I change task bar properties, it doesn't accept the changes
that I made.
The computer is working very, very slowly.
I've verified the hard disk in a diferent computer, like slave, and I've
running anti virus. When I put the disk again in my computer, it is working
at the same.
How can I have access to the Securoty Policies. By Control Panel I cannot do
it.
Thanks
 
M. Neves said:
Hello:
My computer doesn't allow changes in Security Policies. Also neither
allow to update windows, it remains at an infinit cicle, like a
continuous refresh. For example, if I change task bar properties, it
doesn't accept the changes that I made.
The computer is working very, very slowly.
I've verified the hard disk in a diferent computer, like slave, and
I've running anti virus. When I put the disk again in my computer, it
is working at the same.
How can I have access to the Securoty Policies. By Control Panel I
cannot do it.
Thanks
Click to expand...

Just running an antivirus while the drive is slaved isn't sufficient.
Put the drive back in its home and:

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with either Sysclean or Multi_AV, plus Ewido. Do all
prep/finishing work and follow instructions to do all scans in Safe
Mode.

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

If the procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a professional
computer repair shop (not your local version of BigStoreUSA).

Malke
 
Hello:
Before anything else, thank you for your help.
I did what you suggest and it woks 90%.
Now, my computer is working better, but I can't yet change the definitions
of my desktop as, for example, the image of background. I can't neither do 3
priority updates of Windows, because it apeears a message saying that it's
not possible install the updates and that I've to reboot the computer.
I made some updates in the anti virus, but there are some that I can't do,
because the system doesn't install it.
Have you some suggestions for this.
Once more, thanks.

MN
 
M. Neves said:
Hello:
Before anything else, thank you for your help.
I did what you suggest and it woks 90%.
Now, my computer is working better, but I can't yet change the
definitions of my desktop as, for example, the image of background. I
can't neither do 3 priority updates of Windows, because it apeears a
message saying that it's not possible install the updates and that
I've to reboot the computer. I made some updates in the anti virus,
but there are some that I can't do, because the system doesn't install
it. Have you some suggestions for this.
Once more, thanks.
Click to expand...

Your computer is probably still not clean. Go through the Smitfraud
removal steps:

http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan

After you've done that, post back with results. If you still have errors
then you need to quote the full text of the error messages and be very
precise about what updates, etc.

Malke
 
Hello again:
My computer is still infected. My desktop doesn't work very well. Wen I run
Smitfraud, it shows a n error message that ssays tht there aren't permissions
to access.
My keyboard configuration is always in english and it's impossible to change
ito, for example, to Portuguese definitions.
Have you some suggestions to resolve this?
Thanks a lot!

Neves
 
M. Neves said:
Hello again:
My computer is still infected. My desktop doesn't work very well. Wen
I run Smitfraud, it shows a n error message that ssays tht there
aren't permissions to access.
My keyboard configuration is always in english and it's impossible to
change ito, for example, to Portuguese definitions.
Have you some suggestions to resolve this?
Thanks a lot!
Click to expand...

Either:

1. Run HijackThis and post your log to one of the following specialty
forums (listed in no particular order) - and not here:

http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forums.subratam.org/index.php?showforum=7
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/

OR

2. Take your machine to a professional computer repair shop (not your
local version of BigStoreUSA).

OR

3. Back up your data and do a clean install of Windows.
http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To
http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows -
What you will need on-hand

Malke
 
Helho, once again:
The result of Hijackthis is:

Logfile of HijackThis v1.99.1
Scan saved at 11:41:27, on 11-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
c:\Programas\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\a-squared Free\a2free.exe
C:\Programas\a-squared Anti-Dialer\a2adwizard.exe
C:\Downs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.sapo.pt
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910}
- C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LVCOMS] C:\Programas\Ficheiros
comuns\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair]
C:\Programas\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray]
C:\Programas\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programas\HP\HP
Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programas\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Programas\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [type32] "C:\Programas\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [DXDllRegExe]
C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
O4 - HKLM\..\Run: [SSI] C:\Programas\Trisnap Technologies\SSI\ssi /s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat
7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programas\Ficheiros comuns\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [BootWarn] C:\Programas\Norton SystemWorks\Norton
AntiVirus\BootWarn.exe /a
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [a-squared] "C:\Programas\a-squared
Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programas\a-squared
Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\RunOnce: [RUN1] C:\WINDOWS\system32\regsvr32.exe /s
C:\PROGRA~1\FICHEI~1\Symantec Shared\LiveReg\IraVcObj.dll
O4 - HKCU\..\Run: [SUPERAntiSpyware]
C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programas\Norton
SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE
CfgWiz
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk =
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk =
C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Programas\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Programas\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Programas\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Programas\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Programas\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Programas\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Programas\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://C:\Programas\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel -
res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{0A8F3522-DF7D-458C-8278-317F4D6D6857}:
NameServer = 192.168.0.1
O17 -
HKLM\System\CS1\Services\Tcpip\..\{0A8F3522-DF7D-458C-8278-317F4D6D6857}:
NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\System32\DPWLEvHd.dll
O20 - Winlogon Notify: SASWinLogon -
C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros
comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation -
C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. -
C:\Programas\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona,
Inc. - C:\Programas\DigitalPersona\Bin\DpHost.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) -
Symantec Corporation - C:\Programas\Norton SystemWorks\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Programas\Norton SystemWorks\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton
SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\FICHEI~1\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\Trisnap
Technologies\SSI\SysEnforce.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp
Software GmbH - C:\Programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe


Neves
 
M. Neves said:
Helho, once again:
The result of Hijackthis is:

Logfile of HijackThis v1.99.1
Click to expand...

(snip)

What part of "not here" didn't you understand? We ask that you *not*
post HJT logs in the MS newsgroups. Analyzing HJT logs takes a great
deal of time and expertise and you will not get the extended help you
need here. Register at one of the forums I gave you, read their posting
FAQ, and post your log there.

Malke
 
Sorry, it was the first but also the last time that I did this.
I will not annoy you more.
 
Back
Top