Strange one

[Tom]

Whenever I try to make system changes using MSConfig it tells me I have
to be logged on as an administrator and won't allow any changes, it also
enables EVERY startup item and refuses to allow me to disable any of them.
I AM logged in as an administrator.
SpyBot S&D found 4 problems, a microsoft security center disabler, a
firewall bypass, and some similar things
Virus scans find nothing
Rootkit blaster found nothing wrong

But I still can't use MSConfig to do anything.

Ideas?

 

[Newell White]

It would help if you gave OS and service pack info, stand-alone/ workgroup/
domain status.

How do you know you are logged on as an administrator?

Any start-up item you want to disable can be nobbled by renaming the .exe,
..bat, or whatever.
This will give you an error dialog which can be ignored.

--
Newell White


"Tom" wrote:

> Whenever I try to make system changes using MSConfig it tells me I have
> to be logged on as an administrator and won't allow any changes, it also
> enables EVERY startup item and refuses to allow me to disable any of them.
> I AM logged in as an administrator.
> SpyBot S&D found 4 problems, a microsoft security center disabler, a
> firewall bypass, and some similar things
> Virus scans find nothing
> Rootkit blaster found nothing wrong
>
> But I still can't use MSConfig to do anything.
>
> Ideas?
>

 

[Tom]

I knew I forgot a few details, it was late.
Windows XP, SP2.
On a home network.
McAfee Internet Security running with all the options on.
Same thing seems to have gotten into my laptop, which also is running
McAfee Internet Security.
I'm the only user, and all accounts are set up as system administrator.

I'm thinking I picked up a bug from an unsecured wireless network at a
hotel a week ago, but how it got past all the McAfee stuff is a mystery

Thanks

Newell White wrote:
> It would help if you gave OS and service pack info, stand-alone/ workgroup/
> domain status.
>
> How do you know you are logged on as an administrator?
>
> Any start-up item you want to disable can be nobbled by renaming the .exe,
> .bat, or whatever.
> This will give you an error dialog which can be ignored.
>

 

[Malke]

Tom wrote:
> I knew I forgot a few details, it was late.
> Windows XP, SP2.
> On a home network.
> McAfee Internet Security running with all the options on.
> Same thing seems to have gotten into my laptop, which also is running
> McAfee Internet Security.
> I'm the only user, and all accounts are set up as system administrator.
>
> I'm thinking I picked up a bug from an unsecured wireless network at a
> hotel a week ago, but how it got past all the McAfee stuff is a mystery

McAfee is pretty dreadful and won't deal with much malware in any case.
There are so many viruses and variants of different malware that it is
impossible to guess what you've got. Since your laptop is also infected,
all we can surmise is that you've got a network-aware worm but who knows.

Take both those machines off the Local Area Network and the Internet
immediately. You will need to clean up both machines before you connect
to the network(s) again and you will need to get all tools/updates (and
do your posting to a specialty forum if you go that way) from a
different, known-clean machine that was not on your LAN.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to
do all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html

The site is in German but David's tool is in English so don't let that
worry you. Scroll all the way down to almost the bottom of the page and
you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool".
You'll see "Download von www pctipp.ch" and the live link to download
Multi_AV.

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Not all tools used will work in Vista and you will need to run them
elevated. Since Vista is so new, it will be a while before removal
techniques and tools are developed. If you are unable to remove the
infection by following the general steps, register at one of the
HijackThis forums as suggested.

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may
be so infested that Windows will need to be clean-installed. Have all
your data backed up before you take the machine into a shop.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[Tom]

Thanks for the tips Malke, I have an external drive for backing up. All
the important stuff is in "my documents" and the mailboxes, I can
re-install everything else after a clean install which sounds like the
way to go.


Malke wrote:
> Tom wrote:
>
>> I knew I forgot a few details, it was late.
>> Windows XP, SP2.
>> On a home network.
>> McAfee Internet Security running with all the options on.
>> Same thing seems to have gotten into my laptop, which also is running
>> McAfee Internet Security.
>> I'm the only user, and all accounts are set up as system administrator.
>>
>> I'm thinking I picked up a bug from an unsecured wireless network at a
>> hotel a week ago, but how it got past all the McAfee stuff is a mystery
>
>
> McAfee is pretty dreadful and won't deal with much malware in any case.
> There are so many viruses and variants of different malware that it is
> impossible to guess what you've got. Since your laptop is also infected,
> all we can surmise is that you've got a network-aware worm but who knows.
>
> Take both those machines off the Local Area Network and the Internet
> immediately. You will need to clean up both machines before you connect
> to the network(s) again and you will need to get all tools/updates (and
> do your posting to a specialty forum if you go that way) from a
> different, known-clean machine that was not on your LAN.
>
> Go through these general malware removal steps systematically -
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> Include scanning with David Lipman's Multi_AV and follow instructions to
> do all scans in Safe Mode. Please see the special Notes regarding using
> Multi_AV in Vista.
>
> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
> http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
>
> The site is in German but David's tool is in English so don't let that
> worry you. Scroll all the way down to almost the bottom of the page and
> you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool".
> You'll see "Download von www pctipp.ch" and the live link to download
> Multi_AV.
>
> You can also check to see if there are targeted removal steps for your
> malware here:
> Bleeping Computer removal how-to's -
> http://www.bleepingcomputer.com/forums/forum55.html
>
> When all else fails, run HijackThis and post your log in one of the
> specialty forums listed at the first link above (not here, please).
>
> Not all tools used will work in Vista and you will need to run them
> elevated. Since Vista is so new, it will be a while before removal
> techniques and tools are developed. If you are unable to remove the
> infection by following the general steps, register at one of the
> HijackThis forums as suggested.
>
> Standard caveat: If the procedures look too complex - and there is no
> shame in admitting this isn't your cup of tea - take the machine to a
> professional computer repair shop (not your local version of
> BigComputerStore/GeekSquad). Please be aware that not all local shops
> are skilled at removing malware and even if they are, your computer may
> be so infested that Windows will need to be clean-installed. Have all
> your data backed up before you take the machine into a shop.
>
>
> Malke

 

[Massimo]

Hello,

On Wed, 17 Oct 2007 16:01:24 GMT, Tom <t.wyckoff@verizon.net> wrote:

>Thanks for the tips Malke, I have an external drive for backing up. All
>the important stuff is in "my documents" and the mailboxes, I can
>re-install everything else after a clean install which sounds like the
>way to go.
>
>
Please realise that you make a backup from possibly infected stuff...

Massimo
================================

>Malke wrote:
>> Tom wrote:
>>
>>> I knew I forgot a few details, it was late.
>>> Windows XP, SP2.
>>> On a home network.
>>> McAfee Internet Security running with all the options on.
>>> Same thing seems to have gotten into my laptop, which also is running
>>> McAfee Internet Security.
>>> I'm the only user, and all accounts are set up as system administrator.
>>>
>>> I'm thinking I picked up a bug from an unsecured wireless network at a
>>> hotel a week ago, but how it got past all the McAfee stuff is a mystery
>>
>>
>> McAfee is pretty dreadful and won't deal with much malware in any case.
>> There are so many viruses and variants of different malware that it is
>> impossible to guess what you've got. Since your laptop is also infected,
>> all we can surmise is that you've got a network-aware worm but who knows.
>>
>> Take both those machines off the Local Area Network and the Internet
>> immediately. You will need to clean up both machines before you connect
>> to the network(s) again and you will need to get all tools/updates (and
>> do your posting to a specialty forum if you go that way) from a
>> different, known-clean machine that was not on your LAN.
>>
>> Go through these general malware removal steps systematically -
>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>
>> Include scanning with David Lipman's Multi_AV and follow instructions to
>> do all scans in Safe Mode. Please see the special Notes regarding using
>> Multi_AV in Vista.
>>
>> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
>> http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
>>
>> The site is in German but David's tool is in English so don't let that
>> worry you. Scroll all the way down to almost the bottom of the page and
>> you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool".
>> You'll see "Download von www pctipp.ch" and the live link to download
>> Multi_AV.
>>
>> You can also check to see if there are targeted removal steps for your
>> malware here:
>> Bleeping Computer removal how-to's -
>> http://www.bleepingcomputer.com/forums/forum55.html
>>
>> When all else fails, run HijackThis and post your log in one of the
>> specialty forums listed at the first link above (not here, please).
>>
>> Not all tools used will work in Vista and you will need to run them
>> elevated. Since Vista is so new, it will be a while before removal
>> techniques and tools are developed. If you are unable to remove the
>> infection by following the general steps, register at one of the
>> HijackThis forums as suggested.
>>
>> Standard caveat: If the procedures look too complex - and there is no
>> shame in admitting this isn't your cup of tea - take the machine to a
>> professional computer repair shop (not your local version of
>> BigComputerStore/GeekSquad). Please be aware that not all local shops
>> are skilled at removing malware and even if they are, your computer may
>> be so infested that Windows will need to be clean-installed. Have all
>> your data backed up before you take the machine into a shop.
>>
>>
>> Malke