GeekPolice Tech TutorialsLog in

 

Share

descriptionvirus closes any scanning software/denies permission

more_horiz
hello there
my problem sounds exactly like this guy's:
http://www.geekpolice.net/virus-spyware-malware-removal-f11/you-may-not-have-the-appropriate-permission-to-access-the-item-t14536.htm

can't run hijackthis, malwarebytes, etc.

Any time the virus is detected by any sort of virus scan, it shuts down the scanning software and forbids permission to it.
"Windows cannot access the specified device,path, or file. You may not have the appropriate permissions to access the item."

A fresh install of the program in question, or running it through a webbrowser (as in the case of superantispyware's online scanner) allows me to run the program again, until the scan is detected and shut down again.

using avast!'s boottime scan, and Superantispyware's online scanner i was able to get rid of some of the tagalong trojans, but the big meanie that's shutting me out persists. The comp is running pretty ok despite all this, but there's definitely a downloader or two still active, as new problems continue to pop up. I suspect that avast! wouldve solved the problem, except that as part of avast's initial load procedure it does a memory test which causes it to be shut down and forbidden. As such I cannot update its virus definitions or schedule a boot time scan except on a fresh installation.

descriptionRe: virus closes any scanning software/denies permission

more_horiz
oh and heres a systemlook for the files that other guy looked for

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:44 on 20/09/2009 by Nick (Administrator - Elevation successful)

========== filefind ==========

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [13:32 03/06/2008] [05:56 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [13:27 03/06/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 61952 bytes [05:56 04/08/2004] [00:11 14/04/2008] (Unable to calculate MD5)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [13:32 03/06/2008] [05:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [13:28 03/06/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [05:56 04/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

========== filefind ==========

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [13:32 03/06/2008] [05:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [13:28 03/06/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [05:56 04/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

========== filefind ==========

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

descriptionRe: virus closes any scanning software/denies permission

more_horiz
oh i see

systemlook shows where the lockup is designating it with "(Unable to calculate MD5)"

then you use avenger to stop new restrictions, and traditional tools like malwarebytes and hijackthis from there.

I can handle it from here, i know you didnt reply but the forums themselves were invaluable.

descriptionRe: virus closes any scanning software/denies permission

more_horiz
Hello.
Please be informed that tools like the avenger are extremely powerful and only used in occasions like this one. The avenger can cause major damage if used incorrectly.

Do you still need help?

descriptionRe: virus closes any scanning software/denies permission

more_horiz
no thank you!

i started looking around at the other posts and noticed that quite a few ppl were having the exact same problem as me, with varying degrees of severity. I've handled major viral infectios before, I just had no idea how to go about getting around the permissions lockout. Since this was the first step in every solution to THIS problem in the forums, I puzzled out the methodology and got past that part. That being done, I can (and have) rooted out the rest of the problems on my own. Thanks again for being here!
Permissions in this forum:
You cannot reply to topics in this forum