Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Poweliks removal without admin permissions?

28 Apr 2015   #1
UberGoober

Windows 7 Pro 64 bit
 
 
Poweliks removal without admin permissions?

Thanks a million (trillion these days?) all you volunteers who help us clueless geek wannabees. You are the bombs for doing this!

So...back to work!

Every user & group now has special permissions with checks in grayed-out boxes. Trusted Installer as a user seems to have total control of the PC. I can't run anything UAC needs permission for, and cannot get elevated admin rights in safe mode.

I tried a Hiren's-style CD full of various utilities in safe mode to change the admin password back to mine. Said it was successful, but it wasn't. I think this nasty bug takes ownership of anything you work with - mouse click, command line, even security web pages. It glitched for a second and I saw it replace the ESET page with something else, then overlay that with maybe a spoof of the ESET page that took 10 seconds to load!

The concept I'm thinking of is using my Vista PC to sterilize a thumb drive and load all the offline installers found in the various Poweliks and similar threads onto it in case I need them. (I'd like to be able to run the online installers from the thumb drive, too, but don't know how.)

Then boot my 7PC into safe w/ networking and run this ESET Poweliks remover from the thumb drive if possible:

FULL REMOVAL PACKAGE
ESET | Antivirus, Internet Security Software & Virus Protection :: Download :: Thank You
http://download.eset.com/manuals/ese...tguide_enu.pdf
http://download.eset.com/manuals/ese...rguide_enu.pdf
ADDITIONAL INFO FOR PACKAGE
http://kb.eset.com/library/ESET/KB%2...icesRepair.exe
How do I remove a Poweliks or Gootkit infection? - ESET Knowledgebase
KernelMode.info
How do I remove a Poweliks or Gootkit infection? - ESET Knowledgebase

Any thoughts, my beloved security geeks? Or point me in the right direction if I've veered off the path.


My System SpecsSystem Spec
.
29 Apr 2015   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

MBar appears to work on Poweliks https://www.malwarebytes.org/antirootkit/
My System SpecsSystem Spec
29 Apr 2015   #3
UberGoober

Windows 7 Pro 64 bit
 
 
Screenshots

Thanks for responding, Jacee. I'm sure MBar would remove it, but...
"Every user & group now has special permissions with checks in grayed-out boxes. Trusted Installer as a user seems to have total control of the PC. I can't run anything UAC needs permission for, and cannot get elevated admin rights in safe mode."

Maybe this will clarify some things.

Here's Properties for the MWB anti-rootkit scanner I just downloaded from your link (is there an offline version?):

Poweliks removal without admin permissions?-1rootkitdownld.jpg
My User Name is "Household", so the underlined location is correct. Because the program hasn't been run yet (due to changed "Run as Admin" password), this info hasn't been changed.

Poweliks removal without admin permissions?-2rootkitusers.jpg
My User Name should appear in this list, right? The Object Name appears correct.

Poweliks removal without admin permissions?-3rootkit.jpg
I've noticed flashes of Notepad in Chinese or similar sometimes. Is Language Neutral correct?

Poweliks removal without admin permissions?-1mav.jpg
Here's Properties for MWB that I downloaded, at most, 2 weeks ago.
I see the date "Sunday, December 14, 2014" on a lot of Properties pages for program shortcuts and files/folders.
C:\Users\Public\Desktop should be C:\Users\Household\Desktop
The file size/on-disc size is odd.

Poweliks removal without admin permissions?-2mav.jpg
TrustedInstaller takes ownership of everything I open. It doesn't show as a User here, but appears at log-in alongside Household (me). As I said, my password no longer works.

I'm going to try this advice to see if I can get admin rights. I'll let you know what happens.


My System SpecsSystem Spec
.

Reply

 Poweliks removal without admin permissions?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
How To? Granting specific permissions to non admin accounts.
I have an account set up for my girlfriend which contains a password on the username. I would use a shared account but I do not want her to have the escalated security levels, which could potentially harm my computer. Well, I have a pain in the butt wireless adapter which on occasion only wants...
System Security
Hosts: always Access Denied or asking for Admin permissions
So I've been trying to modify my hosts file for a while now. On and off because I was fed up with searching and trying different things then always ending up failing. So that is why I am posting on this forum, asking for help from you guys. So far I have tried: Unchecking Read-Only for the...
General Discussion
Lost of Drive C Permissions and admin features
:huh:I was on the permissions for drive C, because I didn't want standard user changing setting on there and when I clicked OK windows came up with an error and then when I tried to go back on to the permission change window it said " access denied" and I Now can't Change it back, I Can't do...
General Discussion
a problem with admin permissions
I can't access my word files or word itself, i've uninstalled it and now i cant install a new version as i get messages saying i dont have sufficient permission. i'm not sure how to configure my user permissions..does anybody know how i do this??
General Discussion
No Admin permissions, appear to be logged in as Guest?
First noticed this when trying to delete a folder the other day and have yet to find an answer - tells me that I "require permission from S-1-5-21-515967899-96394560-1801674531-1003 to make changed to this folder". Since then I've also run into issues installing programs where I lack the...
System Security
PLEASE HELP! Active Dir/Admin Permissions
Where do I begin? Initially I had my computer with Win XP connected to the MC domain. I am granted rights to my pc. I was able to install software without ANY problems. This weekend, I installed Win 7 Enterprise. First I installed my own local username (lemur) for installation purposes -...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:27.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App