Jump to content

Change Mode

Single User problem in a Multi-user environment


grenneam

Recommended Posts

Hi Folks,

 

Got a problem with an older couple's PC. Each person has their own User Profile under windows XP Home Edition SvcPk 3. User 1 is unable to execute ANY programs - either by clicking on the program shortcut or the program directly, or by entering a name in the RUN box. Any of these actions results in an "Open With" window appearing that has 'iexplorer' highlighted.

 

User 2 appears to function ok with one exception - When the desktop loads there is a Windows Security Center alert that indicates that "Auto-Updates" is turned off and it isn't able to be turned on via the security center. Other than that User 2 seems to be able to do everything else normally.

 

I started in SafeMode, signed on as Administrator, and ran ESET remotely, Malwarebytes, Spybot, Uninstalled AVG version 2011, installed 2012 and ran a selective full scan on User 1's D&S Profile.

 

Each of these programs said that it found & corrected some stuff - but the problem persist.

 

Could really use some HELP and DIRECTION!!!!

 

Thanks

Link to post
Share on other sites

Yep got it !! I think it was part of the XP Anti-Virus 2011 fake security program. Sorry to bother you Folks.

 

Registry Keys Detected: 1

HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCR.exeshellopencommand| (Hijack.ExeFile) -> Data: "C:Documents and SettingsEdwidgeLocal SettingsApplication Datarvt.exe" -a "%1" %* -> Quarantined and deleted successfully.

Registry Data Items Detected: 1

HKCRexefileshellopencommand| (Broken.OpenCommand) -> Bad: ("C:Documents and SettingsEdwidgeLocal SettingsApplication Datarvt.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and repaired successfully.

Link to post
Share on other sites

Good to hear it, but you'd better be safe than sorry...

Download DDS from here > http://download.blee...om/sUBs/dds.scr and run the program like this:

Disable any script blocking protection (How to Disable your Security Programs > http://forums.whatth...showtopic=96260 )

Double click on the DDS icon to run the tool (may take up to 3 minutes to run).

When done, DDS.txt will open.

After a few moments, attach.txt will open in a second window.

Save both reports to your desktop.

Please post the contents of the DDS.txt and Attach.txt logs in a new thread that you start here > http://forums.pcpits...-been-hijacked/

 

Wait for help there from one of our Trusted Malware Techs, they'll help make sure you're clean.

 

 

 

 

:geezer:

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...