Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingMalware Locked Main Account
Laztug

19 posts

Geek


#34396 23-May-2009 17:32
Send private message

I am running windows XP and had a system crash i had a friend using my computer when he was done i noticed that some antivirus program was running i would also get randome popups telling me my computer was infected but when i looked for the program to delete it..i couldent
So i was told about this program called "Malwarebytes' Anti-Malware" it worked great found false trojans which were the ones making the false popups saying my computer was infected.
Malwarebytes removed the antivirus program but could not remove whatever was making the popups. so when i tried to run the Malware program again it said my disk was full?! every program i would open the computer would tell me the system was full.
So, i tried to reboot my computer, and it was all down hill fom there.
When it asked me for my password to log on to my account i would type in my password i would hear windows opening and close soon after i could not access any of my two accounts.
i tried doing a restore point *not sure if that is what it is called but it would revert to the last time the computer was working good* but I could not find a restore point. So I tried to do a system restore, my computer started fresh it was like it was the first day of me using the computer it took a long time to boot it came out with the factory settings it was like the computer was new but the one problem it had was that it was full?! none of my programs worked i had to install windows service pack again none of my programs *antivirus microsoft office* none of them worked. I deleted programs and had enough memory to run Tuneup utilities 2009and when i ran the program i could see my old files still taking up memory in my computer but i could not access them?!


When I click my main account *Owner* it says I can't get access


Here are some pics hopefully they will help you guys out.

http://i106.photobucket.com/albums/m275/1970Mustang351c/ScreenShot008.jpg

http://i106.photobucket.com/albums/m275/1970Mustang351c/ScreenShot009.jpg

http://i106.photobucket.com/albums/m275/1970Mustang351c/ScreenShot010.jpg

http://i106.photobucket.com/albums/m275/1970Mustang351c/ScreenShot011.jpg

http://i106.photobucket.com/albums/m275/1970Mustang351c/ScreenShot012.jpg

http://i106.photobucket.com/albums/m275/1970Mustang351c/ScreenShot013.jpg

Any idea how i can get access to this file and remove the virus?! I have documents, my resume, music, and movies I would love to get back
Thanks for reading.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
rphenix
983 posts

Ultimate Geek

Lifetime subscriber

  #217586 25-May-2009 09:24
Send private message

I recommend you run combofix on this computer in additition to MalwareBytes Antimalware.
Fix everything from safemode.  Some viruses these days can block safe mode and remove access to regedit, cmd prompt and knows about tools like combofix and blocks their execution as well (so you sometimes have to rename the program file before copying it to the pc) let me know if you have trouble.

If you need to reset a user account try this bootable cd which lets you remove the password and reset the locked status of an account.

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
d3Xt3r
687 posts

Ultimate Geek

Trusted

  #217589 25-May-2009 09:34
Send private message

The first step is to take ownership of this folder.
- Download Xcacls.vbs and follow the instructions on the website on how to set it up
- Open the command prompt (Start > Run > cmd)
- Type the following commands in cmd and press enter after each line:
CD..
XCACLS Owner /O Owner.HOME
XCACLS Owner /E /G Owner.Home:F /F /T

You should now have permissions to access the Owner folder.

It also appears that your C: is indeed full, so I suggest deleting/moving some files. Simply deleting them will send it to the recycle bin, so do a Shift+Delete. CCleaner can help you remove some windows junk.

If you said you performed a factory restore, I doubt there is still an active virus in your computer. Now's the time you install a good AV like Avira Antivir.

Finally, I wouldn't recommend using the computer as an administrator, as it's really easy to stuff up your computer by malware or user error.

I suggest reading these:

Limited User accounts can protect your Windows XP computer when you browse the Web

Surviving a Windows XP Limited User account

Also, Sudowin is a very handy program to have if you want to install apps or make system-wide changes from your limited account.

rphenix
983 posts

Ultimate Geek

Lifetime subscriber

  #217731 25-May-2009 15:50
Send private message

d3Xt3r:

If you said you performed a factory restore, I doubt there is still an active virus in your computer. Now's the time you install a good AV like Avira Antivir.


Ahh didnt notice he had done a full system recovery agreed it should have wiped the virus if this is the case disk space shouldnt be a problem unless you chose the option to leave the file system intact? I would perhaps consider backing any important files up and then run the system recovery option again this time if there is an option to format the partition choose that it will mean re-installing all your programs yet again but you may find it faster than trying to find where the disk space has gone.

However tools like spacemonger can help to identify the folders hogging disk space perhaps you now have two windows installation directories one from the original install renamed and one new one?



Laztug

19 posts

Geek


  #217984 26-May-2009 13:11
Send private message

I think i am doing something wrong. This is what i get when i try out these steps

CD..

XCACLS Owner /O Owner.HOME

XCACLS Owner /E /G Owner.Home:F /F /T



http://i106.photobucket.com/albums/m275/1970Mustang351c/ScreenShot035.jpg



sorry for the delay and thanks for your replies :)

d3Xt3r
687 posts

Ultimate Geek

Trusted

  #218037 26-May-2009 15:17
Send private message

You didn't space it properly. Just copy-paste the code into CMD

Laztug

19 posts

Geek


  #218048 26-May-2009 15:56
Send private message

Just did the copy and paste still no luck

Laztug

19 posts

Geek


  #218049 26-May-2009 16:03
Send private message

umm i think i messed up............i removed Home and somethin happened



Laztug

19 posts

Geek


  #218051 26-May-2009 16:04
Send private message

IT UNLOCKED IT!

Laztug

19 posts

Geek


  #218070 26-May-2009 16:57
Send private message

Alright, i can open the Owner account :) but i am still unable to delete any files or open any files. I ran Avira Antivir and found nothing.
-Malwarebytes is still scanning

Laztug

19 posts

Geek


  #218080 26-May-2009 17:32
Send private message

Pic


 


The last trojans my computer picked up before it died Cry


not sure if it will help but it cant hurt

rphenix
983 posts

Ultimate Geek

Lifetime subscriber

  #218142 26-May-2009 20:55
Send private message

Please follow my above post and try combofix since you obviously still have trojans :)

Laztug

19 posts

Geek


  #218183 27-May-2009 00:56
Send private message

AWESOME! will do

Laztug

19 posts

Geek


  #218196 27-May-2009 05:09
Send private message

wow......I ran Avira Antivir and found like 20 viruses/trojans After that i ran malware that found nothing and then ran combofix.
Combofix only showed me a log. Did I do something wrong? I ran it in safe mode and had to uninstall Avira to get it to run with no problems.

So still same problem i can open up the Home account but i can not open any files i keep on getting a access denied message.

d3Xt3r
687 posts

Ultimate Geek

Trusted

  #218975 28-May-2009 21:26
Send private message

Try this:

CD..
XCACLS Owner /O Owner.HOME /F /T

Laztug

19 posts

Geek


  #219075 29-May-2009 02:46
Send private message

hmm it would not go through
when i copy and paste this it it can not find it
CD..
XCACLS Owner /O Owner.HOME /F /T

But when i removed the .HOME it locked the main account again
so i tried

CD..

XCACLS Owner /O Owner

XCACLS Owner /E /G Owner:F /F /T

once again removing the .HOME and it seemed to work. I can now get into the Owner acccount and see all of the files but i can not open any of them.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Logitech Introduces New G522 Gaming Headset
Posted 21-May-2025 19:01

LG Announces New Ultragear OLED Range for 2025
Posted 20-May-2025 16:35

Sandisk Raises the Bar With WD_BLACK SN8100 NVME SSD
Posted 20-May-2025 16:29

Sony Introduces the Next Evolution of Noise Cancelling with the WH-1000XM6
Posted 20-May-2025 16:22

Samsung Reveals Its 2025 Line-up of Home Appliances and AV Solutions
Posted 20-May-2025 16:11

Hisense NZ Unveils Local 2025 ULED Range
Posted 20-May-2025 16:00

Synology Launches BeeStation Plus
Posted 20-May-2025 15:55

New Suunto Run Available in Australia and New Zealand
Posted 13-May-2025 21:00

Cricut Maker 4 Review
Posted 12-May-2025 15:18

Dynabook Launches Ultra-Light Portégé Z40L-N Copilot+PC with Self-Replaceable Battery
Posted 8-May-2025 14:08

Shopify Sidekick Gets a Major Reasoning Upgrade, Plus Free Image Generation
Posted 8-May-2025 14:03

Microsoft Introduces New Surface Copilot+ PCs
Posted 8-May-2025 13:56

D-Link A/NZ launches DWR-933M 4G+ LTE Cat6 Wi-Fi 6 Mobile Hotspot
Posted 8-May-2025 13:49

Synology Expands DiskStation Lineup with DS1825+ and DS1525+
Posted 8-May-2025 13:44

JBL Releases Next Generation Flip 7 and Charge 6
Posted 8-May-2025 13:41








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac



RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright