Windows cannot access the specified device, path, or file

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by strx, Dec 8, 2009.

  1. strx

    strx Private E-2

    Hello MajorGeeks,

    My daughter allowed her laptop to become seriously icky with general "ickware" and so it befalls me to attempt a fix. Following your Windows XP Cleaning Procedure I had to download recommended programs to a CD on my computer and copy onto her laptop because I couldn't download directly, I had to skip running SuperAntiSpyware and Malwarebytes because of installation problems and lack of permissions to run programs, etc. So, I went right to ComboFix, RootRepeal and MGTools. Things are at long last looking up; hey, I can reliably boot in normal mode at last - that's something... But I still can't run SAS or MB, because

    “Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.”

    I would like to follow your instructions as closely as possible before posting logs, and these are good programs, so I'd like to run these two programs. Besides, I wanna "@#$%^&*ing" know why I can't run a gol darn program! :)

    Oh, and I can't run them from right click\run as, I can't find anything about permissions that works for this problem in gpedit, I can't uninstall the .exe's, and I can't replace them with a new install. Grrr. :major

    Neither is blocked on the right click/properties window, and Internet Options suggestions found on the web don't apply 'cuz everthang's as it should be on the security tab, and I don't understand putting the, what? the root folder (C:?) in the trusted sites...??. (I don't understand why internet options should even apply to this problem.) :confused

    All the above work was done on the "control alt delete delete" administrator account. There are two other (regular user) accounts (which I almost forgot about. One's an administrator.)

    BTW, since then I thought to see if other similar apps also wouldn't run and so I ran a pre-existing download of MS Malicious Software Removal Tool before reviewing all my notes starting at the very very beginning (Read & Run Me First) where y'all say don't run anything but what we tell you. Sorry, but hey, it wouldn't run before I started on your program here. It found 43 items but didn't create a log. (vundo, virtumonde, etc.) Also, I can now download stuff, like CCleaner, which I ran on all accounts, as instructed. Progess, you know...

    The two administrator accounts still don't have a display/desktop/customize desktop/web tab. The desktop here used to be a big scary "You're Terminal, Buddy, So Just Pay Up" sorta nonsense, and then for a while there was nothing at all, not even any icons. I almost gave up, so, BIG THANX. The non-administrator account (only) has the web tab, but gives me three error messages at logon about funky sounding dll's which can't be found:

    C:\windows\system32\tosokevo.dll
    wesofege.dll (no C:\windows or anything) &
    C:\WINDOWS\fahulizi.dll

    But not one of the accounts will run SAS or MB. :zzz (Yea, must sleep now...)

    Any suggestions?

    Thank You Ever So Kindly

    strx
     
    Last edited: Dec 8, 2009
    strx, Dec 8, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You only specifically stated that you could not run SUPERAntiSpyware and Malwarebytes. So then we need the logs from ComboFix, RootRepeal, and MGtools before we can begin.
     
    chaslang, Dec 10, 2009
    #2
  3. strx

    strx Private E-2

    Okay. Attached please find three logs in the following order:

    ComboFix.txt
    RRLog.txt
    MGLogs.zip

    Being resourceful and persistent, I was able to discover how to take ownership and change pemissions and run both SuperAntiSpyware and MalwareBytes, starting from info found at your site. Thank You very much! If you want to see those logs also lemme know; I couldn't fit 5 attachements etc. etc.

    CCleaner also ran.

    Still no display/desktop/customize desktop/web tab for 2 administrator accounts. (The desktop was once "highjacked.")

    The non-administrator account still shows error mesages at logon, can't find

    C:\windows\system32\tosokevo.dll
    wesofege.dll (no C:\windows or anything) &
    C:\windows\fahulizi.dll

    O'course, I'd like it to stop tellin' me it can't find something it don't need :)

    Thanx Folks,

    strx
     

    Attached Files:

    strx, Dec 12, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please tell us exactly what you did so that we can be sure of what has already been run.

    Yes you need to attach these logs to your next message.

    We can only work on one user account at a time to avoid confusion. Currently your logs are for the Administrator user account. We need to finish with it and then we can discuss the next account (one at a time).

    You had a load of malware and still more to remove. Not sure exactly who is using this PC or what they are doing with it, but someone needs to change their surfing habits.

    Did you knowingly install HandyBits VirusScan Integrator? The TekNum updater software with this considered a potential problem. It was installed around Oct 25, 2009. There have been debates on the practices of this software for years on whether is is good or bad.


    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 6

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    After clicking Fix, exit HJT.

    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Dec 13, 2009
    #4
  5. strx

    strx Private E-2

    Hello again!

    To regain ownership of SuperAntiSpyware and MalwareBytes I followed directions at

    http://support.microsoft.com/?kbid=308421

    right click/properties/security/advanced/owner:select from "name" list

    I think I gave ownership to all users. Then

    click Add, type in user or group to whom you wish to grant permissions, etc.

    I think I granted permissions to all users. I want any non-administrator to be able to run security programs.

    I don't recall installing HandyBits VirusScan Integrator.

    Ran MGtools analyze.exe as instructed.
    Ran Combofix with "killall" drag n'drop as instructed. ComboFix reported that it could not update, so I ran it as is.

    I had already updated Java just after running ComboFix and MGtools the first time, so I did not repeat that action. It's 6.0 update 17 currently.

    Previously, in the absence of a reliable internet connection out of the affected computer, I copied logs to disk for sending out of my computer. This evening I could not copy to disk; the affected computer tells me that "E:\ is not accessible. Incorrect function." But it will still read the "killall" notepad file I fed it. :confused But duh, of course internet is now reliable so I sent the logs directly from the affected computer.

    You write: "You had a load of malware and still more to remove. Not sure exactly who is using this PC or what they are doing with it, but someone needs to change their surfing habits."

    Yah, I will be showing my daughter the full, many-page, printed instructions from your site, the logs, these correspondences, etc. and re-emphasizing strenuously to the budding (published!) teenaged author that IF SHE PROPOSES TO MAKE HER LIVING FROM COPYRIGHT SHE'D BETTER LEARN TO SHOW SOME SMALL DEGREE OF RESPECT FOR IT and quit the creepy music file sharing sites. And get into the habit of taking care of her stuff, like, updating her Windows, Office, antivirus, Java. etc. and don't sign on as an administrator. I've veen over this with her before...

    Is this fake anti malware phenomenon especially aggressive at the moment? I m'self ran into an attempt to download something onto my machine at a supposedly "anti-psych drug" website.

    But my machine stays clean!

    Attached logs:

    SuperAntiSpyware
    MalwareBytes
    MGtools
    ComboFix

    Thanks,

    strx

    BTW, how do I attach an official, counted Thank You? Y'all deserve it!
     

    Attached Files:

    strx, Dec 16, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Then uninstall it.

    There are more than a thousand known rogues and more each day. They are getting more and more destructive and more and more complicated to remove too which is why proper updated protection is even more important than ever and safe surfing and an educated user or more critical than ever too.

    The logs for this user account are clean. If you still have problems on the other user account, reboot the PC ( do not use logoff or switch user!!!!) and log into the other problem account. Then download and run the new MGtools and attach a new log for this user.
     
    chaslang, Dec 19, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds