Start button restricted

  • Thread starter Thread starter Ken
  • Start date Start date
K

Ken

I have a Win2K Pro machine that was in the high school
library and logged on to a Power User account. A student
used the machine and accessed one or more Internet sites
which changed the characteristics of that user account's
capabilities. It now:
1. Has no context - right-click - feature
2. Start button only opens the Shutdown dialog box
3. My Computer and My Network Places don't work when
clicked on
4. IE homepage had been set to passthison.com

Using AdAware and Spybot, I removed all of the Internet
malware, but the desktop startup problem remains. If I
log on as administrator, all seems to work as it should.

Any recommendations about how to correct this? Thanks
very much.
 
Hi Ken - First, download and run:
http://www.kellys-korner-xp.com/regs_edits/startmenunochangeundo.reg from
Kelly's site 31, Right, here: http://www.kellys-korner-xp.com/xp_tweaks.htm
(Fine for Win2k)

Then go here http://www.dougknox.com/xp/utils/xp_securityconsole.htm and
download Doug's Security Console (works fine in Win2k). Look first on the
"Start Menu and Taskbar" tab. You'll probably see a number of "remove's"
and "disabled's" checked. Uncheck the ones you want to enable and click
"Apply". Then take a look at ALL the other tabs. You may find others that
are inappropriately set. Use some care about disabling other things! Exit
and re-boot.

If you cannot manually change your Home Page in IE6 Tools|Internet
Options|General tab, then take a look in Start|Programs|Startup and see if
you see an entry reg or reg.hta. If you find such an entry,
then right click, Delete it and then reboot and try resetting your homepage
again.

Lastly UPDATE and run AdAware, SpyBot S&D and then:

Download, UPDATE before running, and run:
http://209.133.47.200/~merijn/files/CWShredder.exe to remove the parasite.
Be sure to close all instances of IE and OE.

Then download and run:
http://www.kellys-korner-xp.com/regs_edits/iegentabs.reg to restore your
tabs and remove any restrictions that the parasite has put in place.

Be sure that you also download and install hotfix Q816093, here:

http://support.microsoft.com/?kbid=816093#appliesto

which blocks the exploit upon which this parasite family depends.

Now download and run:
http://www.kellys-korner-xp.com/regs_edits/RestoreSearch2.REG to restore
your search functions if they appear to have been compromised.



If the above doesn't fix things then start here:

Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED very
frequently.) You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

Unzip it to any convenient folder, start it then press Scan. Click on
SaveLog when it's finished which will create hijackthis.log. Now click the
Config button, then Misc Tools and click on Generate StartupList.log which
will create Startuplist.txt

Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/

or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s).




Once you get this cleaned up, you might want to consider installing the
SpywareBlaster and SpywareGuard here to help prevent this kind of thing from
happening in the future:

http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it UPDATED) The latest version as of this writing
will prevent installation or prevent the malware from running if it is
already installed, and it provides information and fixit-links for a variety
of parasites.

http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. Both Very Highly Recommended



Post back here please with your results telling us what specifically worked
and what didn't at each point, if you would.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
 
Hi Ken - First, download and run:
http://www.kellys-korner-xp.com/regs_edits/startmenunochangeundo.reg from
Kelly's site 31, Right, here: http://www.kellys-korner-xp.com/xp_tweaks.htm
(Fine for Win2k)

Then go here http://www.dougknox.com/xp/utils/xp_securityconsole.htm and
download Doug's Security Console (works fine in Win2k). Look first on the
"Start Menu and Taskbar" tab. You'll probably see a number of "remove's"
and "disabled's" checked. Uncheck the ones you want to enable and click
"Apply". Then take a look at ALL the other tabs. You may find others that
are inappropriately set. Use some care about disabling other things! Exit
and re-boot.

If you cannot manually change your Home Page in IE6 Tools|Internet
Options|General tab, then take a look in Start|Programs|Startup and see if
you see an entry reg or reg.hta. If you find such an entry,
then right click, Delete it and then reboot and try resetting your homepage
again.

Lastly UPDATE and run AdAware, SpyBot S&D and then:

Download, UPDATE before running, and run:
http://209.133.47.200/~merijn/files/CWShredder.exe to remove the parasite.
Be sure to close all instances of IE and OE.

Then download and run:
http://www.kellys-korner-xp.com/regs_edits/iegentabs.reg to restore your
tabs and remove any restrictions that the parasite has put in place.

Be sure that you also download and install hotfix Q816093, here:

http://support.microsoft.com/?kbid=816093#appliesto

which blocks the exploit upon which this parasite family depends.

Now download and run:
http://www.kellys-korner-xp.com/regs_edits/RestoreSearch2.REG to restore
your search functions if they appear to have been compromised.



If the above doesn't fix things then start here:

Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED very
frequently.) You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

Unzip it to any convenient folder, start it then press Scan. Click on
SaveLog when it's finished which will create hijackthis.log. Now click the
Config button, then Misc Tools and click on Generate StartupList.log which
will create Startuplist.txt

Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/

or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s).




Once you get this cleaned up, you might want to consider installing the
SpywareBlaster and SpywareGuard here to help prevent this kind of thing from
happening in the future:

http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it UPDATED) The latest version as of this writing
will prevent installation or prevent the malware from running if it is
already installed, and it provides information and fixit-links for a variety
of parasites.

http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. Both Very Highly Recommended



Post back here please with your results telling us what specifically worked
and what didn't at each point, if you would.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
 
Jim -

Not having much success, and I think that's because I
can't log in as the PowerUser and do anything like run a
program or snoop around.

I did log in as the Admin and run startmenunochangeundo.
I don't know that it did anything or not.

Since I can't run as the user, I licensed the Security
Console and ran it from Admin. I asked it to change
Profiles and I got an error message with "RunTime error
9: Subscript out of range." I did try to start Security
Console thru the user's StartUp folder, but that didn't
work either.

I thought about running HiJackThis, but again since I
have to do it as Admin and I don't see any problems when
I'm logged in that way, I don't think it will show any
signs of an infection.

I'm open to any and all suggestions. Thanks very much.

Ken
-----Original Message-----
Hi Ken - First, download and run:
http://www.kellys-korner-
Click to expand...
xp.com/regs_edits/startmenunochangeundo.reg from
Kelly's site 31, Right, here: http://www.kellys-korner- xp.com/xp_tweaks.htm
(Fine for Win2k)

Then go here http://www.dougknox.com/xp/utils/xp_securityconsole.htm
and
download Doug's Security Console (works fine in Win2k). Look first on the
"Start Menu and Taskbar" tab. You'll probably see a number of "remove's"
and "disabled's" checked. Uncheck the ones you want to enable and click
"Apply". Then take a look at ALL the other tabs. You may find others that
are inappropriately set. Use some care about disabling other things! Exit
and re-boot.

If you cannot manually change your Home Page in IE6 Tools|Internet
Options|General tab, then take a look in
Click to expand...
Start|Programs|Startup and see if
you see an entry reg or reg.hta. If you find such an entry,
then right click, Delete it and then reboot and try resetting your homepage
again.

Lastly UPDATE and run AdAware, SpyBot S&D and then:

Download, UPDATE before running, and run:
http://209.133.47.200/~merijn/files/CWShredder.exe to remove the parasite.
Be sure to close all instances of IE and OE.

Then download and run:
http://www.kellys-korner-xp.com/regs_edits/iegentabs.reg to restore your
tabs and remove any restrictions that the parasite has put in place.

Be sure that you also download and install hotfix Q816093, here:

http://support.microsoft.com/?kbid=816093#appliesto

which blocks the exploit upon which this parasite family depends.

Now download and run:
http://www.kellys-korner-
Click to expand...
xp.com/regs_edits/RestoreSearch2.REG to restore
your search functions if they appear to have been compromised.



If the above doesn't fix things then start here:

Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED very
frequently.) You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?
Click to expand...
id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

Unzip it to any convenient folder, start it then press Scan. Click on
SaveLog when it's finished which will create hijackthis.log. Now click the
Config button, then Misc Tools and click on Generate StartupList.log which
will create Startuplist.txt

Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/

or Net-Integration here:
http://www.net-integration.net/cgi- bin/forum/ikonboard.cgi?
s=d3c2c886d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s).




Once you get this cleaned up, you might want to consider installing the
SpywareBlaster and SpywareGuard here to help prevent this kind of thing from
happening in the future:

http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it UPDATED) The latest version as of this writing
will prevent installation or prevent the malware from running if it is
already installed, and it provides information and fixit- links for a variety
of parasites.

http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. Both Very Highly Recommended



Post back here please with your results telling us what specifically worked
and what didn't at each point, if you would.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
Ken said:
I have a Win2K Pro machine that was in the high school
library and logged on to a Power User account. A student
used the machine and accessed one or more Internet sites
which changed the characteristics of that user account's
capabilities. It now:
1. Has no context - right-click - feature
2. Start button only opens the Shutdown dialog box
3. My Computer and My Network Places don't work when
clicked on
4. IE homepage had been set to passthison.com

Using AdAware and Spybot, I removed all of the Internet
malware, but the desktop startup problem remains. If I
log on as administrator, all seems to work as it should.

Any recommendations about how to correct this? Thanks
very much.
Click to expand...

.
Click to expand...
 
Jim -

Not having much success, and I think that's because I
can't log in as the PowerUser and do anything like run a
program or snoop around.

I did log in as the Admin and run startmenunochangeundo.
I don't know that it did anything or not.

Since I can't run as the user, I licensed the Security
Console and ran it from Admin. I asked it to change
Profiles and I got an error message with "RunTime error
9: Subscript out of range." I did try to start Security
Console thru the user's StartUp folder, but that didn't
work either.

I thought about running HiJackThis, but again since I
have to do it as Admin and I don't see any problems when
I'm logged in that way, I don't think it will show any
signs of an infection.

I'm open to any and all suggestions. Thanks very much.

Ken
-----Original Message-----
Hi Ken - First, download and run:
http://www.kellys-korner-
Click to expand...
xp.com/regs_edits/startmenunochangeundo.reg from
Kelly's site 31, Right, here: http://www.kellys-korner- xp.com/xp_tweaks.htm
(Fine for Win2k)

Then go here http://www.dougknox.com/xp/utils/xp_securityconsole.htm
and
download Doug's Security Console (works fine in Win2k). Look first on the
"Start Menu and Taskbar" tab. You'll probably see a number of "remove's"
and "disabled's" checked. Uncheck the ones you want to enable and click
"Apply". Then take a look at ALL the other tabs. You may find others that
are inappropriately set. Use some care about disabling other things! Exit
and re-boot.

If you cannot manually change your Home Page in IE6 Tools|Internet
Options|General tab, then take a look in
Click to expand...
Start|Programs|Startup and see if
you see an entry reg or reg.hta. If you find such an entry,
then right click, Delete it and then reboot and try resetting your homepage
again.

Lastly UPDATE and run AdAware, SpyBot S&D and then:

Download, UPDATE before running, and run:
http://209.133.47.200/~merijn/files/CWShredder.exe to remove the parasite.
Be sure to close all instances of IE and OE.

Then download and run:
http://www.kellys-korner-xp.com/regs_edits/iegentabs.reg to restore your
tabs and remove any restrictions that the parasite has put in place.

Be sure that you also download and install hotfix Q816093, here:

http://support.microsoft.com/?kbid=816093#appliesto

which blocks the exploit upon which this parasite family depends.

Now download and run:
http://www.kellys-korner-
Click to expand...
xp.com/regs_edits/RestoreSearch2.REG to restore
your search functions if they appear to have been compromised.



If the above doesn't fix things then start here:

Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED very
frequently.) You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?
Click to expand...
id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

Unzip it to any convenient folder, start it then press Scan. Click on
SaveLog when it's finished which will create hijackthis.log. Now click the
Config button, then Misc Tools and click on Generate StartupList.log which
will create Startuplist.txt

Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/

or Net-Integration here:
http://www.net-integration.net/cgi- bin/forum/ikonboard.cgi?
s=d3c2c886d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s).




Once you get this cleaned up, you might want to consider installing the
SpywareBlaster and SpywareGuard here to help prevent this kind of thing from
happening in the future:

http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it UPDATED) The latest version as of this writing
will prevent installation or prevent the malware from running if it is
already installed, and it provides information and fixit- links for a variety
of parasites.

http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. Both Very Highly Recommended



Post back here please with your results telling us what specifically worked
and what didn't at each point, if you would.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
Ken said:
I have a Win2K Pro machine that was in the high school
library and logged on to a Power User account. A student
used the machine and accessed one or more Internet sites
which changed the characteristics of that user account's
capabilities. It now:
1. Has no context - right-click - feature
2. Start button only opens the Shutdown dialog box
3. My Computer and My Network Places don't work when
clicked on
4. IE homepage had been set to passthison.com

Using AdAware and Spybot, I removed all of the Internet
malware, but the desktop startup problem remains. If I
log on as administrator, all seems to work as it should.

Any recommendations about how to correct this? Thanks
very much.
Click to expand...

.
Click to expand...
 
Hi Ken - Well, you didn't mention that before - that you couldn't log in as
the User in question. :) If you can't log in as the User to that account,
you may have serious difficulty cleaning this up given the actions you're
seeing. I would almost suggest doing a Repair (Upgrade) re-install at this
point, even though you'll have to do the updates again. (What happens when
you try to log in, BTW?)

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
Ken said:
Jim -

Not having much success, and I think that's because I
can't log in as the PowerUser and do anything like run a
program or snoop around.

I did log in as the Admin and run startmenunochangeundo.
I don't know that it did anything or not.

Since I can't run as the user, I licensed the Security
Console and ran it from Admin. I asked it to change
Profiles and I got an error message with "RunTime error
9: Subscript out of range." I did try to start Security
Console thru the user's StartUp folder, but that didn't
work either.

I thought about running HiJackThis, but again since I
have to do it as Admin and I don't see any problems when
I'm logged in that way, I don't think it will show any
signs of an infection.

I'm open to any and all suggestions. Thanks very much.

Ken
-----Original Message-----
Hi Ken - First, download and run:
http://www.kellys-korner- xp.com/regs_edits/startmenunochangeundo.reg from
Kelly's site 31, Right, here: http://www.kellys-korner- xp.com/xp_tweaks.htm
(Fine for Win2k)

Then go here http://www.dougknox.com/xp/utils/xp_securityconsole.htm
and
download Doug's Security Console (works fine in Win2k). Look first on the
"Start Menu and Taskbar" tab. You'll probably see a number of "remove's"
and "disabled's" checked. Uncheck the ones you want to enable and click
"Apply". Then take a look at ALL the other tabs. You may find others that
are inappropriately set. Use some care about disabling other things! Exit
and re-boot.

If you cannot manually change your Home Page in IE6 Tools|Internet
Options|General tab, then take a look in
Click to expand...
Start|Programs|Startup and see if
you see an entry reg or reg.hta. If you find such an entry,
then right click, Delete it and then reboot and try resetting your homepage
again.

Lastly UPDATE and run AdAware, SpyBot S&D and then:

Download, UPDATE before running, and run:
http://209.133.47.200/~merijn/files/CWShredder.exe to remove the parasite.
Be sure to close all instances of IE and OE.

Then download and run:
http://www.kellys-korner-xp.com/regs_edits/iegentabs.reg to restore your
tabs and remove any restrictions that the parasite has put in place.

Be sure that you also download and install hotfix Q816093, here:

http://support.microsoft.com/?kbid=816093#appliesto

which blocks the exploit upon which this parasite family depends.

Now download and run:
http://www.kellys-korner- xp.com/regs_edits/RestoreSearch2.REG to restore
your search functions if they appear to have been compromised.



If the above doesn't fix things then start here:

Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED very
frequently.) You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?
id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

Unzip it to any convenient folder, start it then press Scan. Click on
SaveLog when it's finished which will create hijackthis.log. Now click the
Config button, then Misc Tools and click on Generate StartupList.log which
will create Startuplist.txt

Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/

or Net-Integration here:
http://www.net-integration.net/cgi- bin/forum/ikonboard.cgi?
s=d3c2c886d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s).




Once you get this cleaned up, you might want to consider installing the
SpywareBlaster and SpywareGuard here to help prevent this kind of thing from
happening in the future:

http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it UPDATED) The latest version as of this writing
will prevent installation or prevent the malware from running if it is
already installed, and it provides information and fixit- links for a variety
of parasites.

http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. Both Very Highly Recommended



Post back here please with your results telling us what specifically worked
and what didn't at each point, if you would.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
Ken said:
I have a Win2K Pro machine that was in the high school
library and logged on to a Power User account. A student
used the machine and accessed one or more Internet sites
which changed the characteristics of that user account's
capabilities. It now:
1. Has no context - right-click - feature
2. Start button only opens the Shutdown dialog box
3. My Computer and My Network Places don't work when
clicked on
4. IE homepage had been set to passthison.com

Using AdAware and Spybot, I removed all of the Internet
malware, but the desktop startup problem remains. If I
log on as administrator, all seems to work as it should.

Any recommendations about how to correct this? Thanks
very much.
Click to expand...

.
Click to expand...
Click to expand...
 
Hi Ken - Well, you didn't mention that before - that you couldn't log in as
the User in question. :) If you can't log in as the User to that account,
you may have serious difficulty cleaning this up given the actions you're
seeing. I would almost suggest doing a Repair (Upgrade) re-install at this
point, even though you'll have to do the updates again. (What happens when
you try to log in, BTW?)

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
Ken said:
Jim -

Not having much success, and I think that's because I
can't log in as the PowerUser and do anything like run a
program or snoop around.

I did log in as the Admin and run startmenunochangeundo.
I don't know that it did anything or not.

Since I can't run as the user, I licensed the Security
Console and ran it from Admin. I asked it to change
Profiles and I got an error message with "RunTime error
9: Subscript out of range." I did try to start Security
Console thru the user's StartUp folder, but that didn't
work either.

I thought about running HiJackThis, but again since I
have to do it as Admin and I don't see any problems when
I'm logged in that way, I don't think it will show any
signs of an infection.

I'm open to any and all suggestions. Thanks very much.

Ken
-----Original Message-----
Hi Ken - First, download and run:
http://www.kellys-korner- xp.com/regs_edits/startmenunochangeundo.reg from
Kelly's site 31, Right, here: http://www.kellys-korner- xp.com/xp_tweaks.htm
(Fine for Win2k)

Then go here http://www.dougknox.com/xp/utils/xp_securityconsole.htm
and
download Doug's Security Console (works fine in Win2k). Look first on the
"Start Menu and Taskbar" tab. You'll probably see a number of "remove's"
and "disabled's" checked. Uncheck the ones you want to enable and click
"Apply". Then take a look at ALL the other tabs. You may find others that
are inappropriately set. Use some care about disabling other things! Exit
and re-boot.

If you cannot manually change your Home Page in IE6 Tools|Internet
Options|General tab, then take a look in
Click to expand...
Start|Programs|Startup and see if
you see an entry reg or reg.hta. If you find such an entry,
then right click, Delete it and then reboot and try resetting your homepage
again.

Lastly UPDATE and run AdAware, SpyBot S&D and then:

Download, UPDATE before running, and run:
http://209.133.47.200/~merijn/files/CWShredder.exe to remove the parasite.
Be sure to close all instances of IE and OE.

Then download and run:
http://www.kellys-korner-xp.com/regs_edits/iegentabs.reg to restore your
tabs and remove any restrictions that the parasite has put in place.

Be sure that you also download and install hotfix Q816093, here:

http://support.microsoft.com/?kbid=816093#appliesto

which blocks the exploit upon which this parasite family depends.

Now download and run:
http://www.kellys-korner- xp.com/regs_edits/RestoreSearch2.REG to restore
your search functions if they appear to have been compromised.



If the above doesn't fix things then start here:

Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED very
frequently.) You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?
id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

Unzip it to any convenient folder, start it then press Scan. Click on
SaveLog when it's finished which will create hijackthis.log. Now click the
Config button, then Misc Tools and click on Generate StartupList.log which
will create Startuplist.txt

Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/

or Net-Integration here:
http://www.net-integration.net/cgi- bin/forum/ikonboard.cgi?
s=d3c2c886d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s).




Once you get this cleaned up, you might want to consider installing the
SpywareBlaster and SpywareGuard here to help prevent this kind of thing from
happening in the future:

http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it UPDATED) The latest version as of this writing
will prevent installation or prevent the malware from running if it is
already installed, and it provides information and fixit- links for a variety
of parasites.

http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. Both Very Highly Recommended



Post back here please with your results telling us what specifically worked
and what didn't at each point, if you would.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
Ken said:
I have a Win2K Pro machine that was in the high school
library and logged on to a Power User account. A student
used the machine and accessed one or more Internet sites
which changed the characteristics of that user account's
capabilities. It now:
1. Has no context - right-click - feature
2. Start button only opens the Shutdown dialog box
3. My Computer and My Network Places don't work when
clicked on
4. IE homepage had been set to passthison.com

Using AdAware and Spybot, I removed all of the Internet
malware, but the desktop startup problem remains. If I
log on as administrator, all seems to work as it should.

Any recommendations about how to correct this? Thanks
very much.
Click to expand...

.
Click to expand...
Click to expand...
 
In said:
Hi Ken - Well, you didn't mention that before - that you couldn't
log in as the User in question. :) If you can't log in as the
User to that account, you may have serious difficulty cleaning
this up given the actions you're seeing. I would almost suggest
doing a Repair (Upgrade) re-install at this point, even though
you'll have to do the updates again. (What happens when you try
to log in, BTW?)
Click to expand...

Could possibly be limited to a single "bad" profile perhaps...worth
eliminating that possibility I would think.
 
In said:
Hi Ken - Well, you didn't mention that before - that you couldn't
log in as the User in question. :) If you can't log in as the
User to that account, you may have serious difficulty cleaning
this up given the actions you're seeing. I would almost suggest
doing a Repair (Upgrade) re-install at this point, even though
you'll have to do the updates again. (What happens when you try
to log in, BTW?)
Click to expand...

Could possibly be limited to a single "bad" profile perhaps...worth
eliminating that possibility I would think.
 
Hi Ken - Mark's suggestion is a good one and worth trying before going to a
re-install. Just delete the problem profile and create a fresh one and see
if that straightens things out.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
 
Hi Ken - Mark's suggestion is a good one and worth trying before going to a
re-install. Just delete the problem profile and create a fresh one and see
if that straightens things out.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
 
Jim-

First, an apology for some poor wording. I can log in as
the power user but once at the desktop I can't do very
much of anything. Clicking on Start brings up the
ShutDown dialogue box. Clicking on My Computer does
nothing. I believe IE would still work as it does start,
but since I don't have this machine on the net right now,
it can only work offline. As admin, I dropped a shortcut
to xp_securityconsole on the ALL USERS desktop, then
logged in as a power user. I could click on the shortcut,
but nothing ever started.

Getting ready for work this morning I was thinking I
should try a new user. Look at this thread, and there
were those suggestions. A bit scary! I deleted the power
user and re-booted. I then created a power user, a guest
and a second admin user. The power and guest accounts
react the same way as the original power user - you get
to the desktop, and then nothing.

Obviously, my problem lies in the base profile of these
user types. Anyway short of a re-install of Win2K to
correct them? Thanks very much to you and Marc for your
help.
 
Jim-

First, an apology for some poor wording. I can log in as
the power user but once at the desktop I can't do very
much of anything. Clicking on Start brings up the
ShutDown dialogue box. Clicking on My Computer does
nothing. I believe IE would still work as it does start,
but since I don't have this machine on the net right now,
it can only work offline. As admin, I dropped a shortcut
to xp_securityconsole on the ALL USERS desktop, then
logged in as a power user. I could click on the shortcut,
but nothing ever started.

Getting ready for work this morning I was thinking I
should try a new user. Look at this thread, and there
were those suggestions. A bit scary! I deleted the power
user and re-booted. I then created a power user, a guest
and a second admin user. The power and guest accounts
react the same way as the original power user - you get
to the desktop, and then nothing.

Obviously, my problem lies in the base profile of these
user types. Anyway short of a re-install of Win2K to
correct them? Thanks very much to you and Marc for your
help.
 
Jim -

First, an apology for some poor wording. I can log in as
the power user but once at the desktop I can't do very
much of anything. Clicking on Start brings up the
ShutDown dialogue box. Clicking on My Computer does
nothing. I believe IE would still work as it does start,
but since I don't have this machine on the net right now,
it can only work offline. As admin, I dropped a shortcut
to xp_securityconsole on the ALL USERS desktop, then
logged in as a power user. I could click on the shortcut,
but nothing ever started.

Getting ready for work this morning I was thinking I
should try a new user. Look at this thread, and there
were those suggestions. A bit scary! I deleted the power
user and re-booted. I then created a power user, a guest
and a second admin user. The power and guest accounts
react the same way as the original power user - you get
to the desktop, and then nothing.

Obviously, my problem lies in the base profile of these
user types. Anyway short of a re-install of Win2K to
correct them? Thanks very much to you and Mark for your
help.

Ken
 
Jim -

First, an apology for some poor wording. I can log in as
the power user but once at the desktop I can't do very
much of anything. Clicking on Start brings up the
ShutDown dialogue box. Clicking on My Computer does
nothing. I believe IE would still work as it does start,
but since I don't have this machine on the net right now,
it can only work offline. As admin, I dropped a shortcut
to xp_securityconsole on the ALL USERS desktop, then
logged in as a power user. I could click on the shortcut,
but nothing ever started.

Getting ready for work this morning I was thinking I
should try a new user. Look at this thread, and there
were those suggestions. A bit scary! I deleted the power
user and re-booted. I then created a power user, a guest
and a second admin user. The power and guest accounts
react the same way as the original power user - you get
to the desktop, and then nothing.

Obviously, my problem lies in the base profile of these
user types. Anyway short of a re-install of Win2K to
correct them? Thanks very much to you and Mark for your
help.

Ken
 
Back
Top