Jump to content
dtebbe

Malware won't let SAS install

Recommended Posts

I did a search on the forum and could not find an answer to this, so I apologize if it has been asked before.

I am working on a friends computer that is infected with serious malware. When I try to install SAS I get the message something like "The Administrator has blocked this action". Thing is that I am logged in as administrator. The computer has 2 or 3 admin accounts and they all give that same error. Other applications install fine. I'm having to install this in safe mode with networking, since the PC wont boot cleanly into regular mode.

Any ideas?

TIA

DT

Share this post


Link to post
Share on other sites

It could be a few things stopping it as software being installed in SAFE MODE often returns an error like this depending on what type of installer is used.

When you say it won't boot up cleanly what do you mean?

If you give it time to load will it eventually go into Windows desktop?

If so then just wait for it and install it there and if possible update to the latest definitions.

You may be able to boot into safe mode with DOS and run a CHKDSK C: /F then reboot and see if that helps.

If not and it just won't boot into Windows do you have access to another system with a network connection and a CD burner?

You could look at creating an Ultimate Boot CD 4 Windows and run some of the scanning tools on the CD to see if that is enough to get you into the Windows desktop.

UBCD4Win is a bootable recovery CD that contains software used for repairing, restoring, or diagnosing almost any computer problem

Share this post


Link to post
Share on other sites

If you haven't found a solution, I had the same problem yesterday. Here's what I did:

1. Boot into Safe Mode

2. Run msconfig

3. Select "Selective Startup" and uncheck everything except ""Load System Services"

4. Click OK and restart into "normal mode"

5. You should now be able to install and run SuperAntiSpyware

6. When done, run msconfig again and select "Normal Startup"

Share this post


Link to post
Share on other sites
Hi compupane

Was SAS able to remove everything for your system once you got it running?

Curious what malware gave that error.

Yes, I've used SAS on several computers that had desktop hijackers and SAS always removes them when nothing else works. In the "Scanning Control" tab under "Preferences," disable ALL the options except:

Close browsers before scanning

Scan for tracking cookies

Resolve Links/Shortcuts during scan (*.lnk)

Terminate memory threats before quarantining

This WILL cause SAS to scan much slower, but it is also more thorough.

Share this post


Link to post
Share on other sites

1) Download and run CCleaner or ATF Cleaner

2) Disable system restore if applicable

3) Copy the c:\program files\SUPERAntiSpyware folder from a clean pc (one that it's already installed on is fine) to a cd or flash memory drive. Now reboot the infected pc to safe mode w/ networking (if possible) and run SUPERAntiSpyware.exe, update it, go to preferences > scanning control and check all of the boxes, now run a complete scan.

4) I'd also highly recommend installing the Kaspersky AVPTool in safe mode as well, click under settings and set the security level to high, then run a full scan.

* You may also want to consider running Combofix and posting the log.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×