Access to ANYTHING is disabled...

BinhMinh · Jan 24, 2010

This problem arose when a fake ad appeared when I downloading from a RS premium generator site...Or so it may have seemed. Anyway, one popped up so I attempted to close it. None of the ads closed and my task manager stoped working. I restarted my laptop and when it came to the login screen, it froze for a while before I was greeted by two pop ups telling me to download "anti-virus protection for my PC" bullcrap. Xing out of the windows wouldn't help so I tried to pull up task manager again and it tells me that I don't have privilages to use task manager. I had no other option left but to click "OK"....Then windows tells me that Windows Explorer stops working and that it's searching for a solution but it never came up. So now I stuck on a screen with only my wallpaper and my mouse functioning. Also the Ease of Access still works so I use that to get to the internet and try to search for some answers and solutions. Also CCleaner is installed in my IE for some reason so I try running the program to stop the start up programs that tells me to download the programs but every time I restart the PC, it still comes up and when I access CCleaner the programs couldn't be disabled no matter hard I try disabling it. So now I can't access anything more than the bare minimum and I can't do anything with the Command Prompt...Whenever I pull that up, it automatically has C:\...system32 and whatnot...

:sa:

pauliewalnuts · Jan 24, 2010

You've been scripted! What happened is that a script was uploaded to your computer either changing your computer's home page to a malware site's page or you've got a script telling your browser to go to that page on new page uploads.

Go to "Control Panel," "Classic View" on the left, "Internet Options," and "Home Page." Is your home page some crazy, long address now, or is your home page what it's supposed to be?

Also, while you're there, go to "Browsing History" and "Delete" all. Then, go to the "Settings" button right next to it. You want to "View objects." Here are uploaded scripts and program applets. EDIT: I MADE A MISTAKE HERE. YOU CAN'T DELETE SCRIPTS FROM THIS PAGE.

HERE'S HOW TO DELETE ADD-ONS IN INTERNET EXPLORERS 7 AND 8, and you don't even need to be online to do this:

Open IE. Select "Manage Add-Ons" from the "Tools Menu." "Toolbars and Extensions" show up.

On the bottom of the left side of the dialog box you'll see the grey letters "Show:" It's a pull-down menu. Select "All Add-ons."

Suspicious ones include antivirus and antispyware add-ons with publishers whose names you have no idea of. Disable those immmediately. The only things I enable are Adobe Reader add-ons, the Apple ones for ITunes and Quicktime, and Sun Microsystems' Java. Microsoft stuff I generally allow except for 'Research.'

IMPORTANT: Make a list of what you disabled.

After you disable everything, close the browser.

Wait.

Open IE back up and go back to the "Tools" menu. You'll see new options in the menu to "uninstall" whatever add-ons there are. Stuff that doesn't show up on the list you made are spurious! Suspicious!

List those things in a reply.

BinhMinh · Jan 24, 2010

pauliewalnuts said:
You've been scripted! What happened is that a script was uploaded to your computer either changing your computer's home page to a malware site's page or you've got a script telling your browser to go to that page on new page uploads.

Go to "Control Panel," "Classic View" on the left, "Internet Options," and "Home Page." Is your home page some crazy, long address now, or is your home page what it's supposed to be?

Also, while you're there, go to "Browsing History" and "Delete" all. Then, go to the "Settings" button right next to it. You want to "View objects." Here are uploaded scripts and program applets. <Shift>-<Delete> 'em all.

...Well whatever scripting this is, it's good at blocking me out of almost everything.

I try to open up the control panel from Windows Help and it gives me the same exact message that I get when I try to open up a window to my HD. Also, I've been using Firefox prior to whatever happened to my computer so it's not definite whether IE home page is right or the "script" has changed it. And I doubt that my IE browser history has anything to do with this since I never used IE except for when downloading Mozilla Firefox.

Also, often the computer gives me a notice saying some address is incorrect if that has to do with my problem now. And by the way, I've called up computer techies and they've told me they could fix my problem for a fee and a subscription all together... Should I or not? :huh:

richc46 · Jan 24, 2010

We have more talent here, than at most paid services. My suggestion would be to give you a little bit of time.. With a little patience, you will have your computer back and a lot more money in your pocket.

Try the advice given in safe mode. During boot rapidly hit f8 and this takes you to safe mode..

If that advice does not work, try the same but this time in safe mode, check start from last known good configuration.

We will get you up and going again.

SevSaint · Jan 24, 2010

I had a friend that had the same problem. Locked him out of anything.
Try safemode and from there you can reconfigure your settings. Keep us posted on the results!

richc46 · Jan 24, 2010

richc46 said:
We have more talent here, than at most paid services. My suggestion would be to give you a little bit of time.. With a little patience, you will have your computer back and a lot more money in your pocket.

Try the advice given in safe mode. During boot rapidly hit f8 and this takes you to safe mode..

If that advice does not work, try the same but this time in safe mode, check start from last known good configuration.

We will get you up and going again.

TY SevSaint, we seem to agree. Lets just hope that it works.

pauliewalnuts · Jan 24, 2010

I made a mistake in my previous post. Scroll up to see how to delete add-ons.

You may wonder why add-ons matter. Vista uses explorer.exe as its front face, it's Graphic User Interface, and explorer.exe uses IE code to work. Wikipedia explains things better than I...

Wiki's "removal of Internet Explorer" page said:
Some programs bundled with Windows, such as Outlook Express, and some basic Windows components, such as Help and Support, depend on libraries installed by IE in order to function. With IE removed, they may fail to work, or exhibit unexpected behavior. Several common 3rd party applications, Intuit's Quicken being a typical example, depend heavily upon the HTML rendering components installed by the browser. For this reason, most of the IE removal utilities offer the compromise option of removing large parts of IE while still leaving behind the HTML rendering engine or "IE core," which allows many of these 3rd party applications to function normally. Also, in versions of Windows before Vista, it is also not possible to run Microsoft's Windows Update or Microsoft Update with any other browser due to the service's implementation of an ActiveX control, which no other browser supports. In Windows Vista, Windows Update is implemented as a Control Panel applet.

BinhMinh · Jan 30, 2010

:huh:

Sorry for any delay for you guys...Internet was on the fritz the last time I try to post this huge reply...Anyway, I recall trying to use the safe mode and the explorer.exe file still wouldn't load. Also, the plugins on my IE didn't have the the uninstall option on any of them even if I restarted IE and everything else..

Will this evar end? D:

But I was on an free online PC scanning site (I hope, though it couldn't possibly get any worse than this..) and I found out my PC has over 30 infected files all of which seems to be taken cared of... Here's the end result.

C:\ifbsexlt.exe Win32/TrojanDownloader.FakeAlert.AED trojan cleaned by deleting - quarantined
C:\jsykm.exe a variant of Win32/Kryptik.BPL trojan cleaned by deleting - quarantined
C:\Program Files\InternetSecurity2010\IS2010.exe Win32/Adware.AdvancedVirusRemover.B application cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\3204100728.exe a variant of Win32/Kryptik.BSR trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\a.exe Win32/TrojanDownloader.FakeAlert.ARN trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\b.exe a variant of Win32/Kryptik.BKE trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\c.exe a variant of Win32/Kryptik.BKE trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\csarxmonew.exe Win32/TrojanDownloader.FakeAlert.ARE trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\d.exe a variant of Win32/Kryptik.BVO trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\e.exe a variant of Win32/Kryptik.BTF trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\ensamorwcx.exe a variant of Win32/TrojanClicker.Punad.AA trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\exwanscomr.exe Win32/Delf.OYY trojan deleted - quarantined
C:\Users\Michael\AppData\Local\Temp\f.exe a variant of Win32/Kryptik.BWV trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\nhz84.exe Win32/TrojanDownloader.Small.OTZ trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\noswmcrxae.exe Win32/TrojanDownloader.Agent.PRL trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\nsmceaxrow.exe Win32/Dursg.B trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\setup.exe a variant of Win32/Kryptik.BSR trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\svchost.exe a variant of Win32/Kryptik.BSR trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\taskmgr.exe a variant of Win32/Kryptik.BSR trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\Temp\v6iip4.exe Win32/TrojanDownloader.Small.OTZ trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\5218118e-58f5b4fb probably a variant of Java/TrojanDownloader.Agent.AB trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\18364cfd-2317f4f3 multiple threats deleted - quarantined
C:\Users\Michael\AppData\Roaming\SystemProc\lsass.exe Win32/Dursg.B trojan cleaned by deleting - quarantined
C:\Windows\msa.exe a variant of Win32/Kryptik.BKE trojan cleaned by deleting - quarantined
C:\Windows\System32\critical_warning.html Win32/TrojanDownloader.FakeAlert.AED virus deleted - quarantined
C:\Windows\System32\diskmgr.sys Win32/Agent.QRP trojan cleaned by deleting - quarantined
C:\Windows\System32\FastUv32.dll Win32/Agent.QRP trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\System32\js4qr.dll Win32/TrojanDownloader.Small.NFD trojan cleaned by deleting - quarantined
C:\Windows\System32\net.net a variant of Win32/TrojanClicker.Punad.AA trojan cleaned by deleting - quarantined
C:\Windows\System32\sshnas.dll Win32/TrojanDownloader.FakeAlert.ARF trojan cleaned by deleting - quarantined
C:\Windows\System32\winhelper86.dll Win32/TrojanDownloader.FakeAlert.AOP trojan cleaned by deleting - quarantined
C:\Windows\System32\winlogon86.exe Win32/TrojanDownloader.FakeAlert.AED trojan cleaned by deleting - quarantined
C:\Windows\System32\winsts.sys Win32/Agent.QMG trojan cleaned by deleting - quarantined
C:\Windows\System32\winupdate86.exe Win32/TrojanDownloader.FakeAlert.AED trojan cleaned by deleting - quarantined

Sorry for such a long post. :/ I would of been cleaner if I could find the spoiler button somewhere..Thanks again. \:

EDIT: I restarted and the Skynet worm thing stopped appearing yet the explorer problem still hasn't been fixed. This is what comes up at every startup.

Exception EAccessViolation in module trl100.bpl at 01DF5168.
Access violation at address 01DF6168. Read of address 771E4D20.

pauliewalnuts · Jan 31, 2010

That's a registry problem. I don't know how to fix that.

I'd uninstall IE and reinstall it through another browser. And I'd get Mozilla with the "NoScript" add-on and use that instead of IE. Noscript is awesome.

BinhMinh · Feb 1, 2010

I can't really install or UN install anything from where I'm at. All there is available to me right now is some apps offered in the Microsoft help. A friend had told me that the only option left is to format this PC, which I'm reluctant to do but it really couldn't get any worse than this. That or professional help from others..

Also, I couldn't help but see that there was an ad above this thread telling me that it could help out with my registry problems. Not sure if that link is lying to me or if it's the real deal... ;/

pauliewalnuts · Feb 2, 2010

You're going to have to format and reinstall Vista. Files deleted out of your win32 folder are files Windows needs to work in a stable way.

Sorry (

Access to ANYTHING is disabled...

New Member

My Computer

Chief Flapajaw

My Computer

New Member

My Computer

My Computer

New Member

My Computer

My Computer

Chief Flapajaw

My Computer

New Member

My Computer

Chief Flapajaw

My Computer

New Member

My Computer

Chief Flapajaw

My Computer