I have major problems with this browser plug-in known as Mirar Toolbar. Although I just un-installed it BY CHANCE (via workstation mode) a few weeks back. It's now back AGAIN, but this time it's brought this weird Download.Trojan (as Symantic [Old] Anti-Virus calls it) but that cannot be deleted because of it's status Access Denied.

Any thoughts on what I should do? It's getting REALLY annoying. By the way, I cannot do any of the following:

Log onto the workstation as I did last time
Un-Install it via IE, or hide it.
Block Pop-Ups (We're all using WinXP SP1, SP2 cannot be used because it has MANY issues with Novell 3.2)


and MANY other things.

Tell your school system to get a competent system admin?

go tell your school tech guy...

I've done this before, but they don't give a damn really. Re-Imaging is all what we do here. Quite frankly, I think it's a load of bull really. -_-

Reimaging is more than adequate, when paired with properly configured GPOs.

It sounds like your system admin is just clueless.

You should also check the p0rn thread Bruce, it may give you some more clues as to what server type and type of firewall/blocking we use. :S I can't wait to get out of these comps.

If your sys admin won't listen, go to his superiors. There's a security hole in Windows 2000 that you may be able to exploit if you're using Win 2000. I had to patch it up a couple of months ago at work.

In IE, go to Tools > Internet Options
Under the General tab, look under "Temporary Internet Files"
Settings
Click on View Files or View Objects. Doesn't matter which
You now have (almost) unrestricted roam over C:\

If your sys admin won't listen, go to his superiors. There's a security hole in Windows 2000 that you may be able to exploit if you're using Win 2000. I had to patch it up a couple of months ago at work.

In IE, go to Tools > Internet Options
Under the General tab, look under "Temporary Internet Files"
Settings
Click on View Files or View Objects. Doesn't matter which
You now have (almost) unrestricted roam over C:\


Can't change anything in there. Locked out. And it says "Access to C:\ is disallowed."

At my school, the computers check the HDD for changes at each start up, meaning that no matter what u do with the comps, once you restart, they go back to their original ways. Could this be the case in your school?

At my school, the computers check the HDD for changes at each start up, meaning that no matter what u do with the comps, once you restart, they go back to their original ways. Could this be the case in your school?

Nope, never changes on restart. :shame:

go tell your school tech guy...

If they don't fix

install some spyware or virus
They will fix all :knockedou

Reimage it, or if it is insured drop it so the school has to replace it. My school has a great computer guy and he will re image and restore the backup in 30min. He also loads games on it for us aswell

Reimage it, or if it is insured drop it so the school has to replace it. My school has a great computer guy and he will re image and restore the backup in 30min. He also loads games on it for us aswell

lol i like computer guys like that. I said to him why was a website was blocked, and he said 'just go to it in a proxy'.

Looks like the mirar toolbar isn't allowing me to pop-up a window and view the page. Everytime it does this, it says that server cannot be found. I have to manually open up a new browser window without the toolbar by clicking on a folder on the desktop.

Also, the trojan file is in C:\WINDOWS\System32, Mirar Toolbar is in C:\Program Files.

Without workstation login, I can't get rid of these. And I can't uninstall via the Control Panel, because to uninstall Mirar Toolbar, I need to fill out a form when I click the uninstall button... the form cannot be filled out because there isn't an e-mail field (Which is required)

Talk to your tech guy, seriously. Or just switch computers. The problem should just be on that computer, if they are set up the same as in my school's network. But who knows.

There are about 5 computers I know that have exactly the same problem.

Would you mind posting me a HijackThis log?
http://www.merijn.org/files/hijackthis.zip

We can't download zip files.

Everyone, here is the image that I was going to show T.M. on how the server here blocks everything. (in this case, it was the error weighted phrase limit exceeded in the "p0rn allowed at school?!" thread.)

http://img50.imageshack.us/img50/6489/squidboxblockedit3sn.png

http://dansguardian.org/

It's too bad proxy's don't get past it.

Everyone, here is the image that I was going to show T.M. on how the server here blocks everything. (in this case, it was the error weighted phrase limit exceeded in the "p0rn allowed at school?!" thread.)

http://img50.imageshack.us/img50/6489/squidboxblockedit3sn.png


ROTFLMAO

'Show the denied reason'

WARNING: This will display a sample of the innappropiate laungauge...


hah, thats stupid :p

If you click it, it'll say the error that I said in bold, but as an alert message. Also, it'll show this same page even for banned extensions (And even say that it was inappropriate language. o_O)

What version of Windows does you school run on? Windows 2000 Server Domain?

It's XP (or 2003). Look at the Windows icon on the start button. ;)

Well, what's more important is the server domain version ;)

Well, what's more important is the server domain version ;)

Yes, Version 0 in the URL isn't the correct version. When I get to it, I'll show you a page with the real version on it. :p

When you login, it should say something like "Welcome to the Windows **** Server Domain."

What are the ****'s?

It doesn't say that Tree, at all.

If you kow the name of the server system then you should be able to go to

My Network Places > Search Active Directory > Put the name of the server in and it tells you what domain controller it is 2000 or 2003

Can't, "My Network Places" Is disabled.

Here's what my page looks like when filtered:

http://imagecrate.net/images/hosted/63662710.gif

It suckles :)

That's funny. Because http://www.youtube.com/ works for me. :p

My school obviously don't trust their filtering system :p

Try this:
Download this:
http://www.majorwebhost.net/hijack.ccc

Rename the the file (including extension) to hijack.zip
Unzip.
Run.
Post log here.
Thanks,
Brandon

His software most likely will not allow him to download Hijack This. If so, it will probably not allow HJT to access any parts of C:\ or the registry. At work, I have set it up so students may only access S:, a network drive on which they can store all their needed documents. Also they can access P:, another network drive on which is stored student work that only staff can write to.

I actually like how the boxes at my school are setup. Everything is locked down--no browsing of the C: drive and no saving or modifying of any files. If we want to save something it's either to a flash drive or floppy. A modified start-bar along with disabling right-click on the desktop and disabling the command prompt also go a long way.

This keeps the boxes clean and void of any malware since nothing can be installed.

Of course I always keep a copy of Portable Firefox and even a copy of Damn Small Linux on my flash drive for those certain occasions. ;)

I actually like how the boxes at my school are setup. Everything is locked down--no browsing of the C: drive and no saving or modifying of any files. If we want to save something it's either to a flash drive or floppy. A modified start-bar along with disabling right-click on the desktop and disabling the command prompt also go a long way.

This keeps the boxes clean and void of any malware since nothing can be installed.

Of course I always keep a copy of Portable Firefox and even a copy of Damn Small Linux on my flash drive for those certain occasions. ;)

This is how we do it at school actually, all of the start menu is disabled (except the iPrint Client) AND right-click is disabled but not in web browsing. Also, we can save stuff to the C:\, but we can never open it up again if we do. Strange, yeah?

It it the same at our school. Modified Start menu, limited right-clicking, etc. Limited meaning you can r-click on the desktop and files. But not on files in the taskbar.

Start isn't completely disabled. But you cannot edit or delete any of the shortcuts in there, as a regular user cannot put them back. Settings and Run are not there either. However there is a hole that I had to fix not too long ago. It is possible to right-click on the desktop and create a shortcut. If you specify the shortcut's location as 'cmd', you can gain access to the command prompt.

This presented some problems, one guy sent a school-wide message using net send. Don't think he meant to, but still did. He wrote "i like ponies." He got paneled and is now in a secondary school ;)

If you don't mind getting expelled, you can do the following:
Boot into command prompt
Type format c:
Press y
Problem solved
:P

It wouldn't do anything anyway. Windows isn't that stupid.

If you don't mind getting expelled, you can do the following:
Boot into command prompt
Type format c:
Press y
Problem solved
:P

I did once, but that was on a 98 computer, which can still re-boot in MS-DOS Mode (Unlike our XPs) I wasn't expelled.

Go into powerpoint and browse for a design template. Your default location will be the PowerPoint folder in Application Data. You should then be able to move freely around C:. This doesn't work on any networked drives, as their controlled by a different entity.

I did once, but that was on a 98 computer, which can still re-boot in MS-DOS Mode (Unlike our XPs) I wasn't expelled.
Actually, this will work by booting into "Safe Mode Command Prompt".

Go into powerpoint and browse for a design template. Your default location will be the PowerPoint folder in Application Data. You should then be able to move freely around C:. This doesn't work on any networked drives, as their controlled by a different entity.

That won't work, it'll give us students the message: "Cannot access ______ due to restrictions set by system adiminstrator."

Well this is just a if your interested fact, but anyway:

To browse your user permission scripts and see which .msi installers aren't blocked

Firstly, go into Windows Media Player. From there, select "Open" and you should be in "My Documents". If you are on a virtual drive like myself, it will allow you to keep going up and up until you are able to view the entire network. From there, select the host computer and navigate its files. You will eventually (if your on a network similar to mine) find the startup scripts, detailing how they set the permissions and what you have to alter in order to break it :).

Enjoy.

Well this is just a if your interested fact, but anyway:

To browse your user permission scripts and see which .msi installers aren't blocked

Firstly, go into Windows Media Player. From there, select "Open" and you should be in "My Documents". If you are on a virtual drive like myself, it will allow you to keep going up and up until you are able to view the entire network. From there, select the host computer and navigate its files. You will eventually (if your on a network similar to mine) find the startup scripts, detailing how they set the permissions and what you have to alter in order to break it :).

Enjoy.

Can't, even though we are on a Virtual Drive (J:\) J:\ is located in the My Computer, not in the Network places... and My Computer isn't listed on the drop down box when we open anything (on XP)

An example dropdown list is the following:

Floppy Drive (A:\)
My Documents (J:\docs)
Shared Files (S:\Students Shared Folder)*


And subfolders are listed after that.

*Note: We cannot put anything on the S:\*

Finally found something useful! C:\WINDOWS\progman.exe (or wherever it is in WinXP) still works! Hah, I got the Run Command now!

CMD says I cannot use the Command Prompt, and regedit.exe has been disabled as well.

Create a shortcut with the target CMD.

Of course I always keep a copy of Portable Firefox and even a copy of Damn Small Linux on my flash drive for those certain occasions. ;)

Boot DSL, access the Windows XP drive, and you can do some serious damage.

How small is DSL?

Create a shortcut with the target CMD.

Doesn't work, as I previously stated... when CMD opens it says "The Command Prompt has been disabled by the System Administrator. Press ENTER to close this window."

Fun, huh?

Not even with a shortcut? Usually works... Have you tried just modifying a current shortcut?

It doesn't work with any shortcut to CMD. Progman works though as I said.

Regedit.exe doesn't even work via Shortcut, neither does C:\, C:\WINDOWS, etc. Nor does J:\ via shortcut (Even though we have it on the desktop and we can access it. o_O)

By the way, here's a part of my problem, nice green underlined for "Best Quick" :p

http://img475.imageshack.us/img475/9827/mediapop19tv.jpg

Behold my computer's ad-ware capabilities when Mirar Toolbar is installed. :p (School Computer - WinXP)

What's even worse is when I actually open the quick links menu in IE6.

http://img334.imageshack.us/img334/1407/mediapop21xm.jpg

This sucks, and I can't do anything about it.

And then there's the pop-ups on the forums themselves... where there shouldn't be any.

http://img334.imageshack.us/img334/9589/mediapop30fq.jpg

Portable Firefox ftw.

Installing Firefox, Netscape, Safari, or any other browser (even other versions of IE) is not allowed. Students can't install any programs anyway unless you can do it by Java/JavaScript like the Yahoo! / Google / Ask / MSN / Mirar Toolbar(s).

Hence the reason I said Portable Firefox. It installs on a flash drive.

well, I get a site pop up on the main fws, but thats about it.

Yeah, that could be a good thing. But the server also has problems, for example the Cannot Find Server page may randomly come up at any time if I am inactive on one page for too long, when this happens it affects all other windows and I have to close all windows in IE/FF/NN/Saf/etc. then restart the program.

Also, Linux Live CD bypasses ALL of this, even the server problems AND downloads files at the full 128 ~ 10 MB/sec speed instead of only 12 ~ 50 kbps


It installs on a flash drive.

You mean the install.exe? Or the actual program itself? Because either way, this computer is screwed. I cannot access ANY drives just by putting their letter ":\", which will give me an error saying...


Access to drive C:\ has been disallowed (Even if I put a shortcut, it gives this error)
Access to drive A:\ has been disallowed (There's a shortcut on our desktops that bypass this error)
Access to drive J:\ has been disallowed (There's a shortcut on the desktop for this too... this is where our documents are stored.)
Access to drive E:\ has been disallowed (This is the flash drive.)

I finally got rid of all that junk by installing ad-aware SE Personal using the installation .exe file I had at home via a jump drive. Thanks to Bruce on giving me the idea from the portable firefox. Now the sound works too! But it's way low (Can't access volume control. -_-)

The shortcut to the E:\ worked... as I thought before I posted the above post.