Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot Download Anything


  • Please log in to reply

#1
Frau

Frau

    New Member

  • Member
  • Pip
  • 6 posts

Hello,
I have a problem that I have been unable to solve. Hoping someone can help...
Computer is a desktop-

Compaq Presario SR1318NX
512 MB
200 GB

Running Windows XP

Using: Google Chrome, Malwarebytes anti-malware, SUPERanti-spyware, Panda Cloud

Three people share this computer. Two adults and one youth.

Progression of problem and how I responded is as follows:

-Slow to respond (cleared temp files, ran malwarebytes (caught two, usually nothing) then checked security settings and made sure I was signed in as administrator - also freed up space on disk

-Still running slow - did nothing, figured it is an older computer...

-Received failed message when trying to save image. (Both my own pictures and internet images)

-Tried to save image again at a later date and received same message
****************Failed - Insufficient Permissions*******************

-Googled around to find no resolved postings with similar problem.

-Decided to try saving images in another browser - I only have Google Chrome so I tried to download Opera and received same failed message.

So as it is today, I cannot download anything to assist in this process.

Any ideas/thoughts out there?

Dankeschön von frau
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Odds are it is the new version of Zero Access. If it's not then the following may help:


Copy the lines between the stars (but not the stars):

****************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"ScanWithAntiVirus"=dword:00000001


****************

Open notepad and paste the above into it. Verify that you have it all then File, Save As, (to your desktop) "NoScan.reg" OK (Make sure you includes the quotes around the file name)

Close notepad and all browsers. Right click on NoScan.reg and select Merge. Allow it to merge. (If you don't see the Merge option you probably left off the quotes and notepad tacked on .txt)

Open Chrome and see if you can download.

If you have another user, try logging on as the other user. If not, create a new user with admin rights and logon as the new user.

Open Chrome and see if you can download.

Finally try booting into Safe Mode with Networking, (Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. )
Choose the Administrator login (usually there is no password so just hit Enter when the password prompt comes up.



If not then it's probably Zero Access. You will need to get a copy of OTL and also of Combofix:
http://www.geekstogo...timers-list-it/
http://subs.geekstogo.com/ComboFix.exe

If the download is working again also get aswMBR.exe
http://public.avast....erek/aswMBR.exe (It was taking two hours to download today so if you can get it in a reasonable time don't worry about it.)

Use a friend's computer and download and save the files (Pause your antivirus while downloading or copying as it may object to these tools) save the files to a CD or a clean USB Drive (Do not use one that has been in the sick computer) and move them to the desktop of the sick PC.

Run them as follows:

OTL:

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

aswMBR

Pause your antivirus
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Combofix
Pause your antivirus
double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. (You may want to turn off your screensaver so you can watch what is going on) The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

IF this is Zero Access you will need to run Combofix a second time before you get the log.
  • 0

#3
Frau

Frau

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello and thank you for taking the time to help.

Your response has some terms that are not familiar to me. I figured out where to find my notepad and found the save as, then clicked on desktop and am now wondering about "no scan.reg" I do not see it and it is not coming up.
When you say to make sure quotes are included when I copy do you mean the quotes around the word Super anti-spyware?
.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
NO, The quotes are around NoScan.reg. The way notepad works if you type just NoScan.reg and save it, notepad will actually save it as NoScan.reg.txt since its default is a text file. Since we want it to be NoScan.reg we put quotes around it like this: "NoScan.reg" before we save it and notepad understands that we do not want the .txt added to it. In order to get it to save it to the desktop you have to click on Desktop which should be on the left near the top of the list of folders. Then type in "NoScan.reg" where it says File Name: *.txt (overwrite the *.txt) and Save.

Now NoScan.reg should be on your desktop. It should have an icon that looks like an all green Rubik's cube coming apart in front of a piece of paper.


If you have Firefox you can bypass the whole problem by:

Type (where you normally put the URL of the site you want to visit):

about:config

and hit Enter
then scroll down until you find

browser.download.manager.scanWhenDone

then right click on it and Toggle. Close and reopen Firefox and try to download something in Firefox.

I have seen reports that renaming the Windows Defender folder in Program Files will fix this too. Don't know if it's because they had ZA and that killed it or if it's because Windows Defender is involved.
  • 0

#5
Frau

Frau

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Okay - I understand.
Was able to take one baby step.

After saving there was nothing on desktop so I repeated the instructions 3 more times - receiving this message.

C:\Documents and Setting\Compaq_Owner\NoScan.reg already exists.
Do you want to replace it?


It is just not on the desktop. Could there be another way to reach it?
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
You are not saving it to the Desktop. It says it is in C:\Documents and Setting\Compaq_Owner\ so if you right click on Start and select Explore it should open Explorer. You should be able to find \Documents and Settings and click on the + in front of it and then find Compaq_Owner and click on it. Then find NoScan.reg and right click on it and Merge.
  • 0

#7
Frau

Frau

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Found it , merged it and attempted a download.
Received a message...

****************************************************************************
Launcher.exe - Unable to locate component

This application has failed to start because WindowsCodec.dll was not found.
Re-installing the application may fix this problem.

****************************************************************************


Thank you for sticking with this.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
First open msconfig
(see: http://www.netsquirr...sconfig_xp.html for instructions.)

Click on the Startup tab. See if you can find an entry for Launcher. If you do then uncheck it. Click on OK and reboot. If you don't find Launcher then look under the Services tab and see if it is there. If you find it uncheck it then hit OK and reboot.


Copy the next lines

"C:\Program Files\Internet Explorer\iexplore" -extoff "http://www.geekstogo...imers-list-it/"

Start, All Programs, Accessories, Command Prompt. A black Command Window will open.

Right click in the Command Window and Paste (or Edit then Paste) and the copied line should appear.
Hit Enter.

Internet Explorer should open with all add-ons disabled and should go to the download page for OTL. Press the Download button. Save the file to your desktop if you can. Once it is saved then Run the file.


If the above doesn't work then try booting into Safe Mode with Networking.
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.) Then try again starting with "Copy the next lines"
  • 0

#9
Frau

Frau

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Would like to say I found the word Launcher. Not found in start-up or services. Looked through commands in start up and nothing similar was found.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
OK. Try the other steps in the post and see if you can download anything that way. You may need to find a friend with a PC to Download OTL from
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/
for you and save it to a CD then put the CD in your PC and move OTL to your desktop and run it.
  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
OK. If you are going to have to go in to town to get OTL then also get:

Combofix: (Some of the stupider anti-viruses will eat Combofix so it's best to pause the anti-virus while downloading or moving Combofix.)

http://subs.geekstogo.com/ComboFix.exe

TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

aswMBR:

http://files.avast.com/files/rootkit-scanner/aswmbr.exe



Did you try the other steps in Post #8?

Also we can try a System Restore and see if we can go back to a time before the problem started.

http://www.howtogeek.com/howto/windows-vista/using-windows-vista-system-restore/

Choose a Different Restore Point from the Recommended one and pick the oldest one available.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
I did an edit on the last post to change out the aswMBR link. The old server died and they move it to a new address. Also put the other address in code boxes so the forum software wouldn't shorten them in case you need to print them out when you go to town.
  • 0

#13
Frau

Frau

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok, will check in next week with update. Thank you for your help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP