Hi. I think I have a virus on my computer. I'm trying to fix my computer, and someone told me to use Spybot. I installed it successfully (I think), but when I tried to run it, it immediately closed. When I tried to run it again, an error message popped up saying I did not have sufficient rights to run the program. I get the same error when running in safe mode. Help!

The exact error looks like:
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

The only option is to hit OK.

Please note that I am logged in under the Administrator account in safe mode.

What Operating System are you running?

Hello,

Please try to rename the SpybotSD.exe into explorer.exe and try to run it.

* Using Windows Explorer navigate to:
o C:\Program Files\Spybot - Search & Destroy
* In the Tools menu select Folder Options…
* In the Folder Options dialog select the View tab.
* Uncheck the following option:
o Hide protected operating system file (Recommended)
* Click the Apply button.
* Click the OK button.
* The SpybotSD.exe should be visible now.
* Rightclick the file and choose rename.
* Give it a different name like explorer.exe and try again to run it.

If this does not help this problem you experience may be caused by an infection. Just to make sure you are not infected with a rootkit, please run a scan for rootkits. Rootkits are a technology that is more and more often used by malware to hide themselves on system level, making themselves invisible to standard tools. Our RootAlyzer shows you anything that uses certain rootkit technologies, even if it's not in Spybot-S&Ds detection database.

The RootAlyzer is a single tool which goes through the file system, the registry and process related lists. When you start RootAlyzer, it performs a very quick scan of a few important places, taking about a second on modern machines. To check the full system, you have the possibility of choosing a Deep Scan.

Currently, the RootAlyzer is a work in progress (with a new project tools category in our forum to track bugs and feature requests), but it's already helping to easily locate most of the current malware rootkits. It is compatible with Windows NT/2000/XP/2k3 and Vista. If you like to check out the new RootAlyzer you will find it in our forum: http://forums.spybot.info/showthread.php?t=24185

Here is also the direct download link (http://www.spybotupdates.biz/files/rootalyz-0.3.4.47.zip).

Please set your computer to show all files.

* Double-click My Computer.

* Click the Tools menu, and then click Folder Options.

* Click the View tab.

* Clear "Hide file extensions for known file types."

* Under the "Hidden files" folder, select "Show hidden files and folders."

* Clear "Hide protected operating system files."

* Click Apply, and then click OK.

Please select the tab 'deep scan' and let it fully scan your Pc. The scan will take a moment, please be patient. After the scan is done please click on 'pack suspicious files' which is located right at the bottom. This will create a .cab file on your desktop which contains the log and the suspicious files the scan has found. Please attach this .cab file to your next mail to: detections(at)spybot.info .

Please also download gmer: www.gmer.net and let it do a full scan on your Pc. Subsequent you will be allowed to save the log created during the scan. Please also send us this log.

Thanks! ;)

Best regards
Sandra
Team Spybot

What Operating System are you running?

Windows XP Media Center Edition 2005

Tried to rename SpybotSD.exe to explorer.exe as requested. Error reads:

Error Renaming File or Folder
Cannot rename SpybotSD: Access is denied.
Make sure the disk is not full or write-protected
and that the file is not currently in use.

I have sent the RootAlyzer .cab file and the GMER log to detections@spybot.info as requested.

Hi. I think I have a virus on my computer. I'm trying to fix my computer, and someone told me to use Spybot. I installed it successfully (I think), but when I tried to run it, it immediately closed. When I tried to run it again, an error message popped up saying I did not have sufficient rights to run the program. I get the same error when running in safe mode. Help!

The exact error looks like:
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

The only option is to hit OK.

Please note that I am logged in under the Administrator account in safe mode.

I am working on one with the same issue.

None of the malware removal apps will run more than once. Install them, launch them, they start to run and the abruptly exit, never to run again.

Autoruns, HijackThis, MBAM, etc. All exhibit the same issue. It's some type of startup service/driver that is causing it. I can't run anything on it to figure out what it is (yet).

Well, another day is gone and I'm still fighting with this thing.

A friend of mine directed me to the program Combofix, but it doesn't work. I had him look at my computer and he found a directory on the C drive labeled "32788R22FWJFW". The directory is filled with .reg, .exe, and .bat files, and my friend said it was a virus. I deleted it, but when I tried to run Combofix "32788R22FWJFW" came back, and Combofix would never run. A blue progress bar came up, but the program never started. I know I'm not supposed to run programs like this unless asked to by a moderator...sorry. I'm just trying to be proactive...besides, it didn't work anyway.

My friend also suggested Hijackthis, and Malwarebytes, but they cause the same issue as Spybot: they open once, start to scan, close, and will never reopen.

Digging around on my own, I found a command to restore default security settings:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

Running this command allowed me to run Spybot, but again only once before it would no longer open.

I'm hoping someone will come up with a fix for this!

Hello,

Users with infected personal computers please see this FAQ: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

If the infection prevents HJT from running, please start a topic anyway and make note of the situation.
Best regards.

Hello,

Users with infected personal computers please see this FAQ: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Best regards.

I believe I've tried everything in the FAQ. I'm sorry, but is there something else I'm supposed to be doing?

Hello JHebert,


I believe I've tried everything in the FAQ. I'm sorry, but is there something else I'm supposed to be doing?


Hello,

Users with infected personal computers please see this FAQ: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)


If the infection prevents HJT from running, please start a topic anyway and make note of the situation.

The link I provided gives instructions on how to start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) so that members can be helped by volunteer analysts. It does not give instructions in the cleaning of an infected computer. ;)

Best regards.

I am looking at a persoanl computer for my neighbor and I encountered the very same situation as described in this thread. I went as far as renaming the "spybotSD.exe" to "explorer.exe" and spybot started but disappeared a few seconds after launching. Now, I get the "Access denied" when I try to rename or delete the "explorer.exe" file.

Any help would be greatly appreciated.

Hello,

Please have a look at the post above from Tashi.
Thanks. :)

Best regards
Sandra
Team Spybot

Hello,

Please have a look at the post above from Tashi.
Thanks. :)

Best regards
Sandra
Team Spybot

Thank you, I will look that page over but as I'm just doing this as a favor for a neighbor friend, and they only use their computer email and surfing, they already told me that they have little to loose on it. They have previously backed up their pictures and don't have much else on it.

I used one utility I found here in your forums and figured out that administrator rights have been turned off for a number of actions and these folks were smart enough to save their restore disks. So I just wiped the disk, repartitioned, reformattedto FAT32 and then converted to NTFS. I'm hoping that I got it all and there is nothing hidden in the boot sector or anywhere else. The reinstall is going nicely.

I tried to rename Spybot.exe to explorer.exe too, but only got as far as Uncheck - Hide protected operating system file (recommended). Microsoft stopped me with a sign stating "These files are required to start and run Windows. Deleting or editing them can make the computer inoperable.

I got Spybot working and ran a scan which went Ok, but today I had a look at Tools and found nd Spybot Configuration has blacklisted 21,005 files. When I ran yhe scan it looked like it had scanned about 7,000 files. How can I fix this?

----------------------------------------
Mod Edit
Other topic, http://forums.spybot.info/showthread.php?t=52775

Hello,

Please run Spybot - Search & Destroy and switch to "Advanced mode" via the menu bar item "Mode" and select "Settings" --> "File Sets" in the left bar. There, please right-click somewhere into the list and choose "select all available checks".

Best regards
Sandra
Team Spybot