S
Stephen Howe
Hi
I have been sorting out my brothers laptop (running Win2000 Professional,
SP4) which seems have been infected with VX2 (nasty as that installs itself
as a critical service - gets loaded in safe mode).
He has Mcafees but I think the various malware executables nobbled this on
installation. It seems to be missing parts.
I have run latest Stinger, Ad-Aware (found 127 items) and also HiJackThis
(as Ad-Aware in Safe Mode did not get rid of everything).
I think it is clean. Nothing strange appears in HiJackThis. All crud deleted
off laptop.
(But I will know for sure once I reinstall McAfees).
But I have 2 problems.
1. If I boot as my brother in Safe Mode I cannot run RegEdit from Start ->
Run...
I get "This operation has been cancelled due to restrictions in effect on
this computer. Please contact your system administrator".
I find this odd as he has administrator rights. So why is this happening?
If I log in as "Administrator", there is no problem running RegEdit.
2. If I fire up Control Panel,click on Add/Remove Programs, I just see no
entries except a string across the top saying
"Change or Remove ProgramsAdd New ProgramsAdd/Remove Windows ComponentsSet
Program Access and Defaults"
Note the lack of spaces or anything between column headers.
Yet in RegEdit, I can see many entries under
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
They are all there.
Now I have read about
(i) Keyname longer than 63 chars
(ii) DisplayName longer than 63 chars
I don't think I have either for entries (some dont have a DispalyName just
QuietDisplayName).
I will check again if anyone thinks that is worthwhile.
- should I reinstall Control Panel applet from win2000 CD? If so - how do I
do that?
- what else should I do?
3. Is there any tools that come with Win2000 I should be running to reapair
the PC?
I don't think my brother has backed up any parts of the registry for a long
time.
Cheers
Stephen Howe
I have been sorting out my brothers laptop (running Win2000 Professional,
SP4) which seems have been infected with VX2 (nasty as that installs itself
as a critical service - gets loaded in safe mode).
He has Mcafees but I think the various malware executables nobbled this on
installation. It seems to be missing parts.
I have run latest Stinger, Ad-Aware (found 127 items) and also HiJackThis
(as Ad-Aware in Safe Mode did not get rid of everything).
I think it is clean. Nothing strange appears in HiJackThis. All crud deleted
off laptop.
(But I will know for sure once I reinstall McAfees).
But I have 2 problems.
1. If I boot as my brother in Safe Mode I cannot run RegEdit from Start ->
Run...
I get "This operation has been cancelled due to restrictions in effect on
this computer. Please contact your system administrator".
I find this odd as he has administrator rights. So why is this happening?
If I log in as "Administrator", there is no problem running RegEdit.
2. If I fire up Control Panel,click on Add/Remove Programs, I just see no
entries except a string across the top saying
"Change or Remove ProgramsAdd New ProgramsAdd/Remove Windows ComponentsSet
Program Access and Defaults"
Note the lack of spaces or anything between column headers.
Yet in RegEdit, I can see many entries under
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
They are all there.
Now I have read about
(i) Keyname longer than 63 chars
(ii) DisplayName longer than 63 chars
I don't think I have either for entries (some dont have a DispalyName just
QuietDisplayName).
I will check again if anyone thinks that is worthwhile.
- should I reinstall Control Panel applet from win2000 CD? If so - how do I
do that?
- what else should I do?
3. Is there any tools that come with Win2000 I should be running to reapair
the PC?
I don't think my brother has backed up any parts of the registry for a long
time.
Cheers
Stephen Howe