Some dang website sent a trojan into IE5.5 that changed the Sys Admin in some way so that I can no longe get into the TOOLS > INTERNET OPTIONS menu and change anything. I get the message ".. restrictions on this computer, contact Sys Admin" I also get this message when I try to change my folder options. Anyone know how to reset my Sys admin so I do have these priviledges?
all suggestion most welcome at this point!

Check both of the responses in this thread and follow the instructions. Post back, if you have any further questions and let us know how it goes.

<a target="_blank" href=http://www.winguides.com/forums/showthreaded.php?Cat=&Board=brdIE&Number=60955&page=0&view=&sb=>http://www.winguides.com/forums/showthreaded.php?Cat=&Board=brdIE&Number=60955&page=0&view=&sb=</a>

Mocha,

thx for that. I did alot of reading, d/l ran the cool app, d/l some more etc etc
I have my browser back but I have not got admin privs back so i cant change folder settings or IE settings still :(
Any ideas how to reset the admin privs or get the password so I can go to some control panel and change stuff .... something ??

Homepage hijacking doesn't restrict access to the Control Panel, folder options, etc.

It appears you're talking about a whole different thing. You'll need to take it up with the Administrator...

".. restrictions on this computer, contact Sys Admin".

I am the administrator! Theres just me on my machine.
So now what do I do?

If that's true, I wouldn't think it would be this long before you responded again.

Hijackings or Trojans don't go to the extreme of taking away your Admin priviledges! There is a lot of info. and instructions at that site I linked you to.

Other than that, try MS Knowledge Base, and see if you can find an answer.

Sorry!

But this is no homepage hijacking; it sounds like a simple restriction.

Open your registry, and do a keyword search for NoBrowserOptions

If you find it, delete it in the right hand pane. Now do the same with NoFolderOptions.

You may need to reboot.

Good luck, Tony

I realized that later, and I should have responded differently. I hadn't read the post well enough before my first response, either!

My apologies to the poster for my assumption and response.

Tony, why would a website restrict access to the Control Panel? I know, I should leave these posts to someone more knowledgeable...sorry. My bad.

Obviously, if you have access to the registry, you should be able to undo the restrictions.

Carol

Well, these things happen all the time, just like homepage hijackings, malicious scripts being run, and mostly it's because of lax security settings.

I've got a little list that may be of interest:

Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

- Set ALL ActiveX options that are at present set to 'allow', to 'prompt'.
- In the 'Scripting' section, set "Allow paste operations via script" to Disable or Prompt

You might also want to disable or uninstall the Windows Scripting Host, or, if you don't want to do that, install an application like <a target="_blank" href=http://www.jasons-toolbox.com/scriptsentry.asp>Jason Levine's Script Sentry</a>

I would also advise you to install , or <a target="_blank" href=http://www.mlin.net/StartupMonitor.shtml>Mike Lin's Startup Monitor (http://www.diamondcs.com.au/web/htm/regprot.htm>Registry).

If you tighten Security sufficiently, I don't think you need Start Page Guard on top of that.

Here's some reading:

<a target="_blank" href=http://www.antivirus.com/vinfo/safe_computing/>Safe Computing Guide</a>

<a target="_blank" href=http://service2.symantec.com/SARC/sarc.nsf/html/win.script.hosting.html>How to disable or remove the Windows Scripting Host</a>

<a target="_blank" href=http://www.wilders.org/securing_your_pc.htm>Securing your PC</a>

And here's a good test site: <a target="_blank" href=http://www.jasons-toolbox.com/BrowserSecurity/>http://www.jasons-toolbox.com/BrowserSecurity/</a>

Hayabusa,

My sincere apologies for assuming that you weren't being truthful and for my response to you.

I had no idea that malicious scripts could cause problems like that. I had never heard that!

Carol

Tony,

I had no idea malicious scripts could put restrictions on your PC. I've had Norton's "Noscript" app for quite a long time. It's sure hard to convince people what a good simple protection it is to disable WSH.

If they'd realize that no scripts can run in emails, so it's impossible to get a virus, simply by opening an email.

Isn't it better to have an app too, rather than just removing it and thinking you're alright? It gets reinstalled when you run an I.E. repair or reinstall, right?

Carol

Malicious scripts can do anything at all.

Installing NoScript is a good move. You might also want to adapt your ActiveX settings like I described.

Repairing or upgrading Internet Explorer won't reinstall the scripting host, incidentally.

How to disable it is very well described in two of the articles I posted.

I forgot to mention, that I've got my Internet Zone Security settings pretty high. I'll have to recheck, but I'm sure I have anything to do with Active X set to prompt or disable.

I'm a bit lax in the Trusted sites list, though. Plus, with I.E. Spyad installed, everything in Restricted is disabled. Before I added that, I hadn't even looked to see what the settings were there!

You know what though, I'd removed removed WSH before, and it showed up there again. hmmm....

Carol

Sometimes it does happen.

Deleting VBScript Script File in File Types ought to work.

Or associate *.vbs with Notepad. That will render it harmless as well.
If you're totally paranoid, you could also rename the following files to *.bak:

mshta.exe, scrrun.dll, shscrap.dll, and wshom.dll

Which is what I've done! /images/forums/icons/laugh.gif

The first two will have to be renamed back when updating IE, or Windows will refuse to, complaining that the two files are missing.

Open your registry, and do a keyword search for NoBrowserOptions

If you find it, delete it in the right hand pane.

Now do the same with NoFolderOptions.

Thx Tony,
The NoBrowserOptions did it!

Mocha,
No problem thx for your help.

Excellent! :)

Hayabusa,

Thank you for being so forgiving! That one sure threw me off, and I certainly have learned something from this. Btw, be sure to keep your security settings a bit higher!

I'm glad you got it taken care of. /images/forums/icons/smile.gif

Take care,
Carol

Tony,

Thank you for all the extra info and instructions. It's good to have such a great teacher like you around! You always go that extra mile, too.

Btw, I kinda figured you went the whole nine yards re:
If you're totally paranoid, you could also rename the following files to *.bak: Which is what I've done!

I've gotten to know you quite well, haven't I? /images/forums/icons/wink.gif

Later,
Carol

You're welcome, Carol! /images/forums/icons/wink.gif

Meanwhile, as I needed to run a script, I reinstalled the Windows Scripting Host again, and installed <a target="_blank" href=http://www.jasons-toolbox.com/scriptsentry.asp>Jason Levine's Script Sentry.</a>

"Script Sentry allows safe scripts to run on your system while alerting you if a script might harm your system. In addition, Script Sentry prevents against malicious scripts hidden in ShellScrap (hidden SHS and SHB extensions) files, Word/Excel macro viruses, malicious HTA files, and accidentally run REG files."

It's freeware, and consumes 0 system resources. It only kicks in when needed.

So it's more versatile than NoScript, which is basically just an on/off switch.

Tony,

I'll probably do that, but maybe I'm the one that's super paranoid. I'm not sure that I'd trust something that's not completely disabled. /images/forums/icons/laugh.gif I'll take your word for it, though. It's sure better than having all these different apps.

Actually, I've had that small HTA Stop app to block those. I downloaded a few things on Wilders site at one time, including protection against Macros.

Btw, do you know about this:

Nimda Mutex Test and Protector

When the Nimda worm loads, it tests to see if a mutex exists. If so, Nimda assumes it has already infected the machine > no infection takes place. This (3 kb) will create this mutex > if it succeeds, it hijacked this mutex > Nimda cannot infect your machine anymore. If it fails to create the mutex, it will alert your system is probably infected.

<a target="_blank" href=http://www.wilders.org/free_tools.htm>http://www.wilders.org/free_tools.htm</a>

Carol

<P ID="edit"><FONT class="small">Edited by Mocha on 08/21/02 15:12.</FONT></P>

I read about the Nimda Mutex Test and Protector.

But if you're running a regularly updated antivirus, you don't really need it, IMHO.

It will detect and destroy Nimda anyway.

You're right about that, but I don't have an AV installed. I run Housecall occassionally. I think I'd have too many problems with an AV program installed.

I know what you're going to say, but there are other people that feel the same way. I think that should be a matter of choice, too, but not for people that don't practice safe computing!

Plus, I think a lot of people running AV programs feel more secure than they ought to. There are a lot of cases, where an up-to-date AV program didn't help in the least.

I do run my Firewall, but I know that's not protection against viruses. I'm not in any way condoning not having an AV program, though!

Carol

As you already guessed, I do disagree with both premises.

If you run a quality antivirus which you update regularly your chances of getting infected are close to zero.

Housecall only mops up afterwards, which I think is an extremely poor replacement for prevention.

Tony,

Housecall's scan is a good alternative and is always up-to-date. If I had my own installed, I wouldn't/couldn't have it running constantly anyway. Which means I'd run a scan whenever. There are a lot of other ways to prevent viruses, and AV's don't really prevent them, they catch them.

It's not practical for everyone to have an AV program running constantly. I know I may as well forget being online at all, if I did. I have an older PC 133MHZ with 32 MB RAM. Before I changed my VM settings and applied other tweaks, I couldn't even stay online for more than a couple hours without having to reboot. I definitely would not have an always on connection, under the circumstances.

Carol