Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

File and Folder Properties are messed up


  • Please log in to reply

#46
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Even if the drivers are running, you should have some more access to those files.

Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

sc config akerneldrv start= disabled

sc config pcrasys start= disabled

exit


If you were allowed to make the changes, you should have gotten a confirmation after each one. before we go further, post back an update on that please.
  • 0

Advertisements


#47
Kasey21

Kasey21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Both Succeeded.
  • 0

#48
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Reboot, and upload copies of those files.

Also after the reboot, open Task Manager, and under Processes locate and End Process servicescache.exe, then upload that as well.
  • 0

#49
Kasey21

Kasey21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Same error message.

Also when you asked this:

Earlier we did "net user administrator /active:yes". This enabled the actual Admin account. You are using this as your regular account (not recommended)? If not, reboot to that actual Admin account to handle the files. I thought you created a new account, and migrated to it?


I was never able to use the Administrator account. There was a password. I never set a password so there shouldn't have been one. And I didn't know it.
  • 0

#50
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Log in to the Administrator account, and just press Enter for the password (no password). Then try the file uploads. No joy, we will need to use a tool to gain copies, so we can ID these items and move forward.
  • 0

#51
Kasey21

Kasey21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
I had tried not password and it didn't work either.
  • 0

#52
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Foof. When the computer is right out of the box, you are usually offered then to create that password. I usually hedge my bet on most folks fearing they will forget it, and passing it by at that time (they do).


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

KillAll::
Suspect::
C:\Windows\system32\Drivers\akerneldrv32.sys
C:\Windows\system32\Drivers\pcrasys32.sys
C:\Windows\system32\servicescache.exe

Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.


ComboFix will now run as it did before. Allow the scan to run. When the scan completes this time a text log will open, as well as an indication the removed files need to be submitted for analysis (showing under "Collect" in the CFScript). You can just close the browser window and allow the scan to complete, as we will be assessing these locally.

Once the ComboFix scan completes, I would like you to locate the new zipped file on your desktop, called Submit [Date Time].zip, and go here, press new topic, fill in the needed details and just give a link to your post back here. Then press the browse button and then navigate to & select that zip file on your computer. You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP