[hunnebuns]

Well, I am really no longer in tears.  I am now just numb.  I have been trying to fix my issue for two days now.  Mr Charlie from Malwarebytes sent me over to you for your assistance if possible. 

 

Here is the link to what we have done so far....

https://forums.malwarebytes.org/index.php?showtopic=145563&p=812229

 

My issue is that I seem to have no permissions to do anything with my C:\ drive.  Access denied to do anything an admin would be able to do.  So no reseting, refreshing, restoring.  No .exe files.  Can't disable UAC.  Nothing.  If I right click on C:\ properties, it says I have zero disk space used and zero available however I can see all of my files and was able to copy them to an external drive.  I have run Microsoft Safety scanner which found a backdoor shell malware (i might seem to know what this is but I do not) and it removed it however, nothing changed.  I can get into safemode but still cannot run any .exe files or do anything admin.  I cannot even start task manager.

I work for a non-profit doing their social media, I am taking college classes and I use my pc for personal business as well.  I am really at a loss and am hoping someone takes the challenge.  If you can solve this one, I as well as my internet tools professor, will be indeed impressed!!

Thank you for even taking the time to read all of this.  I really appreciate any help I can get. 

 

~Laurie

[Advertisements]

Hi can you right click the files and select run as administrator ?

 

There are a few options we can try but with the rider there is no guarantee that it will work.  So first ensure that you have all your files backed up

 

Download the take ownership reg file attached to your desktop

[attachment=69927:Add_Take_Ownership.reg]

 

Double click the file and allow to merge with the registry

 

Were you able to do that

[Essexboy]

Hi can you right click the files and select run as administrator ?

 

There are a few options we can try but with the rider there is no guarantee that it will work.  So first ensure that you have all your files backed up

 

Download the take ownership reg file attached to your desktop

[attachment=69927:Add_Take_Ownership.reg]

 

Double click the file and allow to merge with the registry

 

Were you able to do that

[hunnebuns]

Hi.  Thank you for your time.  If I right click on Run as Administrator it tells me 'windows cannot access c:\......   I downloaded the Add_take_ownership.reg and ran it in safe mode which it would not let me do in reg startup.  It said the keys were successfully applied however, I tried to then install Malwarebytes and it says 'the drive or UNC share you selected does not exist or is not accessible.'  This is a little different than the message I received before but the same result.  I can't access my C:\ drive.

 

I notice now it says 'Take Ownership' instead of 'Run as Administrator'  Still trying to open something as simple as a .pdf, I clicked on 'take ownership' and then open and it says 'an internal error occurred'

:/ 

[Essexboy]

OK next we will attempt to use icacls to reset the permissions.  Details here  http://technet.micro...y/cc753525.aspx

 

From safe mode run a command prompt and type in the following command

 

icacls * /T /Q /C /RESET

 

 

[hunnebuns]

from my prompt which is c:\users\laurie  in safemode, i typed the above and the response was 'icacls*' is not recognized as an internal or external command.  I put an asterisks, was that correct?  I tried to change it to just the c:\ and it tells me 'access denied'

[Essexboy]

Could you set the command prompt to C:\windows\system32

 

[attachment=69932:Capture.JPG]

[hunnebuns]

access denied

[Essexboy]

OK still more to try
 
Do you have a windows CD so that we can access the recovery console ?
 
If not I will give you a link for an ISO copy
 
Download the following to your desktop :

 
1.  Rufus 
2.  Windows 8 64bit RC. I will PM the download link

Insert the USB stick Then run Rufus

Select the ISO file on the desktop via the ISO icon. 

Press Start Burn


Insert the USB into the sick computer and start the computer.  First ensuring that the system is set to boot from USB 
Note: If you are not sure how to do that follow the instructions Here
 
When you reboot you will  see this.   
  
Select the language on this screen and keyboard on the next  
  
  
  
Select the Trouble shoot option   
  
  
  
Select Advanced  option   
  
  
  
Select Command prompt   
  
  
  
At the command prompt type the following  :  
  
diskpart
Then type :
list volume
Make a note of the drive letter allocated to windows and the letter assigned to system

Type Exit in diskpart to return to the command prompt
Then in the command prompt type the following command :
sfc /scannow /offbootdir=&:\ /offwindir=*:\windows Where the star is the drive letter of windows and the ampersand the system drive

[hunnebuns]

I passed this part over to my husband.  It took him an hour or so to get it to read the usb drive.  He finally got it boot with the usb, however, it shows across the bottom reading files and then it starts a progress bar at the top of the screen and then suddenly shuts the computer down.  He tried it a few times and the same result.

[Essexboy]

I have just been given a possible solution by one of the Techs

 

From the command prompt type the following

 

net user administrator /active:yes

 

This will reveal the hidden Admin account

Log in using this account

From this account create a new admin user http://windows.micro...count=windows-8

 

Reboot to this new user does the system now behave itself ?

[hunnebuns]

I will just type the screen that came up because you are beyond me!  lol 

 

NET USER

[username [password | *] [options]] [/DOMAIN]

              username <password | *> /ADD [options] [/DOMAIN]

              username [/DELETE [/DOMAIN]

              username [/TIMES :<TIMES : ALL>]

              username [/ACTIVE: <YES | NO>]

Edited by hunnebuns, 05 April 2014 - 01:55 PM.

[Essexboy]

net user administrator /active:yes

 

Once the above was typed in you should have just received a confirmation.  The above is all one command  

 

Could you try it from the safe mode command prompt

[hunnebuns]

I did use the safemode command prompt.  the prompt said c:\windows\system32 so my typing made it appear as this:  

 

 c:\windows\system32>net user administrator/active:yes  then I hit enter and got the above.

[Essexboy]

There is a space between administrator and the backslash (/)

 

Could you try the same from the recovery console command prompt please

[hunnebuns]

I'm so sorry!  ok I added the space and it says the command completed successfully and gave me another prompt

 

I didn't see any user so I turned off my pc and it rebooted and came up with the same screen and when i backed out of my account it had a generic administrator account.  I went to create a new account and unfortunately it will not let me.  When I click on add account it just sits there and does not respond.  I am going to try it in safemode next.

Edited by hunnebuns, 05 April 2014 - 07:52 PM.