Had a faker Trojan.. All cleaned up now. But IE and FF will not launch.
Both return error "you do not have permission..."

FF shows blank icon in firefox.exe location.

Uninstalled IE, reinstalled. Same.

Any hints?

thanx

plugginaway wrote:
> Had a faker Trojan.. All cleaned up now. But IE and FF will not launch.
> Both return error "you do not have permission..."
>
> FF shows blank icon in firefox.exe location.
>
> Uninstalled IE, reinstalled. Same.
>
> Any hints?
>
> thanx

Run these:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html

--
Joe =o)

those have been run...ergo my 'all cleaned up.'

what else?

thanx


Elmo wrote:

> plugginaway wrote:
>
>>Had a faker Trojan.. All cleaned up now. But IE and FF will not launch.
>> Both return error "you do not have permission..."
>>
>>FF shows blank icon in firefox.exe location.
>>
>>Uninstalled IE, reinstalled. Same.
>>
>>Any hints?
>>
>>thanx
>
>
> Run these:
>
> Malwarebytes© Corporation
> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
>
> SuperAntispyware
> http://www.superantispyware.com/superantispywarefreevspro.html
>

On Tue, 29 Sep 2009 15:37:04 -0500, plugginaway <anon> wrote:

> Had a faker Trojan..


Exactly what Trojan did you have? How did you know? What software
identified it?


> All cleaned up now.


How do you know? Exactly what did you do that makes you think it was
"all cleaned up"?


> But IE and FF will not launch.


Then almost certainly it was *not* "all cleaned up."


> Both return error "you do not have permission..."
>
> FF shows blank icon in firefox.exe location.
>
> Uninstalled IE, reinstalled. Same.
>
> Any hints?
>
> thanx

--
Ken Blake, Microsoft MVP (Windows Desktop Experience) since 2003
Please Reply to the Newsgroup

a couple of the Fake variety. one was the a.exe

cleaned with MBAM, SAS, AVAST, AVG.

Mbam found a couple more this evening after an update and rescan.

No more hits, rescanning.

no weirdos in HJT either.

thanx


Ken Blake, MVP wrote:

> On Tue, 29 Sep 2009 15:37:04 -0500, plugginaway <anon> wrote:
>
>
>>Had a faker Trojan..
>
>
>
> Exactly what Trojan did you have? How did you know? What software
> identified it?
>
>
>
>>All cleaned up now.
>
>
>
> How do you know? Exactly what did you do that makes you think it was
> "all cleaned up"?
>
>
>
>>But IE and FF will not launch.
>
>
>
> Then almost certainly it was *not* "all cleaned up."
>
>
>
>> Both return error "you do not have permission..."
>>
>>FF shows blank icon in firefox.exe location.
>>
>>Uninstalled IE, reinstalled. Same.
>>
>>Any hints?
>>
>>thanx
>
>

plugginaway wrote:
> Had a faker Trojan.. All cleaned up now. But IE and FF will not launch.
> Both return error "you do not have permission..."
>
> FF shows blank icon in firefox.exe location.
>
> Uninstalled IE, reinstalled. Same.
>
> Any hints?
>
> thanx

Kelly has information on changing permissions for programs on her site.
See here:

http://www.kellys-korner-xp.com/xp_abc.htm
Click "P" and scroll down to "Program Permissions", "Restrict Users from
Running Specific Applications", and "Restrict Applications Users Can
Run". Of course, you'll want to reverse the settings she discusses.

But I suspect these should have been changed by the software you ran.
It's possible you have a rootkit that takes control long before the
anti-malware software can start.

Burn BitDefender, or another program listed at the link below, to a CD
(using a working machine) and test the infected machine with it.
BitDefender also has a Rootkit checker on the Linux Desktop; run it if
you think that's the problem:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Download the executable rather than the .iso image, if one is
available.. it prompts you to insert a CD and burns the file, no problem.

--
Joe =o)

Use Dial-a-fix to repair file and registry permissions:

Click the "Tools" button at the bottom that looks like a
hammer, then select "Repair permissions", then press the "Go" button.

Dial-a-fix 336 KB (Freeware)
Web: http://wiki.djlizard.net/Dial-a-fix
Download 1: http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip
Download 2: http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip


ju.c


"plugginaway" <anon> wrote in message ...
> Had a faker Trojan.. All cleaned up now. But IE and FF will not launch.
> Both return error "you do not have permission..."
>
> FF shows blank icon in firefox.exe location.
>
> Uninstalled IE, reinstalled. Same.
>
> Any hints?
>
> thanx

Thanx. I will give them a try and let u know.

ju.c wrote:
> Use Dial-a-fix to repair file and registry permissions:
>
> Click the "Tools" button at the bottom that looks like a
> hammer, then select "Repair permissions", then press the "Go" button.
>
> Dial-a-fix 336 KB (Freeware)
> Web: http://wiki.djlizard.net/Dial-a-fix
> Download 1:
> http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip
> Download 2: http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip
>
>
> ju.c
>
>
> "plugginaway" <anon> wrote in message
> ...
>
>> Had a faker Trojan.. All cleaned up now. But IE and FF will not
>> launch. Both return error "you do not have permission..."
>>
>> FF shows blank icon in firefox.exe location.
>>
>> Uninstalled IE, reinstalled. Same.
>>
>> Any hints?
>>
>> thanx

Kelly's Program Permissions: in gpedit.msc, Userconfig, Admin
Templates, there is NO 'System".


Also, I do not even have gpedit on my other set to compare it???

Know of a rootkit cleaner that might help?

thanx


Elmo wrote:
> plugginaway wrote:
>
>>Had a faker Trojan.. All cleaned up now. But IE and FF will not launch.
>> Both return error "you do not have permission..."
>>
>>FF shows blank icon in firefox.exe location.
>>
>>Uninstalled IE, reinstalled. Same.
>>
>>Any hints?
>>
>>thanx
>
>
> Kelly has information on changing permissions for programs on her site.
> See here:
>
> http://www.kellys-korner-xp.com/xp_abc.htm
> Click "P" and scroll down to "Program Permissions", "Restrict Users from
> Running Specific Applications", and "Restrict Applications Users Can
> Run". Of course, you'll want to reverse the settings she discusses.
>
> But I suspect these should have been changed by the software you ran.
> It's possible you have a rootkit that takes control long before the
> anti-malware software can start.
>
> Burn BitDefender, or another program listed at the link below, to a CD
> (using a working machine) and test the infected machine with it.
> BitDefender also has a Rootkit checker on the Linux Desktop; run it if
> you think that's the problem:
>
> http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
>
> Download the executable rather than the .iso image, if one is
> available.. it prompts you to insert a CD and burns the file, no problem.
>

the DialAFix did it!!!

thank you



ju.c wrote:
> Use Dial-a-fix to repair file and registry permissions:
>
> Click the "Tools" button at the bottom that looks like a
> hammer, then select "Repair permissions", then press the "Go" button.
>
> Dial-a-fix 336 KB (Freeware)
> Web: http://wiki.djlizard.net/Dial-a-fix
> Download 1:
> http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip
> Download 2: http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip
>
>
> ju.c
>
>
> "plugginaway" <anon> wrote in message
> ...
>
>> Had a faker Trojan.. All cleaned up now. But IE and FF will not
>> launch. Both return error "you do not have permission..."
>>
>> FF shows blank icon in firefox.exe location.
>>
>> Uninstalled IE, reinstalled. Same.
>>
>> Any hints?
>>
>> thanx

plugginaway wrote:
> Kelly's Program Permissions: in gpedit.msc, Userconfig, Admin
> Templates, there is NO 'System".
>
>
> Also, I do not even have gpedit on my other set to compare it???
>
> Know of a rootkit cleaner that might help?
>
> thanx
>
>
> Elmo wrote:
>> plugginaway wrote:
>>
>>> Had a faker Trojan.. All cleaned up now. But IE and FF will not launch.
>>> Both return error "you do not have permission..."
>>>
>>> FF shows blank icon in firefox.exe location.
>>>
>>> Uninstalled IE, reinstalled. Same.
>>>
>>> Any hints?
>>>
>>> thanx
>>
>>
>> Kelly has information on changing permissions for programs on her site.
>> See here:
>>
>> http://www.kellys-korner-xp.com/xp_abc.htm
>> Click "P" and scroll down to "Program Permissions", "Restrict Users from
>> Running Specific Applications", and "Restrict Applications Users Can
>> Run". Of course, you'll want to reverse the settings she discusses.
>>
>> But I suspect these should have been changed by the software you ran.
>> It's possible you have a rootkit that takes control long before the
>> anti-malware software can start.
>>
>> Burn BitDefender, or another program listed at the link below, to a CD
>> (using a working machine) and test the infected machine with it.
>> BitDefender also has a Rootkit checker on the Linux Desktop; run it if
>> you think that's the problem:
>>
>> http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
>>
>>
>> Download the executable rather than the .iso image, if one is
>> available.. it prompts you to insert a CD and burns the file, no problem.

Gpedit isn't available on XP Home; you might be able in a download it
though. The BitDefender CD has a rootkit detector on its Desktop. Gmer
is good for finding rootkits and other nasties. I've seen other names
mentioned too, but don't have a list of them, and I'm heading out the
door. Do a search for free rootkit cleaners at http://www.download.com
which is a safe, CNET site.

--
Joe =o)