SC, I have used products from Acronis for some time now, They offer the functionality of Norton Ghost but in a user friendly package.

If you use the 'schedule task' function you should be able to set it up to automatically backup Hard drives on any number of PCs (assuming you have everything running on a network) to their own allocated space on your portable drive. Its also easy to restore all data from a dead hard drive (I speak from experience).

Neil

A friend of mine is having some problems with their PC and I wondered if anyone could offer advice.
No programms can be accessed. A message "Restrictions - This operation has been cancelled due to restrictions in effect on this computer. Please contact system administrater"
Also a wee window pops up every 10 minutes "Windows Security Alert. Warning. Potential Spyware operation. Your computer is making unauthorised copies of your system and internet files Click Yes to download spyware remover" (Obviously she clicks No).
What baffles me is that I went round there and tried to get into "Control Panel" via the Start button and the control panel item has disappeared! No "Settings" button either.

Bolshi

It could be something simple or it could be a significant spyware or virus attack. Untill you can decide which, I suggest that she IMMEDIATELY disconects the computer from the network.

After that, start it in safe mode and run a virus check and then an anti spyware check. If you have an AV CD that will boot from the CD then use that.

Let us know how you get on.

Cheers O. I recommended not using internet until sorted.

Norton did find a problem and said it had fixed it (Trogen Kill AV). I'll pop round and try it in safe mode. She only has Norton and not anything like Spybot or the like.

Bolshi

Before you go round, download Windows Defender, Spybot S&D and any stand alone AV that you can find, and burn them to a CD. If you go to PortableApps.com you can downoad a complete portable suite which will run on a flash drive and includes Clam AV - don't forget to update it first.

O. Thanks for that - will do.

O. We got Spybot installed on my friends PC. It found 96 problemmettes! The annoying pop ups have dissappeared but we still have the Control Panel icon missing.
I've found a piece on how you can remove the icon to stop people fiddling with the settings. It involves the registry unfortunately. I was thinking of looking at the settings to see if it will be a simple job like putting the value back to its original value of zero. (I've done a bit of register stuff but obviously don't want to do it if it's not neccessary) I'm swatting up on backing the original settings in the registry just in case ;-)

"In the Registry Editor window, from the folder tree, go to HKEY_CURRENT_USER | Software | Microsoft | Windows | CurrentVersion | Policies | Explorer, make sure you click on the folder explorer, then in the explorer window on the right of the folder tree just right-click on the area and choose New DWORD Value in the name of NoControlPanel, you have to type it carefully exactly like mine, check the capital letter, after the DWORD is added, double-click on it and a little window will appear, now change the value data from zero(0) to one(1) and then click Ok, you can close the Regedit window."

Bolshi

Allthough editing the registry has the potential to trash a system, the key that you describe should not be a problem so log as your are carefull.

The question remains, what hid the control panel in the first place and what else has been changed.

As I said before, your it may be some innocent problem but your friend has to satisfy herself that it was not some serious identity theft virus and that everything has been cleaned up.

For peace of mind, it may be worth buying a new hard disk and reinstalling everything. If you do this, you must use an SP2 installation disk, pre SP2 will not fully recognise a modern disk and is not safe to connect to the internet even to update the system. Once the system is established, mount the old disk as a secondary, virus scan it and copy selected data accross before formatting it.

Your friend should also change passwords on any on-line accounts.

O. Plenty to think about. Thanks for your comments. I'll pass them on.

I wonder if it all centres around the Trogen Kill AV that Norton found? Apparently it disables anti-virus measures. Depressingly, Norton found it on her system again even though it said it had removed it.

Many thx again.

Bolshi

A lot of viruses install in two parts, a program that installs the virus and the virus itself. If you delete one, the other one will reinstall the missing bit on startup. Any good AV programm should be able to sort that but they often don't. A Google search might point you in the right direction.

Your friends main problem is that when it is all sorted, she must be able to believ that her computer has not been compromised, hence the drastic measures that I suggested.

Another check, if you suspect that you may have had a data gathering virus on your machine, do a search of C:\ for files containing the logon names for some of your accounts (bear in mind that the search info is stored in the registry). If you find any files with your login details, be vey suspicious. Unfortunately their absence proves nothing.

Thanks once more O. Have found some other people with virtually same problems. The board at Cexx.org seems to have found how to crack it using Trend Micro HijackThis v2.0.2 programme (amongst other things).

Have a good weekend.

http://boards.cexx.org/index.php?topic=16633.msg68494

We just had a Dell machine in to clean (friend of a director of our company) with this very trojan on it just last week. It disables Task Manager, Control Panel, the lot.

I have to tell you that we could not clean the machine with any tools we had.

We could recover control of the machine, clean the registry and so on, and remove the symptoms for a while, but the devil's spawn remained hidden in the machine and recreated itself.

Two or three of our best guys had a go. Eventually, we rescued all the user data and did a clean install of Windows XP and restored the user data. It was the only economic solution. As it was a friend, we didn't charge them, but we spent about 1,000 of mantime on it (if we'd charged our normal rates). The lady involved was kind enough to send some wine to our chief Tech support guy as thanks.

Since running an Anti Virus scan using free AVG my XP home machine seems to take an absolute age to boot up. I did have a problem when I came back to it as it appeared to have crashed during the scan. Prior to that I noticed just one potential virus had been picked up. Also identified lots of Java installation files as potential viruses but it's done that before.

I think I need to run something like a system repair program that will clean out then dross and speed me up again. Any recommendations? (apart from take a backup!!).

SC

Try using the system restore program. Start Button - Help and Support - Undo changes to your computer with System Restore . This will enable you to restore the system to a prior state, and it's reversible.

Thanks Opti, will give it go.

Er.. Thought I'd mention it. The KillAV virus disabled system restore as well. Hope it's not that particular virus SC. But I think you'd know if it was that b****d by now!

NO, don't think it's that. My AV protection is always up to date and I NEVER open attachments unless I know who they're from and am expecting them. Most of my email comes through my Yahoo account which scans with Norton as well before it's received,. Closing down is also painfully slow as well now!! Going to backup before I do anything else though.

I am extremely pleased and also extremely impressed with

SUPERAntiSpyware - FREE VERSION for Home Users

They say

SUPERAntiSpyware is the most thorough scanner on the market. Our Multi-Dimensional Scanning and Process Interrogation Technology will detect spyware that other products miss! SUPERAntiSpyware will remove ALL the Spyware, NOT just the easy ones!

It is very user-friendly and I also think it is phenominally thorough and slap bang up to date. I use it most days and always check for updates to the protection. It seem to have new stuff ready for this just about every other day.

I'd 100% recommend anyone to try it. If I run it first, then Ad-Aware SE Personal and also Spybot Search and Destroy can't find a damn thing.

I also use CCleaner regularly and get rid of most of my cookies, except for a few carefully chosen cookie retentions. I am convinced from personal experiences that some of the so-called 'tracking cookies' are the ones that can really slow your machine down.

By the way, thus far, I haven't felt the need to spend $29.95 and upgrade the Free SuperAntiSpyware to their 'Professional Version'.

Here are some SuperAntiSpyware Screenshots

iam well pleased with the above superantispyware,been using about a year now as well as ad-aware and S & D,
been thinking about the PRO version HERE
not that much to stop the bad ones,

Just to add to what these guys have said.
I run Norton & Luke Filewalker continuously, and yesterday ran CCleaner and Windows Registry Fix.
Having read the above, I thought I would give it a go. Downloaded, updated and ran, and it discovered, and named, 12 Adware programmes, now deleted.
Very impressed.