[aznsmartj0ck]

I'm not sure where to post it, so please move it if I'm posting in the wrong section.

I have Windows Vista Home Premium SP2 with McAfee Internet Security Suite 2009. About a week ago, the scanner stopped working, so I uninstall McAfee and install Kaspersky. Unfortunately, that scanner fails to work as well. I've tried BitDefender, which failed as well. Microsoft Security Essentials malfunctioned as well. Every single time I try to launch any AV program, I get the message "Windows does not have sufficient priviledges to access the file." I have a feeling a virus is corrupting all the AVs. I even tried to use an online scanner, and now the virus has disable IE as well. Does anyone know of anything that I can do to kill this virus, or at least get an AV up and running to try and pin it down? I'd appreciate any help. Thanks.

P.S. I'm running Ubuntu 9.10 off a USB right now to avoid starting Windows and activating the virus.

[PurplePeopleEater]

sounds like conficker....

[aznsmartj0ck]

PurplePeopleEater, on 02 November 2009 - 06:21 PM, said:

sounds like conficker....

Really? Any advice on getting rid of it?

[CommonSense]

Any abnormal processes or startup programs?

[poolsharkzz]

I agree with Purple - What do you think, CommonSense?

Let's start with posting a HijackThis Report -
http://free.antivirus.com/hijackthis/

I am interested in seeing what is going on during your start-up and what is running (services and the like). We need to learn what the name of this critter is!

Then start by downloading, installing, update if necessary, and then run scans from the following:

Malwarebytes AntiMalware
http://www.malwarebytes.org/mbam.php

McAfee Avert Stinger -
http://vil.nai.com/v...er/default.aspx

Panda Anti-Rootkit -
http://research.pand...rsion-1.07.aspx

Trend Micro RootkitBuster -
http://www.trendmicr...oad/rbuster.asp

Norman Malware Cleaner -
http://www.norman.co..._tools/58732/en

F-Secure Easy Clean -
http://www.f-secure....ter/easy-clean/

GMER -
http://www.gmer.net/

The Microsoft Windows Malicious Software Removal Tool - http://www.microsoft...ve/default.aspx

I want your last scan to be SUPERAntiSpyware Free Edition - http://www.superantispyware.com/

All scans are to be done while in Safe Mode!

You will need to shut off your System Restore as well:
http://windows.micro...store-on-or-off

I know this may seem like it's overkill - I just want to cover all the bases and be sure we kill the bastard!

There is no particular order - just download, install, update, and scan, scan, and scan!

Before scanning: backup - backup - backup - your important files to an External Hard Drive or you can use Windows Sky Drive or save it to a USB Flash Drive.

Post reports or make screen shots if you scans find something.

When you are finished scanning, run another HijackThis Report.

Let's see if we can't kill us a virus tonight...

poolsharkzz


PS. If I were you, I'd trade in your old antivirus for AVG Free 9.0

Also, I'd think about a new Firewall - Comodo Internet Security

 Virus.gif (22.34K)
Number of downloads: 0

This post has been edited by poolsharkzz: 03 November 2009 - 06:41 PM

[aznsmartj0ck]

Bad news
None of the scans work
Every single one returns "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

NOTHING is working...no ideas?

[poolsharkzz]

Okay, let's try this out for size...

I just did a Google Search

Vista: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I clicked on the first couple of links and it seems others have had the same problem recently with their solutions. Make sure the solution is Vista related.

This one seems what you may need but I would dig a little deeper to be sure.

When did this whole mess start? Can you do a System Restore?

What about a Backup Image?

poolsharkzz

 Ultimate_combo.gif (70.41K)
Number of downloads: 0

[aznsmartj0ck]

The problem started a week ago (about) and I have no system restore points from before the problem.
I have a recovery disk with my computer (Sony VAIO VGN-NR160E laptop). I'm not sure if that has a recovery image on it.
I will try the link you mentioned later tonight and tell you how it goes. Thanks.

[Syzygy]

If it is conficker, visit http://www.conficker...cfeyechart.html and give yourself a test.

[mhunkeyz]

Try Avira free antivirus. or Malwarebytes.

[poolsharkzz]

aznsmartj0ck, on 03 November 2009 - 12:14 AM, said:

The problem started a week ago (about) and I have no system restore points from before the problem.
I have a recovery disk with my computer (Sony VAIO VGN-NR160E laptop). I'm not sure if that has a recovery image on it.
I will try the link you mentioned later tonight and tell you how it goes. Thanks.

It's good you have your Recovery Disk, we can use it as a means of last resort - it will bring your system back to it's original factory settings, thus taking you back to the day you bought your system.

While very important to have - I would wait and see if you need to use it before actually using it - there might be a better solution.

You should have it scheduled via the Task Manager to have Vista set a Restore Point every 24 hours. If this isn't working as it should, you may want to review this:

Vista Tutorial - Automatic System Restore Points and SP2

Create a Restore Point for Windows 7 or Vista's System Restore

Windows Vista System Restore Guide

I've heard that Service Pack 2 sometimes disables Vista's System Restore, I believe there is a Hotfix from Microsoft for this but you may want to research it first.

Have you thought about kickin the Vista habit to the curb and upgrading your system to Windows 7?

Windows 7 is really the better choice for Laptops - smaller footprint, increased battery life, decreased power usage, improved memory management, better driver support, faster and easier to use with better performance - all underneath a fresh coat of paint.

Check out: Performance Benchmark Results

Here is the best part: If you are in school the cost to upgrade is $30.00 - $50.00 for Ultimate - not a bad deal considering your current situation.

Just a few thoughts,

poolsharkzz

 gday.gif (9.85K)
Number of downloads: 0

This post has been edited by poolsharkzz: 03 November 2009 - 05:28 PM

[ShadowCoder]

Backup any non-executable type files that you wish to keep. Zero out your hard drive, then re-install windows. Its the quickest and most sure way to get rid of any virus. And you skip the frustrations of trying everything under the sun and it not work.

[poolsharkzz]

ShadowCoder, on 03 November 2009 - 12:19 PM, said:

Backup any non-executable type files that you wish to keep. Zero out your hard drive, then re-install windows. Its the quickest and most sure way to get rid of any virus. And you skip the frustrations of trying everything under the sun and it not work.

I definately agree...

Though in this case I am not sure it is a virus - that's why I want to see his HijackThis Report first before making a final analysis - my gut feeling is that it could be something else entirely...

Others have had his ""Windows cannot access..." problem after installing Service Pack 2 (check out my eariler Post) and after a search on Google, I found a few solutions that worked for others. Maybe it's what the Doctor ordered?

You should talk to this guy - Windows system defender virus

Sometimes, it's like pullin teeth!

poolsharkzz


 Dance_lessons.gif (4.52K)
Number of downloads: 0

This post has been edited by poolsharkzz: 03 November 2009 - 06:46 PM

[CommonSense]

It's definitely some form of malware. No doubt about it. I had a similar problem where I couldn't update the definitions for ANY Antivirus program. Try and run ClamWin Portable or even try and run ClamWin from Ubuntu and have it scan the Windows drive.

Put together a USB with some AVs and the latest definitions that you will have to manually install. Put on McAfee Stinger and other stand-alone AVs. And before plugging in your USB, disconnect your computer from the Internet, pull the wire or disable the hardware or turn off your modem. And then run some scans and see if you can post a HJT Log as that can help narrow things down as well.