sid appeared in acl is this correct?

  eric_bloodaxe 23:06 17 Jun 2009
Locked

This follows from a virus problem i had and have now cured. I kept finding an entry in cetain folder ACLs with a ? mark icon and a name that may well be my SID. it was very like the name of a subfolder in the RECYCLERS folder where the virus had been hiding. So I assumed these entries had to do with the virus and worked hard to delete them from many folders. Now I find that the O/S is resetting to first boot settings and seems unable to load anything but the default user profile. It also uninstalls Office and skype at each log off. As well as losing all IE & explorer settings each time. Should that entry actually be in the ACL of certain folders or not and is its removal from my user profile folders the reason for the problem? if so can it be reinstalled? I have done recreating User.dat and even copied in a new copy of userenv.dll to no avail. SFC /scannow seemed happy with the sys files but clearly something is wrong.

  phono 23:26 17 Jun 2009

Download MalwareBytes anti malware from click here click the blue, Download free trial version, button, install, update and run a quick scan, if it picks anything up let it deal with what it finds, reboot if requested and then run a full scan.

Report back with any findings.

  phono 21:02 18 Jun 2009

Have a look at click here check the third posting down from DaRkF0g.

  birdface 22:13 18 Jun 2009

If it was CID it would probably be a Virus.

  eric_bloodaxe 22:27 23 Jun 2009

I've run Malwarebytes and got a clean bill of health, but the puter is still doing the same thing as before. I have indeed run every conceivable scan up to the Kaspersky recovery disc. none of them shows a problem but i do have one. what I have noted is a folder C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356.
research seems to suggest this could have some sort of malicious files in it and it does have a copy of userenv.dll which is 3KB bigger than the copy i got from another puter. What is this folder and is the discrepancy significant? Should i delete this copy of the file or use it to replace the smaller one which is in the "proper" place.

  phono 23:03 23 Jun 2009

If you are wary of the version of userenv.dll which you have installed you could upload it to click here and/or click here for analysis.

You should also try running the command sfc /scannow from a command prompt, pay attention to the spelling and the space between sfc and /scannow. You may also be prompted to insert your installation CD during the scan so have it to hand.

  eric_bloodaxe 19:04 24 Jun 2009

ok ran both versions of the file past one of ur links and received a clean bill of health. I have, as I said initially, run sfc /scannow and it seemed happy all is in order, but I still have a puter that is doing what I initially stated. Why should both office and skype be uninstalled at every logoff? not all programs just those two. and why lose IE &explorer settings. I can't find, tho' there may be one, anywhere these things all exist in the same folder I have tried going thru' the startup folders and so on in the user profile folders.

  phono 21:31 24 Jun 2009

"Why should both office and skype be uninstalled at every logoff?"

Do you mean that when you log off your PC the uninstall routine for Office and Skype actually runs or do you have to reinstall at the next start?
Or does the installation for each program actually run at the next startup?

I would suggest running the Windows Install Cleanup Utility for Office and Skype and then reinstalling both to see if that cures the problem with them. Description, details of use and download link at click here

  eric_bloodaxe 21:14 25 Jun 2009

It is early days at present but, the machine seems 2 b holding on to settings from yesterday!!!!! I discovered that among many other possible ideas someone posted somewhere that it could b the result of the user not having full control permissions to their own user profile folders. after the virus was gone I kept finding a non existent user in the acls of my user folders and some others on the infected D: drive. Deleting these was complicated and involved doing some pretty weird things to inherited permissions. This i finally realized had left me without Full Control of the Documents and Settings Folder and sub folders. I have access as me as member of the admins group but not just as me as a user. So I gave myself the Full Control permission to all folders and things seem 2 b sorting themselves out.I can only guess that if u don't have FC when the os is loading it is denying you access to your own user profile by not loading the file contents.

  phono 21:56 25 Jun 2009

When you are happy that your system is behaving properly I would suggest that you do a full virus and malware scan and when you are satisfied it is clean create a restore point.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

Alice Saey's mesmerising animation for Dutch singer Mark Lotterman

iPad Pro 10.5in (2017) review

Comment booster votre iPhone ?