Trojan or hacker, cannot access files

Hi, my other machine is running Winxp sp2

When I try to run a virus scan, I get access denied, you may not have permission. I can't access other files and programs also.

I can access the scanners in Safe mode. have been running several scans, nothing found yet, Hijack this came up with some error messages during its scan.

Looks like something/someone has changed file or folder permissions or something and locked me out. Machine was online with comodo firewall running plus firewall in dsl router but looks like something got in.

Another odd thing, when I ran task manager and looked at the user tab, there was nothing there, though I think usually the Administrator would be in there when I'm logged on.

Am running full scan with avg right now, don't think I can access net in safe mode, so will have to connect with this obsolete machine with 128 meg ram
any help or advice appreciated!!

 

Hi A00139610,
Welcome to Major Geeks!

Using a computer where you have administrative rights and an internet connection, please go to USING MG TOOLS and see if you can get them transfered with an external medium like a cd or flash drive and then installed and run on the computer that is having trouble. Then attach the resulting MGlogs.zip with your next post here using the Manage Attachments button down under the reply window.

If you're able to do that, then see if you can get any of the other programs listed in the Windows XP Cleaning Procedure the same way and try running them, in particular see if you can get Combofix to run, which will run in Safe Mode.

abri

 

Ok I think the file should be atached to this post.

seems I can access the usb drive and folders in safe mode

thanks for your help.

 

Put superantispyware.exe on the desktop, ran it, and got the message window, Windows Installer - "The system administrator has set policies to prevent this installation."

 

ran combofix using start run as advised, conbofix ran, did a series of checks, then shut down the pc and re-booted into normal (protected?) mode, again I was denied access to any files. re-booted into safe mode, got a blue window titld "Find3M" with the msg 2preparing Log Report.
Do not run any programs unil combofix has finished." But looks like windows is frozen, disc access light premanently on nothing happening. I guess I'll have to close the combofix window and see what happens.....

Ok, no combofix log in the C:\ dir, but found a combofix.txt in a c:\CF directory, maybe it's of some use?

 

spybot found nothing, as did malwarebytes.

I'm not knowledgeable enough to say what's going on but it does appear that something has messed with the file or folder permissions or access lists or whatever, is there perhaps a utility that looks at them?

tia

 

ran se-debug,(safe mode) got a msg '\script.exe is not recognised as an internal or external command please reboot your machine press any key to exit.'

Re the hijack this msg, sorry if I did something wrong, it was the first prog I ran and it found nothing and gave an error msg. Should I run it again?

I ran another utility that I downloaded and it says that the "Administrator account is disabled" along with the guest account, the utility suggests changing the settings on the Administrator account, but I wanted to check with you guys first so I didnt change anything.

 

Ah I think I know what you mean, when I run the mgtools there's a window that comes up about a trenmicro agreement, because I'm in safe mode most of it is off the screen, I guess somewhere off the screen there's a button I should click if I could see it but I can't. No matter how I try and drag the window I can't see any button to click.

your help and time are much appreciated though, and sorry for being so dumb ;-)

 

I ran an older version of hijack this that was already on the pc, and got a log from it, is that any help?

 

I ran an older version of hijack this that was already on the pc, and got a log from it, is that any help?

 

Ok thanks,
One thing...when I run combofix a window pos up (a windows system window I think) titled "desktop" msg asks if I want to proceed to work in safe mode or run system restore clck yes/no

istr it's the same window which comes up when I first boot into safe mode I didn't click anthing and combofix went through some tests.....then went to a "rebooting windows" msg "Please allow ComboFix to reboot the machine"

It then reboots into normal mode (where I don't have access to anything) not safe mode, and the password window comes up.

I've typed in the password, windows has started and nothing is running, no combofix window, nothing happening at all.

Should I use the dos util to re-enable the Administrator account?

 

Hi, thanks for spending time on this, btw!

Ran the combofix ok.

Found I could not connect with IE but ok with firefox..bitdefender online scan only works with ie. Tried the Panda online scan which crashed halfway through after 8 hours. Tried trendmicro online scanner, also no luck.

Updated my Clamwin antivirus database and it is now running in safe mode.

Had look at the folder permissions in the properties tab, Ownership of C: drive which has all the programs on it is Administrators group.

Ownership of the other two drives is
S-1-5-21-2000478354-1563985344-839522115-500
That could be due to having re-installed XP on the C: drive a couple of months back?

IEexplore won't connect to anywhere, though Firefox connects ok. The comodo firewall doesn't autoload, so I'm now connecting through an ipcop firewall I just installed on an old pc in case there's something nasty on the problem pc that wants to connect to someplace.

Clamwin has put mgtools in quarantine! flagging something called Adware.Borlander I guess that's a false positive.

Sorry for this sticky keyboard, it has't been used for a long time, I'm not that bad a typist!