Virus locked out of admin

2 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

Re: Virus locked out of adminSat Jan 22, 2011 5:04 pm

Hi Belahzur,

I can download threw "admisnistrator", and "moms account", those are fine, but "Dads account" is not letting me download anything, in safemode nothing, I can only view web pages???

my I.E. browser wont update, it has a bar that says "Your current security settings put your computer at risk. Click here to change your security settings. I do click fix now, but it does nothing. stays there.

????
MW2

Re: Virus locked out of adminTue Jan 25, 2011 3:41 pm

Hi,

I took from a good laptop the two programs onto disc and tried to upload the programs into "dads account" and it will error on install but proceed to install if ignored.

MW2

Re: Virus locked out of adminTue Jan 25, 2011 8:15 pm

Okay.

Download MBRCheck to your desktop.

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

Re: Virus locked out of adminWed Jan 26, 2011 2:32 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 100):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8B43000 \WINDOWS\system32\KDCOM.DLL
0xF8A53000 \WINDOWS\system32\BOOTVID.dll
0xF85F4000 ACPI.sys
0xF8B45000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF85E3000 pci.sys
0xF8643000 isapnp.sys
0xF8653000 ohci1394.sys
0xF8663000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF8A57000 compbatt.sys
0xF8A5B000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8C0B000 pciide.sys
0xF88C3000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8B47000 intelide.sys
0xF8B49000 viaide.sys
0xF8B4B000 aliide.sys
0xF85C5000 pcmcia.sys
0xF8673000 MountMgr.sys
0xF85A6000 ftdisk.sys
0xF8A5F000 ACPIEC.sys
0xF8C0C000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF88CB000 PartMgr.sys
0xF8683000 VolSnap.sys
0xF858E000 atapi.sys
0xF84B8000 iaStor.sys
0xF8693000 disk.sys
0xF86A3000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8498000 fltmgr.sys
0xF88D3000 PxHelp20.sys
0xF8481000 KSecDD.sys
0xF83F4000 Ntfs.sys
0xF83C7000 NDIS.sys
0xF86B3000 Serial.sys
0xF83AD000 Mup.sys
0xF8AE3000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xF86D3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF89AB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8AEB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA780000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF89F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA75C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8A23000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA735000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF86E3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8903000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA705000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF8B51000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8943000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF86F3000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8703000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8713000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA6E2000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8723000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8B13000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA6CB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8733000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8743000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF89DB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA692000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8753000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A0B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A1B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8763000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B57000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA634000 \SystemRoot\system32\DRIVERS\update.sys
0xF8B2B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8B33000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF8773000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8783000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA7D8000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8B5F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D5C000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B63000 \SystemRoot\System32\Drivers\Beep.SYS
0xF898B000 \SystemRoot\System32\drivers\vga.sys
0xBA558000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8B67000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89B3000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89C3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8AEF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBA525000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA4CC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA4A4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA47E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA45C000 \SystemRoot\System32\drivers\afd.sys
0xF8793000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA431000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA3C1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA375000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA364000 \SystemRoot\System32\Drivers\Udfs.SYS
0xBA28E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8AE7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF890B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C24000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBA066000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9E66000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 17):
0 System Idle Process
4 System
508 C:\WINDOWS\system32\smss.exe
564 csrss.exe
588 C:\WINDOWS\system32\winlogon.exe
632 C:\WINDOWS\system32\services.exe
644 C:\WINDOWS\system32\lsass.exe
796 C:\WINDOWS\system32\svchost.exe
880 svchost.exe
1000 C:\WINDOWS\system32\svchost.exe
1056 svchost.exe
1180 svchost.exe
1408 C:\WINDOWS\explorer.exe
1988 C:\WINDOWS\system32\ctfmon.exe
1292 C:\Program Files\Internet Explorer\iexplore.exe
400 C:\Program Files\Internet Explorer\iexplore.exe
1364 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`f7aa5200 (FAT32)

PhysicalDrive0 Model Number: ST96812AS, Rev: 7.24

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D0919EC9044E217466E4B6B4F0D4E99E29BDE3F9

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

Re: Virus locked out of adminWed Jan 26, 2011 7:58 pm

Re-Run MBRCheck.exe

Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Please push the 'Y' key and then press Enter
When program ask you Enter your choice: enter
[1] Dump the MBR of a physical disk to file.
and press the Enter key
Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
Enter 0 and press the Enter key.
The program will show Available MBR codes:, followed by a list of operating systems. Please enter
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7 and then press Enter.
The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
Next, type -1 and press Enter. Next press Enter again, and the program will exit.
Save it to your desktop then attach the resultant output in your next reply

Re: Virus locked out of adminThu Jan 27, 2011 11:45 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 100):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8B43000 \WINDOWS\system32\KDCOM.DLL
0xF8A53000 \WINDOWS\system32\BOOTVID.dll
0xF85F4000 ACPI.sys
0xF8B45000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF85E3000 pci.sys
0xF8643000 isapnp.sys
0xF8653000 ohci1394.sys
0xF8663000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF8A57000 compbatt.sys
0xF8A5B000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8C0B000 pciide.sys
0xF88C3000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8B47000 intelide.sys
0xF8B49000 viaide.sys
0xF8B4B000 aliide.sys
0xF85C5000 pcmcia.sys
0xF8673000 MountMgr.sys
0xF85A6000 ftdisk.sys
0xF8A5F000 ACPIEC.sys
0xF8C0C000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF88CB000 PartMgr.sys
0xF8683000 VolSnap.sys
0xF858E000 atapi.sys
0xF84B8000 iaStor.sys
0xF8693000 disk.sys
0xF86A3000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8498000 fltmgr.sys
0xF88D3000 PxHelp20.sys
0xF8481000 KSecDD.sys
0xF83F4000 Ntfs.sys
0xF83C7000 NDIS.sys
0xF86B3000 Serial.sys
0xF83AD000 Mup.sys
0xF8AE3000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xF86D3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF89AB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8AEB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA780000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF89F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA75C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8A23000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA735000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF86E3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8903000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA705000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF8B51000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8943000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF86F3000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8703000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8713000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA6E2000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8723000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8B13000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA6CB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8733000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8743000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF89DB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA692000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8753000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A0B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A1B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8763000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B57000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA634000 \SystemRoot\system32\DRIVERS\update.sys
0xF8B2B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8B33000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF8773000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8783000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA7D8000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8B5F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D5C000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B63000 \SystemRoot\System32\Drivers\Beep.SYS
0xF898B000 \SystemRoot\System32\drivers\vga.sys
0xBA558000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8B67000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89B3000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89C3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8AEF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBA525000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA4CC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA4A4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA47E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA45C000 \SystemRoot\System32\drivers\afd.sys
0xF8793000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA431000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA3C1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA375000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA364000 \SystemRoot\System32\Drivers\Udfs.SYS
0xBA28E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8AE7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF890B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C24000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBA066000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9E66000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 17):
0 System Idle Process
4 System
508 C:\WINDOWS\system32\smss.exe
564 csrss.exe
588 C:\WINDOWS\system32\winlogon.exe
632 C:\WINDOWS\system32\services.exe
644 C:\WINDOWS\system32\lsass.exe
796 C:\WINDOWS\system32\svchost.exe
880 svchost.exe
1000 C:\WINDOWS\system32\svchost.exe
1056 svchost.exe
1180 svchost.exe
1408 C:\WINDOWS\explorer.exe
1988 C:\WINDOWS\system32\ctfmon.exe
496 C:\Program Files\Internet Explorer\iexplore.exe
568 C:\Program Files\Internet Explorer\iexplore.exe
1012 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`f7aa5200 (FAT32)

PhysicalDrive0 Model Number: ST96812AS, Rev: 7.24

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D0919EC9044E217466E4B6B4F0D4E99E29BDE3F9

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

Re: Virus locked out of adminThu Jan 27, 2011 5:56 pm

Hello.
Did you get a dump.dat file from doing that? if so, zip it and attach it please.

Re: Virus locked out of adminThu Jan 27, 2011 6:49 pm

Hi,

It did not produce one, shall I try the steps again?

Thank you

Re: Virus locked out of adminFri Jan 28, 2011 8:16 pm

Yes please.

Re: Virus locked out of adminMon Jan 31, 2011 5:39 pm

Hi,

Well it put a file on the desktop called dump, but I cant copy it here or attach the file..??

Re: Virus locked out of adminMon Jan 31, 2011 8:47 pm

You have to zip it and then attach it.

Re: Virus locked out of adminTue Feb 01, 2011 1:24 pm

Hi Belahzur,

Yes I can zip it, but where is the button to attach and send it or attach it here, I don't see it?

MW2

Re: Virus locked out of adminTue Feb 01, 2011 8:38 pm

See here:
http://www.GeekPolice.net/t21024-how-to-upload-an-attatchment

Follow the guide and attach the zip.

Virus locked out of admin

descriptionRe: Virus locked out of adminSat Jan 22, 2011 5:04 pm

descriptionRe: Virus locked out of adminTue Jan 25, 2011 3:41 pm

descriptionRe: Virus locked out of adminTue Jan 25, 2011 8:15 pm

descriptionRe: Virus locked out of adminWed Jan 26, 2011 2:32 pm

descriptionRe: Virus locked out of adminWed Jan 26, 2011 7:58 pm

descriptionRe: Virus locked out of adminThu Jan 27, 2011 11:45 am

descriptionRe: Virus locked out of adminThu Jan 27, 2011 5:56 pm

descriptionRe: Virus locked out of adminThu Jan 27, 2011 6:49 pm

descriptionRe: Virus locked out of adminFri Jan 28, 2011 8:16 pm

descriptionRe: Virus locked out of adminMon Jan 31, 2011 5:39 pm

descriptionRe: Virus locked out of adminMon Jan 31, 2011 8:47 pm

descriptionRe: Virus locked out of adminTue Feb 01, 2011 1:24 pm

descriptionRe: Virus locked out of adminTue Feb 01, 2011 8:38 pm

descriptionRe: Virus locked out of admin

Re: Virus locked out of adminSat Jan 22, 2011 5:04 pm

Re: Virus locked out of adminTue Jan 25, 2011 3:41 pm

Re: Virus locked out of adminTue Jan 25, 2011 8:15 pm

Re: Virus locked out of adminWed Jan 26, 2011 2:32 pm

Re: Virus locked out of adminWed Jan 26, 2011 7:58 pm

Re: Virus locked out of adminThu Jan 27, 2011 11:45 am

Re: Virus locked out of adminThu Jan 27, 2011 5:56 pm

Re: Virus locked out of adminThu Jan 27, 2011 6:49 pm

Re: Virus locked out of adminFri Jan 28, 2011 8:16 pm

Re: Virus locked out of adminMon Jan 31, 2011 5:39 pm

Re: Virus locked out of adminMon Jan 31, 2011 8:47 pm

Re: Virus locked out of adminTue Feb 01, 2011 1:24 pm

Re: Virus locked out of adminTue Feb 01, 2011 8:38 pm

Re: Virus locked out of admin