Jump to content
Login new information ×
Login new information

This program has been blocked by group policy

Knightmare

By Knightmare
in Software Chat

Recommended Posts

Knightmare

Knightmare

Posted
Posted

This message is appearing on my family's computer. It happens when I try to run Malwarebytes'. I ran ESET Online Scanner which removed 4 infected files but the group policy from the virus is still there. The problem is the computer should not have group policy because it is Windows 7 Home Premium. It also appears that AVG is blocked from running.

Any help would be appreciated.

Link to comment
Share on other sites
  • Replies 30
  • Views 12.2k
  • Created
  • Last Reply
pintas

pintas

Posted
Posted

Try this program, install it, run it and on the tray icon, select 'Unlock'. This should remove the group policy lock.

Then run MBAM scan (this will take care of all your infections) and remove the program.

Good luck!

Also, pay attention to this little app, i'm doing some improvements on it and i'll share it here after i finish. ;)

http://www.mediafire...1yqswnbhelygvr7

Link to comment
Share on other sites
G-hot

G-hot

Posted
Posted

do you try combofix & kaspersky tdsskiller yet?

check this it out

http://www.tweaking.com/articles/pages/virus_malware_amp_rootkit_cleanup_links,1.html

http://support.kaspersky.com/faq/?qid=208283363

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

After you do a scan with anti-malware / anti-spyware software then if it had been detected any infection should be removed immediately then you can use this wonderful program by shane ;) http://www.tweaking.com/content/page/windows_repair_all_in_one.html

Link to comment
Share on other sites
Knightmare

Knightmare

Posted
  • Author
Posted

I've heard that you can edit group policy in the registry. Does anyone know where the registry entries would be on Windows 7 Home Premium? If I can delete those, I should be good to go.

Link to comment
Share on other sites
pintas

pintas

Posted
Posted

I've heard that you can edit group policy in the registry. Does anyone know where the registry entries would be on Windows 7 Home Premium? If I can delete those, I should be good to go.

That is what the program i uploaded does, have you tried it?

Yes its virus free :)

Link to comment
Share on other sites
Knightmare

Knightmare

Posted
  • Author
Posted

I've heard that you can edit group policy in the registry. Does anyone know where the registry entries would be on Windows 7 Home Premium? If I can delete those, I should be good to go.

That is what the program i uploaded does, have you tried it?

Yes its virus free :)

I want to remove group policy all together, since it shouldn't be on the computer in the first place. Will your program do that?

Have you tried this?

I have not tried that. I will when I get home and let you know how it goes.
Link to comment
Share on other sites
pintas

pintas

Posted
Posted

I've heard that you can edit group policy in the registry. Does anyone know where the registry entries would be on Windows 7 Home Premium? If I can delete those, I should be good to go.

That is what the program i uploaded does, have you tried it?

Yes its virus free :)

I want to remove group policy all together, since it shouldn't be on the computer in the first place. Will your program do that?

The program locks and unlocks SRP (software restriction policy), which is different from Group Restriction Policy, but.... when in 'Locked' mode, they both (SRP and GRP) present the same exact error message. So give it a try and see if it worked.

Btw, that is not my program, but i am making one based on it, easier to use with a nicer GUI, etc.

Link to comment
Share on other sites
Knightmare

Knightmare

Posted
  • Author
Posted

You can't remove it, it's present in registry, you just don't have the in-built tool to configure it.

Cheers ;)

But it shouldn't be on the system in the first place. It was placed or activated or whatever by the virus.
Link to comment
Share on other sites
nIGHT

nIGHT

Posted
Posted

I did encounter something like this on my friend's laptop and it was caused by a hijack malware.

We didn't fix it, we re-install the OS. It's a wise move if you doesn't have a good security softwares installed protecting your system.

But there are times that reinstalling OS is not an option.

Note that I am not an expert in this field, but from what I suspect a few SRP/GRP registry have been activated that cause this lockout.

Here is my idea on maybe how it can be fixed. Do this only as a last resort.

1. Open command prompt under "Run as Administrator" mode.

2. Type "gpedit.msc"

3. Navigate to "Computer configuratrion" -> "Windows settings" -> "Security settings" -> "Software Restriction Policies"

4. Be aware that selecting "Software Restriction Policies" may not display list of options.

This imply that SRP is not installed, but somehow some of its registry values may have activated it.

What we will do is to create a new software restriction policies to recreate its registry values and delete it.

4.a Right-click on "Software Restriction Policies" and a context menu list displays.

4.b Choose "New Software Restriction Policies". A list of options is now displayed under "Software Restriction Policies"

4.c Select and right-click "Software Restriction Policies" again and choose "Delete Software Restriction Policies"

4.d Close gpedit.msc or Local Group Policy Editor

5. Open command prompt under "Run as Administrator" mode if you have closed the first one above, otherwise go back to that cmd windows.

6. Enter the command "gpupdate /force"

7. Close cmd window and restart.

I am not claiming this will work but maybe it will. Do this only as a last resort.

Just trying to help. ;)

Link to comment
Share on other sites
Knightmare

Knightmare

Posted
  • Author
Posted

I did encounter something like this on my friend's laptop and it was caused by a hijack malware.

We didn't fix it, we re-install the OS. It's a wise move if you doesn't have a good security softwares installed protecting your system.

But there are times that reinstalling OS is not an option.

Note that I am not an expert in this field, but from what I suspect a few SRP/GRP registry have been activated that cause this lockout.

Here is my idea on maybe how it can be fixed. Do this only as a last resort.

1. Open command prompt under "Run as Administrator" mode.

2. Type "gpedit.msc"

3. Navigate to "Computer configuratrion" -> "Windows settings" -> "Security settings" -> "Software Restriction Policies"

4. Be aware that selecting "Software Restriction Policies" may not display list of options.

This imply that SRP is not installed, but somehow some of its registry values may have activated it.

What we will do is to create a new software restriction policies to recreate its registry values and delete it.

4.a Right-click on "Software Restriction Policies" and a context menu list displays.

4.b Choose "New Software Restriction Policies". A list of options is now displayed under "Software Restriction Policies"

4.c Select and right-click "Software Restriction Policies" again and choose "Delete Software Restriction Policies"

4.d Close gpedit.msc or Local Group Policy Editor

5. Open command prompt under "Run as Administrator" mode if you have closed the first one above, otherwise go back to that cmd windows.

6. Enter the command "gpupdate /force"

7. Close cmd window and restart.

I am not claiming this will work but maybe it will. Do this only as a last resort.

Just trying to help. ;)

I tried running gpedit.msc from the start menu but it doesn't exist on the computer.
Link to comment
Share on other sites
Knightmare

Knightmare

Posted
  • Author
Posted

I tried running gpedit.msc from the start menu but it doesn't exist on the computer.

Oh my...fault! I missed that one where you posted you're using home premium TL;DR. :thumbsdown: :lmao:

gpedit.msc is not available in that edition.

But I read there are ways to put it back on

Enable “Group Policy Editor” (gpedit.msc) in Windows 7 Home Premium

Can I take it back off though? I don't want it to stay.
Link to comment
Share on other sites
  • Administrator
DKT27

DKT27

Posted
  • Administrator
Posted

Having a group policy editor with you is mostly a good thing, not a bad one. ;)

Link to comment
Share on other sites
dcs18

dcs18

Posted
Posted

@ Knightmare

Whenever my Clients bring in a system which is infected, I find the most comprehensive solution is to restore from an image - saves a lot of time and ensures peace of mind resulting in a sound sleep.

The only downside is one would probably never find out the root cause of the infection.

Link to comment
Share on other sites
Knightmare

Knightmare

Posted
  • Author
Posted

I ran Combofix with no luck, and now I'm running startup repair. I installed the Group Policy to the system but don't know what to look for to unblock Malwarebytes' and AVG.

Link to comment
Share on other sites
unknownasphyxiated

unknownasphyxiated

Posted
Posted

try check here if there any avg or mbam entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
or you can use sysinternals autorun
Link to comment
Share on other sites
Knightmare

Knightmare

Posted
  • Author
Posted

try check here if there any avg or mbam entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
or you can use sysinternals autorun
I didn't find any entries.
Link to comment
Share on other sites
nIGHT

nIGHT

Posted
Posted

@ Knightmare

Whenever my Clients bring in a system which is infected, I find the most comprehensive solution is to restore from an image - saves a lot of time and ensures peace of mind resulting in a sound sleep.

The only downside is one would probably never find out the root cause of the infection.

This is the most practical solution.

This means that it is important to backup your clean uninfected system (using something like acronis true image);

Especially, if you recently bought it and have a pre-installed OS in it.

I maintain a single backup of a fresh installed system with the most basic softwares I need.

@Knightmare

Malware Bytes Blocked

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...