3

A friend called me saying that her computer recently said it was applying a Windows update when it was shutting down. Now when logged in as her normal user whenever she tries to run any program from the start menu or from a shortcut on the desktop she gets the following popup:

"Windows cannot access the specified device path or file

You may not have the appropriate permissions to access the item"

If she right-clicks and chooses 'Run as administrator' the program will run.

We checked the Windows update history and it said the update was applied successfully and that there are no updates available.

Unfortunately I'm in a different city so I don't have physical access to the system to look at it any further. Has anyone had a similar problem or have any suggestions?

Edit:

We got a new hint today. The virus scanner said there were five viruses found (I just got a voicemail). I'll post relevant details.

Improve this question
3
  • Can the task manager (Ctrl+Shift+Esc) be run without admin? How about really simple programs like notepad or a command prompt? If a command prompt works can you run other programs from there?
    – PeterJCLaw
    Commented Apr 6, 2010 at 22:53
  • I see that you specifically stated "whenever she tries to run any program from the start menu or from a shortcut on the desktop". Does this happen when you directly run the program (not via a shortcut)? Not that I think it would help solve the problem but I'm curious.
    – Vervious
    Commented Apr 8, 2010 at 6:00
  • Correct, it's any program or shortcut. Running a downloaded .exe directly also gave the same warning.
    – Dave Forgac
    Commented Apr 8, 2010 at 22:32

2 Answers 2

Reset to default
3
+150

Just as a sanity check, I recommend verifying the NTFS permissions on, say, c:\Windows\System32\Notepad.exe, then check your friend's account's group membership, to be sure she really should have access to the file. Perhaps your friend was accidentally removed from the Users group? That would make sense because:

  1. She's able to log in because she is a member of Administrators, which has the "allow log on locally" privilege.

  2. If she doesn't use "Run as Administrator", she doesn't have access to anything. Without using that option (known as "elevating"), her security token contains all her group memberships except Administrators. Since her token doesn't contain either Administrators or Users, she's blocked from accessing most things except her user profile (her profile explicitly gives her account full control).

  3. When UAC elevates her, it adds the Administrators group to her token. Administrators members have access to everything (or can grant themselves access), so she then can launch programs.

If that's not the case, then it sounds like some malware may have hooked into the shell and now attempts to run its own code every time a program is launched.

Improve this answer
1
  • Her user didn't show up as belonging to the 'Users' group so good suggestion. The resolution was letting the updated antivirus clean the system and then add a new user for her.
    – Dave Forgac
    Commented Apr 12, 2010 at 23:15
0

If as you say the computer is infected, then Windows Update has only further destroyed an already damaged system.

You might try to restore the system to its state before this update was done, then run several anti-virus programs. Some to try are MBAM, Avast and Spybot S&D. Then run "sfc /scannow" to repair system files (better have a boot CD ready).

Next, try doing again the Windows Update. If the problem happens again, you might need to reinstall Windows.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .