paralized with BHO and permissions

[crelm1974]

I've taken on a friends computer problems. She was having trouble with an older Compac Presario(2004) relating to not having a firewall, no virus protection and a strong interest in downloading and going to porn sites.

She got zone alarm and avast antivirus installed and avast found and delt with 15 trojans and worms but had a problem with a BHO trojan it identified as jkkIBQhH.dll that wanted to activate whenever she started up IE or Firefox. Avast wouldn't quarantine it because it said it was being used by another process so she had Avast delete it upon next reboot.

Now when XP loads no Startup programs (like ZA or Avast) load and almost all apps, games, windows control panel tools, etc. will not load giving an error message saying:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item"

I thought maybe she somehow didn't have admin privileges but her account is the only one and the error message prevents accessing User Accounts in the control panel.

I'm really not sure what has happened or if these symptoms are related to each other or what to do next. Thanks for any help or advice.

Christo.


Moved from Software For Windows to Security.

AnandTech Moderator
mechBgon

 

[BigPoppa]

Restore time. I've run into this issue on two different computers now. I haven't found a solution to it yet, both had to be restored. I'm not saying there isn't a solution, but I have yet to find one.

 

[crelm1974]

Re-install Windows XP or a total wipe and re-install XP? I don't think she has permissions to right-click-- >My Computer--> properties --> System Restore. Even if she did I wouldn't know how far back to go.

thanks

 

[xgsound]

If you want to give fixing it a try, here's a link to Castle Cops Smitfraud/ Vundo fixes. http://wiki.castlecops.com/Mal...d_Prevention:_Overview They may repair some of your access to Control Panel, msconfig and other wrongly restricted functions.

I have usually found that a great first step to repairing badly infected machines is to use a third party program to toggle all questionable startup items rather than msconfig. I use the stand alone version of Startup Control Panel from http://www.mlin.net/StartupCPL.shtml for this. This often frees up many CPU cycles and cripples some of the Malware chain which leaves a faster machine to troubleshoot with.


Jim

 

[mechBgon]

In the big picture, this user seriously needs to be switched to a non-Admin user account as a baseline security measure. Right there, you yank the rug out from under most attacks. further security steps to consider

If it were me, I'd look at the prospect of spending 6 hours fighting malware and maybe losing, versus 2 hours reinstalling and securing Windows while eating pizza, and go for the latter

If you do decide to reinstall or re-image, take security precautions against worm attack during the reinstall (scroll down to the large pic and start from there).

If you're doing a reinstall from a normal WinXP CD (as opposed to a system-imaging disc), then use Windows Setup to delete the partitions on the hard drive, hit F3 twice to exit from Windows Setup, and then start Windows Setup a second time, create a partition and carry on.

 

[crelm1974]

Wiped and reloaded in 2 hours and it's working great except spaghetti instead of pizza. Lots of reinstalling to do though but at least it's clean and secure. The guides we're very useful. Thanks for the assistance.

Christo.