s4b3

It's almost 3 am in the morning and I've got a sh*tload of work to do but I've not been able to do it because my Photoshop won't open. I'm getting the following error when I try to open Adobe Photoshop and the other 'bigger' softwares:

"This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."

After reading a few things online, some people seemed to be recommending Sergiwa's Removal Restrictions Tool (Limited Version). I did execute the file while I was on the system administrator account and the tool DID NOT WORK for me.

Why am I having to deal with this problem? Because my PC was attacked by a virus.

The "This Computer Is Being Attacked" Virus

I don't know how and when the virus entered & started infecting my pc. Last night, I was watching a show on Tudou and then closed the top half of the laptop which automatically made it go on standby mode. So this morning I woke up, logged in to my user account and kept hearing the typical Windows program error sound. It was repeating every other second.

I noticed 2 strange processes on the Windows Task Manager at the time my computer was being attacked:

Global.exe
Keyboard.exe

So I restarted my pc and after I did, this 'screensaver-like' thing with the words "This Computer is Being Attacked" started bouncing around the screen like every 10 seconds (screenshot image attached). The image had some sort of magic wand on it. The person who made the virus obviously has a sick sense of humour.

The virus didn't disable my anti-virus, it actually did something that enabled it to bypass the virus scan(s) on both anti-malwares I was using. I had both Lavasoft's Ad-Aware (free version) & Windows Defender, NOT defending my computer. If these anti-malware softwares were actually any good, the virus would not have been able to execute itself on my pc in the first place.

After downloading & successfully installing Kaspersky (trial version), it was able to detect & remove these malware (I think they were worms & trojans).

Kaspersky wouldn't run on safe mode. Nevertheless, while it was scanning the pc & detecting the malware, the weird bouncing 'this computer is being attacked' image stopped appearing right then and there. I had my sound on mute, so when I un-muted it the program error sound had also stopped.

I was advised to get Kaspersky ages ago, but I did hear about how effective it was. Except sometimes 'effective' also means bothersome (e.g. ZoneAlarm Firewall).

Anyway, right now I'm trying to repair the damages done by the virus, namely my admin settings. On most websites right now, they're telling people with this virus to simply get rid of the virus be re-installing Windows but it's path I'm trying to avoid. I really don't want to have to re-install Windows because I don't have a Windows XP OS CD...and I don't want my Genuine Advantage privileges taken away from me (not like it did me any good though).

Will post an update if I'm able to repair the damages caused by the virus. So if there's anyone going through the same thing, they'll know how to get to the solution. If re-installing Windows is what I'll have to do I'll let you know as well.

*Re: Attachment - you might notice that I was using IE when the virus was attacking my PC. That's because Firefox is my primary browser and it did contain some saved passwords which I was trying to clear using CCleaner.

When you're PC is being attacked, remember to clear your cache & delete saved information in your browsers in case you've got a malware that's harvesting important private information e.g. saved passwords.

Attached Images

freakn_virus.JPG (86.9 KB, 10 views)

__________________

s4b3

Re: "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."

I visited 2 forums, my pc symptoms were part of what (i) this person had, and part of what (ii) this person had.

After reading about the solutions listed in the first forum (i), I decided to explore my registry files, and was finally able to restore CP access. I then enabled user access to softwares like Photoshop.

Solutions

1 - Enable User & Admin Access to CPanel:

- Start button > Run...
- Type "regedit" (without quotes), then press Enter
- In Registry Editor, find this file:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
- Click on the 'Explorer' folder which will enable you to see its contents on the right side of the window.
- Right-click on 'RestrictCpl' > 'Modify' and change the 'Value Data' to 0.

You should be able to access the Cpanel.

2 - Restore User & Admin Access to Programs / Softwares:

Note: The following is not something I read from anywhere so do it at your own risk because I did.

The following was done in Safe Mode, Admin account (on Win XP SP3):

- Find the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
- Click on 'DisallowRun'
- The folder consists of programs that have been disabled.
- Delete the files that should be enabled. i.e. if I couldn't access Photoshop then I should find photoshop.exe and delete it.

Yeah so anyway, that's what I did and now it's working.

Really glad I didn't have to reformat/reinstall Win XP!

__________________