Subscribe to our RSS Feeds

Steps to Fix Access Denied to gpedit.msc

0 Comments »
My PC was working all fine until I figured out that Group Policy gpedit.msc was not opening on my system. I wanted to open the Group Policy editor for some work and I was shocked to find that not only the gpedit.msc, even the other commands with msc extensions, were not working like services.msc, devmgmt.msc, compmgmt.msc etc.

Then I tried opening the editor by double clicking the gpedit.msc inside the system32 folder and I got the same error “Access is Denied”. What was strange was that I was accessing the editor from my Administrator account only.

Solution 1
Install Microsoft Management Console 3.0 for Windows XP again
Download MMC

Solution 2
After all the efforts to find out the solution, we have been able to find the solution to this problem (Thanks to our alert reader Dickens). I am describing the solution given by him and is working all fine (i have tested myself on my PC)
Open Registry Editor (regedit.exe).
Now traverse to HKEY_CLASSES_ROOT\.msc and delete the registry entry on the right side.
After deleting it when you again type gpedit.msc in Run box, it will open an “Open with” dialog.
Now select the second option and browse to get a new option; browse to C:\Windows\system32\mmc.exe
A new option “Microsoft Management Console” will appear in the window.

Select this option and remember to check the box below to always run the command without doing this again and again.
That’s it, all .msc extensions will now open.

Steps to Remove W32.SillyFDC Virus

0 Comments »
W32.SillyFDC is yet another virus that is not as dangerous as others but still needed to be removed from the system. It is a worm that spreads by copying itself to removable media and may download other malicious applications.

W32.SillyFDC is a worm installed by dangerous Trojan horses and is capable of corrupting files on the computer. The worm may also steal confidential information, damage Windows system files and computer hardware.

Possible Symptoms when infected with W32.SillyFDC:

• Browsers may redirect to strange web pages when browsing.
• Can cause blue screen errors.
• Slow startup and shutdown of computer.

Note: Create a System restore point to undo any changes that may not be liked by you.

Following are the solutions to remove the W32.SillyFDC worm.

Solution 1:
The better solution is to scan your computer with a good updated Anti Virus as this worm can be easily deleted by many of them. Scan your PC with online scanner that will remove the infection.

Solution 2:
1. Disable system restore (My Computer –> Properties –> System Restore –> Turn off system restore on all drives –> Apply).
2. Restart the computer in safe mode.
3. Download and install HijackThis.
4. Run HijackThis and go to Misc Tools –> process manager. Note the paths and kill the following processes (if any):

• CALC
• calc
• mscalc.exe
• startupfolder
• config_
• startupfolder.com
• config_.com

5. Now go to Misc Tools –> Delete a file on reboot. Provide the same paths as noted above.
6. Run HijackThis for a system scan and delete all the entries with above names.
7. Download Smart Virus Remover and select the option of Delete Autorun.inf files.
8. Reboot the PC and also enable the System Restore.
9. Navigate to the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\”load”

And delete any values associated with the worm in the right pane.

Remove Sysdate.exe Virus

0 Comments »
Recently my computer was infected with this virus called Sysdate.exe that was inside the Recycler folder in the C: drive. I knew that it was a virus since my PC didn’t have the Recycler folder earlier. Thus the location of the virus was C:\RECYCLER\S-1-5-21-8324555943-4443154761-431384085-6428\sysdate.exe

Symptoms of this virus:

• In the Recycler folder there was another folder but in the looks of the Recycle Bin whose name was something like S-1-5-21-8324555943-4443154761-431384085-6428 and on double clicking it, I came across all the files which were there in the Recycle Bin.

• There was an entry in the Registry Editor named Taskman that came back again and again on deleting.

• There were no changes in the startup and task manager in my system but if there is any in yours then remove the process from startup and kill from task manager.

Note: Go to Folder Options -> View tab -> Check the option of Show hidden files and folders and uncheck the option of Hide Protected operating System Files.

Here are the steps how I removed the virus and fixed my problem.

1. First of all to see all the contents in the Recycler folder we need to change the attributes of the folder.

2. Open command prompt (by typing cmd in the Run box) and type

attrib C:\Recycler –r –h –s press enter.

Then again type attrib C:\Recycler\ S-1-5-21-8324555943-4443154761-431384085-6428 –r –h –s and press enter.

3. The shape and look of the folder will change from that of Recycle Bin to a normal Folder which will now show all the contents inside it.

4. There were two files inside the S-1-5-21-8324555943-4443154761-431384085-6428 folder, Sysdate.exe and Autorun.inf, both of which were undeletable.

5. Now to delete Recycler, S-1-5-21-8324555943-4443154761-431384085-6428, Autorun.inf and Sysdate.exe files, first kill the explorer.exe process from the task manager.

6. Your Explorer will shut down but Task Manager would be still running. Now go to File -> New Task. Click on Browse

7. Go to the Recycler folder in this browse function and Shift Delete the Sysdate.exe and Autorun.inf files there, they will get easily deleted and will come back.

8. Then delete the Recycler folder as well.

9. After you have done with removing the Viruses, type explorer.exe in the new task section which will bring the explorer running again.

10. Type regedit in the Run box to open Registry Editor, navigate to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and delete the Taskman key in the right pane.

Refresh to see if it comes again. If it does not come again, your virus will have been removed.

11. If your computer has more than one user then navigate to HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and edit the Shell key on right side. Edit it to remove the C:\Recycler\ S-1-5-21-8324555943-4443154761-431384085-6428 value.

The value should be only Explorer.exe

Restart the computer to see the virus removed.

Steps to Remove DriveGuard.exe or FlashGuard.exe Virus

0 Comments »
What DriveGuard.exe does?

• Adds itself to startup and the task manager.
• Adds a registry key for making changes in the registry editor.
• Adds Autorun.inf file in the pen drive
• Adds some malicious temporary files in the system.

Solution:

1. Boot the computer in the Safe Mode.

2. Open the task manager and kill the processes with names DriveGuard.exe/FlashGuard.exe/DriveMonitor.exe

3. Open My Computer and search for the same virus names but don’t forget to check all the boxes in the ‘More Advanced Options’ of search. Delete all the files.

4. Now search for .tmp.exe and delete DriveGuard.tmp.exe and gHmpg.tmp.exe files, if any.

5. Open the msconfig, now go to startup processes and uncheck the FlashGuard process to remove it from the startup list.

6. Open Regedit and navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\FlashGuard.

7. Click on FlashGuard and delete the key.