locked
Activation ProblemAnd unauthoised Use RRS feed

  • Question

  • Hello,

     I just uninstalled a spyware program called spy sweeper from my computer and required a restart. After the restart a popup msg showed unauthoised change caused limited windows use. It doesnt allow to run any programs but only internet explorer. I tried to validate my windows but it said its not valid, ive read some articles about running a command on command lne and trying again but it doesnt allow me to run anything.

     I dont want to turn back to my factory settings and loose all my data, this spyware program was also delivered with my laptops factory settings. (sony vaio) how can i validate my windows again? its really disturbing to get locked out like that..

     and also i cant run MGADiag.exe it says smth like not enough qouta to run etc.. can you plz help me to solve that problem?
    Wednesday, June 24, 2009 9:46 PM

Answers

  • Hi prdxxx,

    Your Vista is experiencing a Mod-Auth Tamper, but there are two types of Mod-Auths, with different resolutions, but I can't tell which without the Diagnostic.

    >In Memory Mod-Auth - Caused by either a Incompatible Program or Malware activly running and attempting to hook or shim (modify) proccesses running in system memory.  To resolve, you just need to uninstall (or upgrade to a compatible version) the program (i.e. remove the cause and the damage corrects itself).

    >On Disk Mod-Auth - Caused by something (program, malware, failing hard drive, random corruption...so on) modifing or corrupting system files located on the hard drive. To resolve the files must be repaired or replaced (i.e. even if the cause of the modification is removed, the damage still remains).

    So if you missed a piece of Malware, then an In Memory type is probably the problem. 
    But if you, in fact, removed the full malware infection, then it probably did some damage before it was removed (On Disk type)

    I can't do much with In Memory Mod-Auth because the user just needs to find and removing/upgrading the offending program/malware.  
    But for On Disk Mod-Auths, there are a few steps you can try:


    First try repairing Windows using System Restore (In some cases, this may also resolve In Memory Mod-Auths, by returning to a point in time before the offending program was installed on the computer) :

    1)    Reboot Vista into Safe Mode

    2)    Go to Control Panel

    3)    On the left hand side of the Control Panel window, Click on "Classic View"

    4)    Double-click "Backup and Restore Center"

    5)    On the left hand side of the window, click "Repair Windows using system restore"

    6)    Select "Choose Different Restore Point", Put a check in the box that says "Show restore points older than 5 days", select the restore point that corresponds to the date Before you first noticed the issue.

    7)    Click the "Next" button.

    8)    Reboot back into Normal mode

    9)    Vista should no longer be in Reduced Functionality mode

     

    If that doesn't work, try doing a System Scan. The scan will look for bad Vista files and will attempt to repair them, if possible.

    1)    Login to Vista in Normal Mode (not safe mode)

    2)    Launch an Internet Browser

    3)    Type: %windir%\system32\ in the browser's address field

    4)    Scroll down till you find the file cmd.exe

    5)    Right-click the file and select 'Run as Administrator'

    6)    In the CMD window, type: sfc /scannow

    7)    Reboot twice and see if that resolves the issue.

    If neither of these sets of steps resolves the issue, my only other suggestions would be either to contact Vista support, for additional assistance, at http://support.microsoft.com or reinstall Vista.


    Hope that helps,
    Darin MS
    Thursday, June 25, 2009 3:50 PM