Restoring SeDebugPrivilege

Discussion in 'Malware Removal FAQ' started by chaslang, Dec 17, 2006.

Thread Status:
Not open for further replies.
  1. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is becoming a very common problem these days for malware to change SeDebugPrivilege on administrator type accounts. They do this to prevent you from running various tools to help in the removal of malware. Tools like rootkit detectors and Look2Me-Destroyer commonly make use of this priviledge to help locate and/or remove stubborn malware. If you run a tool and receive a message similar to below (note this is an example for F-Secure's BlackLight Rootkit tool)

    F-Secure BlackLight was unable to acquire necessary privileges (SeDebugPrivilege)

    it means that the application cannot run and that you must restore the SeDebugPrivilege level on the user account being used. The below steps will do this for you.


     
    chaslang, Dec 17, 2006
    #1
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds