Copied folder by folder from old user folder to new. And it seemed to work. Logged in as new user and everything was working again. Start chrome and it could not set itself to the default browser. Went to "Set Program Access and Computer Defaults" and made Chrome default browser and windows media player default video player. Then all my same problems came back. I cannot double click folders or image files. I cannot run explorer.exe. etc. etc. What is windows doing?
Ran sfc /scannow and it didn't find anything. Running out of things to try. It seems windows has removed access to doing certain things, but permission are correct.
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
The new user is set to Administrator. It's just strange. For example when I double click c:\windows\explorer.exe I get the error, but if I right click and run as admin it works.
True, but HerdProtect uses 68 virus checkers. Thinking root kit know. Know any good root kit scanners. Was going to try https://security.symantec.com/nbrt/npe.aspx from a bootable usb drive. I have made live linux bootable usb drives, but I don't really know how to make a windows one.
mikeymikec
Lifer
- May 19, 2011
- 21,104
- 16,315
- 136
Have you run a full filesystem check yet? I've noticed you've run some checks on the disk itself and that sounds promising, but I certainly wouldn't do any more destructive things to the Windows installation (system restore etc) until you've got a copy of your data then checked the file system (which in turn is another way of checking the disk).
Didn't run Norton Power Eraser from boot usb drive, but just from within windows it didn't find anything but four things I know are not viruses, not to mention they have been installed for over a hear. Two files it marks as bad, but then when you click on it it gives it a favorable rating?
What do you mean by a full file system check? Tell me the command and I will run it. I do have a backup of my user directory. I also have a full system backup, but it just a few days before this happened and I have a feeling it has the same problem. The last two options I will try are that full backup then a full install or repair install if that doesn't work.
What do you mean by a full file system check? Tell me the command and I will run it. I do have a backup of my user directory. I also have a full system backup, but it just a few days before this happened and I have a feeling it has the same problem. The last two options I will try are that full backup then a full install or repair install if that doesn't work.
mikeymikec
Lifer
- May 19, 2011
- 21,104
- 16,315
- 136
mikeymikec
Lifer
- May 19, 2011
- 21,104
- 16,315
- 136
I'd be curious to know what you see if you run the utility 'autoruns' from sysinternals (now owned by MS and downloadable from the MS site for free), especially under the 'AppInit' tab.
I'm also wondering if you've got a dodgy version of say Google Chrome. Perhaps it's coincidence, but it seems that your problems returned after you set it as the default browser.
One other thing I'd consider doing is downloading TDSSKiller from Kaspersky, tell it to verify system files and do a scan after restarting. It might not say "this is a virus", but I would regard an unsigned driver as suspicious and worth checking out.
I'm also wondering if you've got a dodgy version of say Google Chrome. Perhaps it's coincidence, but it seems that your problems returned after you set it as the default browser.
One other thing I'd consider doing is downloading TDSSKiller from Kaspersky, tell it to verify system files and do a scan after restarting. It might not say "this is a virus", but I would regard an unsigned driver as suspicious and worth checking out.
Last edited:
Surface scan was clean.
chkdsk found some free space that was marked as allocated, but that is all I saw. Unfortunately it continued booting before I could read it all. And it doesn't seem to show up in the event log.
I ran autoruns sysinternals from https://live.sysinternals.com/ and the appinit tab is empty. Interesting if I run it from my user that is messed up. I get WMI timeout error when I start it, but it seems to work fine after that. My clean administrator backup user doesn't give me this error.
TDSSKiller only found an unsigned driver for my kids hotwheel camera car. Had it installed for a few years now. No other errors reported.
chkdsk found some free space that was marked as allocated, but that is all I saw. Unfortunately it continued booting before I could read it all. And it doesn't seem to show up in the event log.
I ran autoruns sysinternals from https://live.sysinternals.com/ and the appinit tab is empty. Interesting if I run it from my user that is messed up. I get WMI timeout error when I start it, but it seems to work fine after that. My clean administrator backup user doesn't give me this error.
TDSSKiller only found an unsigned driver for my kids hotwheel camera car. Had it installed for a few years now. No other errors reported.
mikeymikec
Lifer
- May 19, 2011
- 21,104
- 16,315
- 136
Curious. Can you try with an admin/elevated command prompt to browse the folders that you can't access with explorer?
I can access the folder through the command prompt from the user or elevated to admin. It is only when I double click on it. Remember, I can even right click and say open to view it. The windows explorer shortcut in the task bar also gives me the same error.
mikeymikec
Lifer
- May 19, 2011
- 21,104
- 16,315
- 136
mikeymikec
Lifer
- May 19, 2011
- 21,104
- 16,315
- 136
My first thought is to run various virus scans because at least then you know a rootkit can't be circumventing the scanning capabilities, but in your shoes I would want to queue up a load of ideas rather than take a disk out, do one thing, put it back in again, rinse and repeat...
Another thought is to try browsing to the problematic folders from the other PC, but first I'd like to know what it says the permissions are (in the machine that disk is normally in). Out of curiosity I might be inclined to (temporarily) reset permissions to something like everyone:F just to see whether it makes any difference to your ability to access the folders. I would then try it in another machine to see whether there's any difference in accessing it.
Hopefully needless to say, but absolutely don't run any binaries from the disk in question while it's connected to the other machine.
Can you confirm whether my summary of the problems is correct?:
Historical point - User disappears from welcome screen, files were still present.
Creating another user allowed you (probably once you've confirmed a security alteration) to copy old user's files into new profile, you could access the files, but then it decided that you weren't allowed to access those files (possible coincidence being setting default player/browser).
Virus checks so far haven't turned up anything, checked with Malwarebytes too.
Question - In Malwarebytes, did you do a custom scan, told it to check for rootkits and to check the entire boot volume?
Full file system check turned up nothing of particular interest. Anything recent error/warning-wise in the system log (Windows Event Viewer)?
Other disk checks also didn't turn up anything.
Someone mentioned file extensions and malware presenting something as a text file when it's actually .txt.exe. Have you switched off hiding file extensions? To what end I'm not sure, perhaps you'll notice something awry when folder browsing.
Last edited:
Scanning the drive for viruses from another computer makes sense, but wouldn't a boot disk accomplish the same goal.
I cannot browse any folders on the desktop. I have to have to right click open to browse them. The permission on the one folder as an example are Full control for SYSTEM, Administrators, my new user, user I use for backups.
For a test I gave a folder full control to Everyone. No change. What does it mean when the permission "checks" are light grey? That is what they are, except for the for the one for Everyone that I just added.
I don't think the problem is a permission problem with the data. But, what tries to read the data when you double click it has an issue. I thought permission issues with explorer, but explorer.exe is set to Read & execute SYSTEM, Administrators, and Users. My new user is in Adminstrators and Users. But, it cannot execute C:\windows\explorer.exe. Besides right click open on a folder seems to run explorer fine.
I didn't change the settings in Malwarebytes. I will run it again.
The eventviewer is full of stuff. Especially after this started. A few that stand out are:
Error: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0. From Microsoft Antimalware.
Error: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. From Microsoft Antimalware.
Hide extensions is unchecked. The files are what they say they are.
I cannot browse any folders on the desktop. I have to have to right click open to browse them. The permission on the one folder as an example are Full control for SYSTEM, Administrators, my new user, user I use for backups.
For a test I gave a folder full control to Everyone. No change. What does it mean when the permission "checks" are light grey? That is what they are, except for the for the one for Everyone that I just added.
I don't think the problem is a permission problem with the data. But, what tries to read the data when you double click it has an issue. I thought permission issues with explorer, but explorer.exe is set to Read & execute SYSTEM, Administrators, and Users. My new user is in Adminstrators and Users. But, it cannot execute C:\windows\explorer.exe. Besides right click open on a folder seems to run explorer fine.
I didn't change the settings in Malwarebytes. I will run it again.
The eventviewer is full of stuff. Especially after this started. A few that stand out are:
Error: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0. From Microsoft Antimalware.
Error: Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. From Microsoft Antimalware.
Hide extensions is unchecked. The files are what they say they are.
mikeymikec
Lifer
- May 19, 2011
- 21,104
- 16,315
- 136
In theory, yes. I suppose there are other vectors to consider, like malware targeting your BIOS, but I haven't personally come across types like this AFAIK (I've only read about them).
Just folders on the desktop? I assume not.
If they're light grey then they're inherited from the parent folder so they should apply just as well.
It does seem like the symptoms you're experiencing are oddly specific. MSE up the creek as well.
Have you been running MSE the whole time (ie. pre-dating this situation as well)?
Out of curiosity I might compare the registry entries between a working machine for what's queried when one double-clicks a folder.
On Win7, by the looks of it, HK_CLASSES_ROOT\Folder is one of them. There's a CLSID in that structure that I would also track down.
I'm also wondering whether something odd has happened with MSE and it's the cause of the problems, but the only problem I've seen with MSE screwing around with normal system functions is the most recent version conflicting with Oracle VirtualBox. You could try removing MSE temporarily to see if it makes any difference?
Malwarebytes found two files in a temp directory it didn't like. I told it to remove them. They were called bi_downloader. No change though.
Well a bios infection doesn't sound that good. I don't think I have even read about them.
I can only test desktop folder icons because there is no way to double click other icons without opening explorer with right click open on a desktop folder or running explorer.exe as administrator. The icon in the task doesn't work nor does windows key + "e".
I have been running MSE for as long as I can remember.
I will take take a look at the registry.
Maybe MSE is flipping out and disabling access to explorer.exe. I will try and remove it and see what happens.
Well a bios infection doesn't sound that good. I don't think I have even read about them.
I can only test desktop folder icons because there is no way to double click other icons without opening explorer with right click open on a desktop folder or running explorer.exe as administrator. The icon in the task doesn't work nor does windows key + "e".
I have been running MSE for as long as I can remember.
I will take take a look at the registry.
Maybe MSE is flipping out and disabling access to explorer.exe. I will try and remove it and see what happens.
Last edited:
ninaholic37
Golden Member
- Apr 13, 2012
- 1,883
- 31
- 91
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter