Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something changes exe permissions to access denied


  • Please log in to reply

#1
semmel

semmel

    Member

  • Member
  • PipPip
  • 36 posts
Hi.
I have some experience in removing viruses that I can find, but this one has been very elusive.
I used HiJackThis first - it found nothing out of the ordinary, BUT I had to run it in Safe Mode: When I run it normally, even as Admin (Windows Vista 32bit), about the time it gets to the Services it simply quits, and I cannot run it again - I get the message from Windows that access is denied to the file.
Same with RunScanner.
Same with the installed copy of AVG 8.5 and AdAware - they had already tried to run earlier and were also inaccessible.
In the case of AVG, I was finally able to remove it and install version 2012, update it and then run it in Safe Mode - found nothing.
Ran MBAM in Safe Mode, found a few minor infections.
Tried SilentRunners, also nothing I found to be out of the ordinary.

I found your entry on what other programs to run, and I just started the VIPRE scan, and I'll run SuperAntiSpyware, too.

The files that get their permission changed can be deleted from DOS prompt using rmdir, but otherwise I can't run them. ATTRIB doesn't show anything out of the ordinary, and I am still the owner of the file, so I don't know for sure how I am being locked out of the files. AVG scan found quite a few files/folders to be "locked", including some of the files I found to be locked.

My questions are:
1. What infections are likely to deny access to executable files, and what can I do to find and remove them?
2. What can I do to restore access to some of these files? I don't know what version of AdAware this person has installed (paid or not), and I'd rather restore it than wipe and re-install it.

I'll also keep you guys posted on the result of VIPRE and SAS if they find anything.

If you need HJT logs, please let me know, but as far as I can tell it's clean - been using it for 5 years :-)

[edit]
After reading around in the forum for a bit (it's been a while since I was last here), I found out about OTL, so here's my logs. I saw a few suspicious things in there (mostly files not found and keys not found - probably part of the same "access denied" issue), but I didn't see any suspicious file that starts with Windows.

Also, in the attached files you'll likely see traces of things I have tried so far to figure this out, including a few rootkit detectors (sysinternals). Right now, this computer has been in Safe Mode since yesterday, just running scans, so it probably never had a chance to clean up some of these things.

[next edit]
VIPRE finished - it found one Reg Key (but didn't tell me what it was - the logs are about 25MB in size!) and identified a file called Avenger as a virus - which is a program I have used in the past to delete infections that couldn't be deleted otherwise :-/
Running SAS now...

Thanks!

Attached Files


Edited by semmel, 11 October 2011 - 10:31 AM.

  • 0

Advertisements


#2
semmel

semmel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
After having messed with various scans and tools, the issue APPEARS to be resolved, but I'm not 100% convinced yet...
I can run HJT and RunScanner now without losing access permissions to the files.
I also finally managed to find out how to get lost permissions back - in the file properties, the entries for USERS and ADMINISTRATORS had been removed. I recreated them for a file belonging to AdAware, and I was able to restart its service without a problem.

So now the computer has been running with a few reboots for 2 hours without showing any signs of an issue.

The thing is:
I am not aware of actually removing anything!!!
I still don't know what caused the issue in the first place, unless I removed it accidentally when I disabled one or two lightly suspicious files with HJT - but then these files should show up in a virus scan, and I just ran a full AVG Free 2012 scan...

So, while I seem to no longer need assistance, I would still love to know if anyone can identify what could have caused the issue based on my descriptions - I simply don't trust that this issue is 100% fixed when I'm not sure what fixed it...

Thanks!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP