Solved Loss of Win7 file/folder permissions after AVG Nation toolbar infection

Status
Not open for further replies.

Pete21

New Member
Thread author
Feb 12, 2014
7
About a week ago my PC got infected with the AVG Nation toolbar.

Initially using the guidance previously posted on MalwareTips to deal with this and then later with great help from MalwareTips Staff Member TwinHeadedEagle we managed to get rid of the toolbar. After running numerous tools - Malwarebytes, Farbar, aswMBR, HitmanPro, MSE, AdwCleaner - TwinHeadedEagle
declared that my PC was free of Malware.

Great but some odd Windows behaviour remains and TwinHeadedEagle said I should ask here for help.
Basically my log on account ("Pete", it's an admin account and there's only one account) seems to have lost permissions or access to various system folders. For example:
Desktop theme and wallpaper can be set but are not remembered between reboots.
Lots of desktop shortcuts have disappeared. I can find them in the expected folder (C:\Users\Pete\Desktop) but this clearly isn't read when Windows starts.
All Favorites have gone from IE (it's IE10). They are all in the expected folder (C:\Users\Pete\Favorites) but in IE there's nothing.
If I create a new favorite in IE it gets stored to C:\Windows\SysWOW64\config\systemprofile\Favorites.
In IE all the sites I had blocked from storing cookies have gone (tools, internet options, privacy, sites, managed websites).
When MalwareBytes completes it tries to create its text log file but it says "the specified path cannot be found" and Notepad opens with a blank page.
If I try to associate a file extension with a particular application (say .txt with Notepad++) I can browse to and select the relevant exe but the option to "always use the selected program" is greyed out and it remains associated with the default MS-Notepad.
Help in MS-Word, Excel & PowerPoint all say "There is a problem with one or more installed help files. Please repair your Office installation".

I guess there are other things although as far as I can tell all my files and folders appear to be present.
Yesterday after TwinHeadedEagle said there's no Malware I created a new admin account (Pete2).
Rebooted and logged on to this and hey presto this account behaves normally. I can do all the things that I couldn't do with my original account (Pete).
The Favorites are still empty of course but they get saved to C:\Users\Pete2\Favorites.
Desktop theme is remembered between reboots. MS-Office help is back, I can associate file extensions etc.
So all indications are that AVG Nation has gone and there's no Malware but there's this loss of file or folder permissions or access on my original account. Can I/we confirm this and/or fix it?
I could just continue to use my new account, Pete2, and gradually copy settings from Pete to Pete2, but this could be tedious. Maybe there's just a simple setting somewhere that will re-enable "Pete".
For info:
Windows 7 Professional, 64bit, SP1, 16Gb RAM. Intel Core i5, 3.4GHz
Thanks
Pete
 

jim lin

Level 8
Aug 6, 2012
505
have you tryed SFC /SCANNOW Command - System File Checker
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

also have a look at some of the programs at Tweaking.com and see if thay will help

Tweaking.com - Windows Repair (All In One) can do the following:

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
and more...

http://www.tweaking.com/content/page/windows_repair_all_in_one.html


:)

James
 
Upvote 0

Pete21

New Member
Thread author
Feb 12, 2014
7
James,
Thanks for the prompt reply
SFC /scannow ran ok: Got "Windows Resource Protection did not find any integrity violations."

Tried the Windows Repair tool from tweeking.com - this made things worse! I went through all its steps and took the default repair options. It didn't obviously report any errors. Rebooted at the end as requested. The original corrupt account (Pete) is still the same - loss of permissions but now in the new Pete2 account I was unable to log on to MalwareTips. Each time I clicked in the user name box IE would stop responding and terminate itself. Ran sfc /scannow again, no problems detected. Rebooted, IE still failing. Fortunately as part of Windows Repair I created a System Restore point. So restored system and IE is OK and can log on to MalwareTips.

So permissions still lost in original Pete account.

Thanks
Pete
 
Upvote 0

jim lin

Level 8
Aug 6, 2012
505
i'm sorry that Tweaking.com - Windows Repair did not work

not sure i can help much but i'll give it a try :)

for IE 10 you can copy or export your bookmarks from the favorites folder so you have a copy to save or use in
your other account

How to Import and Export Favorites in Internet Explorer
http://www.sevenforums.com/tutorials/86795-internet-explorer-import-export-favorites.html

not sure what to do about the sites you blocked from storing cookies in IE 10 unless you can see them in your other
account if you can you can try and copy them from there

i use Ccleaner and just delete the cookies after i close my web browser everytime or you could set up IE 10 to just
block cookies in the same place "(tools, internet options, privacy, sites, managed websites)" cookies are not that
bad but it's up to you

then you can try to reset IE 10 back to defaults just make sure you saved your bookmarks first and then see if it
starts working ok then

How to Reset Internet Explorer to Default
http://www.sevenforums.com/tutorials/1222-internet-explorer-reset.html

about the "associate a file extension" have a look here

How to Set Default Associations for a Program in Windows 7
http://www.sevenforums.com/tutorials/2630-default-programs-set-program-s-default-associations.html

Repair Office programs

Has your Office installation got corrupted? Are your Office programs not working properly?
Before you try uninstalling and reinstalling, try repairing your Office installation.

Windows 7

Click Start > Control Panel > Programs > Programs and Features.
Click the Office program you want to repair, and then click Change.
Do one of the following:
In Office 2010, click Repair > Continue.
In Office 2013, click either Quick Repair or Online Repair.

You might need to restart your computer after the repair is complete.
http://office.microsoft.com/en-us/outlook-help/repair-office-programs-HA010357402.aspx

the best i could find about the desktop and wallpaper is this

Cannot change desktop background in Windows 7 | 8
http://www.thewindowsclub.com/cannot-change-desktop-background-windows

i hope some of this helps

:)

James
 
Upvote 0

Pete21

New Member
Thread author
Feb 12, 2014
7
James,
Thanks for the advice.. I have tried a few most of the things you suggest. Nothing has any effect on the corrupted Pete account. As far as I can tell everything works perfectly normally in the new Pete2 account.

So I plan just to keep using Pete2 and then stop using/logging on to the original Pete. Copying favorites and desktop shortcuts from Pete is easy enough as is setting my favourite wallpaper and setting file associations. For the moment I won't delete the Pete account from Control Panel - I guess there's not much overhead in retaining this corrupt account.

That being said I am, of course, left with a slightly uneasy feeling there's something still lurking in my system - is the corruption in the Pete account entirely limited to that account or might some of it have a wider scope and start affecting Pete2? Well, no sign of that so far.

So thank you very much for your help. For a web site/organisation that I only discovered less than a week ago I have been very impressed with the quality and speed of responses.
Cheers
Pete
 
Upvote 0
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top