Virus resets all computer settings, deletes all files

I'm totally at a loss here. I log into my account (admin) at the "welcome" screen and an error message pops up saying "certain security policies cannot be applied". I click ok and continue, and my Windows installation is COMPLETELY HOSED. The whole desktop looks like when the laptop came out of the box two years ago, and all my documents are deleted. My previous session had been perfect and untouched. I suspect that there is a virus since I opened a QuickTime Pro installer and got a warning against a virus.

On the HD, none of my program files are changed, it looks like the account is messed up or something.

PLEASE HELP - this is insane; I can't spend 4 hours reinstalling everything! Is this virus known? How do I remove it?

UPDATE: The errors are:
"Windows cannot load the locally stored profile. Possible causes may be a lost or corrupt local file"

2nd error: "Wndows cannot find your local file"

I've found all of my documents intact, I'm just logged onto a temporary profile created by Windows. My usual one has been infected by a virus.

 

Do you have anti-virus software? It sounds like something cleared your registry. If it is indeed a virus, the best way would be to get an anti-virus application on your machine.

 

No, in my user profiles I have the local profile called "user" and another temporary user profile, created by user. This virus will not allow me to log on to my profile so Windows is creating one for me.

 

OK I think I've managed to fix the settings by creating a new account, moving all my files to it, and deleting the old one. But I still get this task-bar icon called "AVG POP3" or something like that. It's a spinning AVG icon, and although it's doing something, Task Manager shows nothing. What the hell is this

EDIT: Audio does not work either... in the control panel applet, volume adjustment is grayed out. Maybe I missed something here?

 

Honestly

Step 1. Backup all your documents to a backup disk/drive
Step 2. Restore from your backup CD/DVD's

 

Can you reboot into safe mode?

If so, you should run up-to-date antivirus and antispyware from there.

Do you have AVG installed? AVG does integrate with Outlook, so it might just be that AVG is stuck in a loop scanning your email. Or it may have found a problem email and can't repair it.

 

The only thing that can get into your registry and destroy it is a rootkit.

Actually there are a few viruses, even spyware, that can get into your registry, but to totally screw it up like that? Rootkit.

A rootkit is a set of software tools intended to conceal running processes, files or system data from the operating system. Rootkits have their origin in relatively benign applications, but in recent years have been used increasingly by malware to help intruders maintain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Linux, Solaris and versions of Microsoft Windows. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules.

Since drive imaging software (see Disk cloning) makes the task of restoring a “clean” OS installation almost trivial, there is no good reason to try to dig a rootkit out directly. "I suppose traditional rootkits could be made to be as hard to remove as possible even when found, but I doubt this is much incentive for that, because the typical reaction of an experienced sysadmin on finding a rooted system is to save the data files, then reformat. This is so even if the rootkit is very well known and can be removed 100%." Rootkit Question

Rootkits get into your kernels. Your windows is destroyed. Reformat now or pay the price of being hacked. With a rootkit your now accesable to any hacker on the planet, as well as trojans, viruses, any type of malware.

 

"Step 1. Backup all your documents to a backup disk/drive
Step 2. Restore from your backup CD/DVD's"

I did, the only thing I lost was this huge presentation; that's what I'm worried about.

And this rootkit problem, I'm not willing to reformat. There must be a solution besides spending over 4 hours doing the following:
- reformatting to a 3yo version of XP Home loaded with worthless software, compliments of Toshiba (est. 45 minutes)
- spending about 1/2 an hour removing said software
- spending another hour getting updates (about 160 by now)
- spend yet another hour upgrading to Pro
- spend another hour restoring my settings and files.

I want to repair the OS and hopefully (it's pretty bleak now) recover my presentation, the only file not backed up on the laptop.

 

Could a system restore work? Go back to a day before this happened?

 

A Google for "rootkit remover" should be helpful.

If you actually have a rootkit and someone has developer a remover for it, it should help.

However, rootkits are very, very nasty. A reformat is really recommended for them. You can end up spending as much time trying to remove one as the steps you outlined.

A good starting place is http://www.malwareremoval.com/. It's a forum based help site and is very well thought of. However, since it's forum based you can't expect to have your system up and running in a couple of hours.

 

Your installation of windows is screwed. At the very least, do a reinstall of windows. God.

 

I highly doubt its a virus.

One of my superiors at work had a very similar problem in the spring. Simply one of the files associated with his user account had become corrupted and the repair involved creating a new user profile, transferring the files to the appropriate locations (without touching the files which were potentially corrupt), and deleting the old one.

 

This is interesting:

http://www.adobe.com/support/techdocs/328519.html

You are logged in as a user who lacks permission to access the PageMaker or Adobe registry key.

Your permisions may have been stolen. Once again, take people's advice who don't understand, you're headed for trouble.

http://support.microsoft.com/kb/812339

Windows cannot load the locally stored profile: Insufficient security rights or a corrupted local file.

You're logging on as admin, yet you don't have security rights?

You could follow the guy aboves advice, and you can get hacked in a few weeks.

Forum with similiar problem, they made the same guess as the guy above, until boom, everything on their pc was gone!

http://www.sysopt.com/forum/showthread.php?t=191189&page=1&pp=15

The fact is, this isn't just a corrupt issue. This isn't just one issue. Your security is gone, it won't load anything. It's obviously something big. Reformat, and save your files, or you will be hacked and lose everything.

Look above, the links I pointed to say that your error is due to no security rights.

If this was corrupted, it would not be popping up saying you had no security.

What exactly takes security anyway?

rootkit's only purpose is to hide files, network connections, memory addresses, or registry entries from other programs. However, a rootkit may be incorporated with other files which have other purposes. It is important to note that the utilities bundled with the rootkit may be malicious in intent, but a rootkit is essentially a technology; it may be used for both productive and destructive purposes.

A rootkit is often used to hide utilities. These are often used to abuse a compromised system, include so-called "backdoors" to help the attacker subsequently access the system more easily. For example, the rootkit may hide an application that spawns a shell when the attacker connects to a particular network port on the system. Kernel rootkits may include similar functionality. A backdoor may also allow processes started by a non-privileged user to execute functions normally reserved for the superuser. All sorts of other tools useful for abuse can be hidden using rootkits. This includes tools for further attacks against computer systems which the compromised system communicates with, such as sniffers and keyloggers. A possible abuse is to use a compromised computer as a staging ground for further abuse (see zombie computer). This is often done to make the abuse appear to originate from the compromised system or network instead of the attacker. Tools for this can include denial-of-service attack tools, tools to relay chat sessions, and e-mail spam attacks. A major use for rootkits is allowing the programmer of the rootkit to see and access user names and log-in information for sites that require them. The programmer of the rootkit can store unique sets of log-in information from many different computers. This makes the rootkits extremely hazardous, as it allows trojans to access this personal information while the rootkit covers it up.

Rootkits are not always used to attack and gain control of a computer. Some software may use rootkits to hide from 3rd party scanners to prevent detection or tampering. Some emulation software and secure software is known to be using rootkits.[1] Alcohol 120% and DAEMON Tools are commercial examples of the use of non-hostile rootkits.

Rootkit is a term now loosely applied to cloaking techniques. [2]

I looked up 'signs of a corrupted windows user account' and came across this. Dragon, your superior may have more problems then they think...

http://support.microsoft.com/kb/318027

SYMPTOMS
When you start Windows XP, you may experience one or more of the following behaviors:
• When you log on normally, the taskbar does not appear.
• If you press CTRL+ESC, the Start menu does not appear.
• If you log on to Windows in Safe mode, the taskbar does appear.

CAUSE
This behavior can occur if the Windows settings for a particular user account are corrupted.

The thing is, the whole thing seems odd. To be quite honest, even though it sounds more like a rootkit then anything, I dunno if it is. And it doesn't sound like a corrutped windows install either.

I mean, one minute it's okay, the next, boom...

Okay, lemme ask you a few questions:

1. Do you use spyware killers?
2. Do you use virus blockers?
3. Do you have a firewall?

The thing is, their are viruses, even rootkits that, when you reboot, basically wreaks havok on your machine. I'm wondering if what he originally said isn't true.

 

Every problem can be fixed. I experiment a lot and I've hosed Windows and Linux many times. I've learned from my mistakes and I'm a self-learned (I like to say experienced, it sounds more impressive ) troubleshooter. OK here's what I did (according to basic instructions from Microsoft's KB);

- from the corrupted_user account I:
- created new user w/ administrative rights (call it new_user)
- log out of corrupted_user and logged into new_user
- went to "folder options", selected "show hidden files/folders" and unchecked "hide OS protected files"
- transfered all files in corrupted_user folder EXCEPT for the following files to new_user folder:
ntuser.txt
ntuser.dat
third ntuser file

- deleted corrupt_user through User Accounts applet in CP, then went in through C:\Documents & Settings\... and deleted corrupted_user folder manually
DONE

This fixed all the reseting of personal settings and deleting of all files every time I ended my session, and gave me control of my programs and everything. These symptoms, which made my laptop look like it had been reformatted every time I logged on (Windows was actually logging me in with a temporary profile), disappeared after I did the above.

However, something else began happening with AVG. The virus, no longer a big problem, was still annoying and, I thought, a potential hazard, so I found which .exe was hosting the "AVG auto POP3 scanner" which seemed to be emailing data to two server IPs. The hosting process was actually the E-mail scanning component of AVG, so I told my firewall to deny it access to the internet every time it asked, I disabled the E-mail Scanner feature via the AVG Control Center, and reinstalled AVG on my laptop.

Everything runs beautifully now. The problem appears to be fixed. I've done some virus and spyware scans and found nothing, but I'm going to scan the registry too. Thanks for the help.

EDIT for Zellio; I have AVG and Comodo Firewall as security measures; and no, my computer showed none of those symptoms. Rootkits sound like hell, but this isn't a rootkit. I can set security policies and everything. I think I've heard of this virus (autoPOP3) before, it's just an annoying spyware

 

Something is still not right. Esp. for your virus program to be doing that.

Try rootkitrevealer. Also try norton free online scan. And download hijackthis.

Laugh in the face of security, and one day the only thing laughing will be a hacker... in your face.

I thought the same as you once, the problem is your never fully secure unless the problem is taken care of.

Also try downloading a free 30 day trial of NOD32.

Also, download A-Squared. If you have a trojan, or minor rootkit, it'll destroy it.

Post what happens.

I checked it out. It's normal for AVG to do that.

"342: Problem with e-mail sending on the e-mail server - the Personal e-mail scanner is installed

Personal E-mail scanner is a plugin designed to scan outgoing and incoming messages on workstations. It is really not recommended to install this plugin on the e-mail server platform of any kind due to huge number of all processed messages. In the case of the "default" AVG installation on the server platform this plugin had been installed automatically. Please, note that after the program update 7.0.280 (and further versions installation) there may arise some
problems caused by the new e-mail scanner function - an "Automatic E-mail Scanner" - this function adds two new "virtual servers" for the auto-mail scanning. On an e-mail server (MS Exchange, Lotus Domino etc.) this could be a reason of very slow message-operations processing. We recommend to uninstall the "Personal E-mail Scanner" from the server using the last"

I'm perplexed and worried though. The thing your not understanding is, your security is not tied to your user name. It's for each user name. For it to not work, something else is wrong. If you're user account goes corrupt, personal settings get destroyed, NOT SECURITY.

Your user account is something you create, by editing your personal settings. Security is something that comes preloaded on Windows.

If you don't do something, you will regret it.