29 total posts
Using computer with admin rights allows more functions in Internet Explorer which sometimes are unwanted. It happened to me once and it was a virus which i couldn't delete. It disabled my task manager and my registry editor. Also it wouldn't be that bad. Try something that happened to my friend's computer.
1. Press Ctrl+Shift+Esc to open the task manager.
2. Go to the "Applications" column and click New Task...
3. Write down explorer.exe and anything should be fine now.
If it's not a virus then something deleted something from your registry.
If it's a virus i don't really know what to do because I just reinstalled my computer.
If it's a registry delete try to look up for it and recover it or else you would have to do these three steps anytime you are logging into an account.
I hope that helps.
Things to try
Have you tried booting up to Windows Safe Mode with yours or your husband's account? Give it a try and see if you can see the desktop normally.
You can also try this: Boot up in regular mode, preferably with your husband's admin account. When you get to the wallpaper-only screen, press CTRL-SHIFT-ESC. Task Manager should come up. Find the listing in Task Manager's processes tab labeled "explorer.exe" and highlight it and "kill" the process. Ignore the warning, if it appears. If Task Manager goes away, type CTRL-SHIFT-ESC again and in Task Manager, click File/New Task and type in explorer.exe and click Run.
Things get back to normal?
In any event, report back on these tests (both of them). We can go from there with your results.
Didn't work - drat!
I think it's a virus because it tells me that Task Mgr has been disabled by administrator. It seems that the 'administrator' has had its rights removed. I can log in as administrator or my husband's account, but it won't let me change anything. I can only access task manager through the 'guest' account and those rights are restricted. I'm in a catch 22 I think.
Also, Safe mode won't work -- I can get to the safe mode choices, but when I choose anything but the 'start windows normally' choice, I get a blue screen listing the following error "stop: 0x0000007b.
So: - I'm prevented from Safe Mode, Administrator has no rights, can only get online or into windows using 'guest' account. If I could even access my husband's documents to save to a thumb drive, I'd have accomplished something, but again, 'guest' has no rights to do that.
Please tell me I'm not screwed!!!!!!!!!!!!
We have more options.
But as it stands we are only concerned with saving our files. Here's an old article I inspired -> http://tips.oncomputers.info/archives2004/0401/2004-Jan-11.htm
Fast forward to today and that Ubuntu boot CD will let you browse your files then save them to memory sticks or CDs.
Then you start over.
I have Knoppix on my computer
I happen to have a Knoppix folder on my computer (not sure why I downloaded it in the first place). In that folder are 5 files all starting with 'Knoppix_v5.3.1dvd-2008-03-26-de' and then ending in these different extensions: .iso, .iso.md.5, .iso.md5.asc, .iso.sha1, .iso.sha1.asc
Then there are two text files: 'knoppix-cheatcodes' and 'packages-dvd'
What file/files do I burn to my cd?
Then, this is what I understand to do: Go to bad computer into get into setup and change boot to boot from CD. Reboot with Knoppix CD in the drive. Is this right?
Thanks so much for all your help -- I deeply appreciate it.
If I had to guess, I'd say you have a malware/virus infection that's causing these issues. The STOP error you're getting in safe mode is for an "inaccessible boot device", but of course, the boot device is available in guest mode normal boot. Plus, all the things not available even when admin privileges are present point to this.
Bob is correct. First order of business would be to try and protect/backup your documents.
But I would also run a FREE bootable antivirus rescue CD. If you have a computer that can burn a disk, go here:
Create the bootable antivirus rescue disc, and run it.
Still need help, but getting closer
When I try to run rescue CD on bad pc (using 'guest' acct) a box pops up and says 'please choose the burning device' (and there isn't one listed in the drop down). Is it supposed to copy to another CD?
Should i first change the boot up to boot from CD? I didn't do that yet.
We're getting closer I think....
still won't run
I'm thinking the Avir rescue CD I made must not be right. I even burned a second one hoping that there was just a fluke, but the new one didn't work either. I'm in no way a techie, but I'm not stupid either. It's frustrating -- I think We're so close to cracking this case, too. Don't give up on me yet.
What do you mean "it's not right"?
Did it burn OK? You should have gotten a confirmation that the burn was successful and to reboot with the CD.
What exactly is the problem with the CD?
I figured it the disk thing out but...
I have the Avira rescue running for the second time. It identified the malware but didn't do anything -- isn't it supposed to fix it? I went in to the configuration then and checked the box "try to fix." If it doesn't, then what do I do? There were no other prompts from Avira when the first scan finished. What next?
Ok, what malware did it find?
It might not be able to fix what it found. Can you be more specific about what exactly it discovered? "Malware" can be something simple like cookies in a web browser, or much more insidious.
Lots of stuff
The scan results say 43 alerts, 2 suspicious, 0 repaired, 0 deleted, 0 renamed, 0 quarantined, 67 warnings. Many of the alerts say 'Is the Trojan horse not revmovable'
Another message says ALERT: [BDS/TDS.acs] /mnt/hda2/WINDOWS/SYSTEM32/TDSS1iqp.dll
Containes a detection pattern of the (dangerous) backdoor program BDS/TDSS.abd Backdoor server programs not removable
Now the log has many like this -- too many to type here.
What now? My McAfee virus scan won't run with me logged on as 'guest' Is there a way to run an antivirus like I just ran(the Avira)?
Ok, now we're getting somewhere
You've got a bad case of the TDSS Rootkit/Trojan.
AVG anti-virus has developed a tool that will disable the trojan driver and remove the remnants upon reboot. I only hope you can run it as a non-admin. It comes in a zip file. Unzip it and doubleclick to run it.
I ran it on the bad pc -- I double clicked and almost right away the window popped up and said 'OK - Rootkit driver has been disabled. Please restart your computer. Which I did, but nothing seems to have changed.
In answer to How do I make a Knoppix boot CD
I'm starting a new sub-thread here
Ran into the maximum posts issue. Anyway, the rootkit tool page says if anything is still disabled to run it again.
In the meantime, you can step it up a notch by downloading and running "combofix.exe" here:
Save to Desktop and then run it. Report back.
Lets keep on goin....
I finally got it to run. A DOS window comes up that says 'please wait. Combofix is preparing to run' I get warning beeps that tell me to turn off McAfee but of course it won't allow me to... Then I get a window open and it says: Were you trying to run CFScript? The name, CFScriptappears to be incorrectly spelt. There is a box that says 'OK' and there is also the little red x to close the window -- Ive tried closing that window both ways. After closing it appears that nothing is happening. When i check to see if it's running in my Task Mgr, there is nothing in applications or in the Processes. Any other suggestions?
Don't ask me why, but many tutorial sites for Combofix.exe say that the file --once downloaded-- should be renamed "combo-fix.exe" (vs. combofix.exe).
So, try renaming combofix.exe on your desktop to combo-fix.exe and then doubleclick on it to run it again.
Gotta love the word "spelt", lol.
Also try this rootkit detector/deleter
If Combofix still isn't working, try the GMER anti-rootkit scanner:
Unzip and doubleclick on the gmer.exe file. Have it search all available options. Report back.
Still no luck
I was able to download it (gmer), but it wouldn't run. There were no messages either, so I can't even guess why it won't run and do its thing. Anything else to try? I'm doing a 'laying on of hands' for a divine intervention, but I'm still trying the scientific way.....onward and upward.
Maybe this might work
At this point, you might need to creat a new user with Full Adm rights and see what happens. Go to Control panel\users and good luck!!
Need Admin rights
Tried it...I can't do what you suggest because only an administrator has the permission. Thanks anyway.
one more thing
Now I can get into the setup screen (f12) -- any hope of doing something there that will reset administer rights?
More things to try
But first, a little recap is in order and some clarification needed. I'll give you my other options after my questions. By the way, no, F12 won't help you with admin rights. That's the PC's setup, NOT Windows related.
1. What computer is this (make/model)?
2. Is this XP Pro or XP Home?
3. Have you tried any of the Windows keyboard shortcuts when you're logged in under your account, the Admin account, and/or Husband's account? The Windows keyboard shortcuts all use the Windows Key first (the Microsoft Logo key between the CTRL and ALT keys on the left side of the keyboard) plus another keyboard key. Example:
Windows Key plus the E key (hold down windows key while tapping the E key once) brings up Windows Explorer normally.
Windows Key plus the R key brings up the "Run" window, which could be very helpful.
Windows Key plus the Pause/Break key brings up the System Properties box. Again, this would be most helpful.
Try to get to those key combos when logged into the admin/husband's account and see if any of them work.
OK, one more question with a suggestion. Have you tried using your Windows CD to access Recovery Console? Recovery Console does require the Administrator password, but it sounds like you have that (even though it doesn't act like an admin account for you).
Boot from the Windows CD. When the option comes up for Repair, press the "R" key. This will attempt to start the Recovery Console. If it works, you'll be prompted for the Admin password. If you can get into Recovery Console, that's a very good sign. Just report back if you can access Recovery Console without actually doing anything inside of it. Recovery Console will leave you at what looks like a Dos prompt once it's all loaded, by the way.
Look at this website for screenshots of what to expect with Recovery Console:
Please! don't start using the commands they show. Look at the third Blue screenshot and the first two black screens that follow. (the first two blue screenshots are for Windows 2000 vs. Windows XP in the third screenshot.) For now, don't go any further than successfully entering the Administrator password and seeing the Dos-type prompt.
Report back with answers to all, please.
Have Windows XP Home, Version 5.1 service pack 3
Dell Inspiron 1000
Tried the windows shortcut keys - no luck. Have a reinstall disk from Dell, have not tried it -- not sure if it came with his computer or mine (inspiron 1501, Dell). I'll insert the disk and wait for your instruction. Oh, my husband's acct should be the administrator, but the user "administrator" has no password - is that an issue?
No, the lack of an admin password shouldn't matter. When prompted for it, just hit the enter key.
Shouldn't matter who's disk it is, as this is just basic pre-install XP stuff. In other words, recovery console is the same on all.
I'm at DOS screen - would it be easier if you IM'd me? or is that against the rules? If it's ok, my Windows live messenger is email@example.com and my AIM is churchladyaps. If you can't im, I'll be checking for you here.
Ok, I'll IM
My first name is Rick so that's who will be adding you to the contact list.