Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost Admin User


  • Please log in to reply
7 replies to this topic

#1 AustinTerry

AustinTerry

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin, TX
  • Local time:05:29 AM

Posted 08 June 2009 - 08:34 AM

Ok how do I start? Possible malware caused system damage.
A friend of mine told me she got a msg saying her computer was infected(probably malware with the msg) and clcked on remove, then her computer froze, she rebooted and all she got was just her desktop picture, no icons, no taskbar, nothing. So she went out and bought a new computer and brought it the bad (infected?) one to me to see if I could retrieve he family pictures.

Booting the computer up, it show 2 logins like it should, one is hers as the admin, the 2nd, her son's with limited use.
logging onto hers, the only thing that coms up is like she said just the desktop. Even the Windows button on the keyboard will not pull up a menu. Ctrl/Alt/Del works but that is about it.

so I took the Hdd out and put in my other computer as a secondary, and under Docs and Settings, only Administator, All users, app data, and her son's acct show up, her personal user acct is not there.

I scanned the drive with my CA antivirus and as supected, it found about 9 badboys. Then I was running a spyware scan and the CA popped up with about 7 more again. I noticed that they were in a tmp file that had her user name, so it seems her user acct could still be there, maybe?

Can Malware delete or hide the main users acct? Any ideas how to get it back once I get the conmputer totally cleaned up?

thanks, Terry

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:29 AM

Posted 08 June 2009 - 10:28 AM

What does User Accounts (in Control Panel) reflect?

Her profile could be damaged, Copy Data from a Corrupted User Profile to a New Profile in Windows XP - http://support.microsoft.com/kb/811151

Louis

I'd also run chkdsk /r on that drive, if possible. If not, then I would run a hard drive diagnostic (long test) on it.

Edited by hamluis, 08 June 2009 - 10:30 AM.


#3 AustinTerry

AustinTerry
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin, TX
  • Local time:05:29 AM

Posted 08 June 2009 - 10:53 AM

Hi Louis,

I can't access Control Panel since I have no menus, task bar, etc. I can't access anything while logged in as her.
I can do Ctrl/alt/del and that is it. I haven't tried logging in as her kid, since it is a limited acct, but maybe I can get to control panel from there.
I looked at the kb/811151 you mention above, and since I can't login as admin, I don't think it will work.
Even in Safe Mode (under her acct), I get just a black screen with no access to anything. We tried to login as Administrator in Safe Mode, but she has no idea what that password is. She has had the computer for 9 years or so, and never knew that even existed. It was probably set up by Dell, and has a factory pasword? I tried typing the svc tag# also, but that didn't work. Does Dell have a factory preset password?

#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:05:29 AM

Posted 08 June 2009 - 11:11 AM

Bring up task manager. Applications tab, at the bottom New Task.
Type in control panel, click OK.

Control panel should open.

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:29 AM

Posted 08 June 2009 - 11:20 AM

Or type:
explorer.exe
To get your Desktop
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 AustinTerry

AustinTerry
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin, TX
  • Local time:05:29 AM

Posted 08 June 2009 - 11:32 AM

Thanks guys (& gals?),

It will be this evening before I'm back in front of that computer, but I will give them both a go, and report back with what happens.

I want to make sure I get all the malware off first, while I have it set up as a slave drive on my unit.

I ran my CA anti-virus again last night while in safe mode and it came up clean, but would also like to run Malwarebytes also (I have never used that before). Do you know if I can run it to scan the drive while it is set up as a slave, or should I install it back into the Dell as the master and then use Malwarebytes?

Edited by AustinTerry, 08 June 2009 - 11:33 AM.


#7 AustinTerry

AustinTerry
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin, TX
  • Local time:05:29 AM

Posted 08 June 2009 - 11:38 AM

Oops, I just remembered, I probably won't be able to run M-bytes if I put the Hdd back in as the master, until I get the user account problem fixed first.

Right?

#8 AustinTerry

AustinTerry
  • Topic Starter

  • Members
  • 284 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin, TX
  • Local time:05:29 AM

Posted 10 June 2009 - 07:38 PM

Ok, a couple days worth of running anti-virus and clearing a bunch of malware, I decided I would put the Hdd back in the Dell as the master and see if I could do what you all mentioned above, as well as finish running any malware programs to finish the job. Now after booting up as the master, I login to her user (Cathy) and just a few seconds after the desktop appears, it goes back to the blue Welcome screen and says "logging off". I try it under her sons account, same thing, Safe mode, same thing. So now I can't even stay logged in log enough to try anything. I double checked to make sure I had the jumper settings on correctly.

I know her user account is still there, because when Malwarebytes was scanning, I could see it scanning Cathy/My Documents/etc.

Her unit is

XPS/Dimension XPS
Ship Date: 9/14/2003
Dell IBU: Americas
Quantity Parts # Part Description
1 5120P Cord, Power, 125V, 6Feet, SJT..., Unshielded
1 C0724 Processor, 80532, 2.8G, 512K, 800 Front Side Bus, Socket N
1 F2905 Card, Planar, NIC, DIMXPS
1 7N242 Keyboard, 104 Key, UNITED STATES..., Silitek, LC, MIDNIGHT GRAY...
1 T0943 Kit, Mouse, UNIVERSAL SERIAL BUS..., 28, Optical Logitech
1 Y0607 Digital Video Disk Drive, 680M, 16X, I, 5.25" FORM FACTOR..., Hitachi LG Data Storage, CHASSIS 2001...
1 J0997 Card, MULTI-MEDIA..., Audio, 1394, SB0243
1 G0001 Card, Graphics, 128MB NV34, Dimension, 2nd
1 7T281 Floppy Drive, 1.44M, 3.5" FORM FACTOR..., 3 Mode, No Bezel, TEAC..., V4, CHASSIS 2001...
1 X0375 Hard Drive, 80G, 7200RPM 60G, Hitachi-VAN2
1 2X092 Card, Multimedia, Emuzed, 1394, Dimension
1 X0397 KIT..., SOFTWARE..., APPIAN..., PAINT SHOP PRO..., V7.05, ENGLAND/ENGLISH..., DELL AMERICAS ORGANIZATION..., V
1 W0641 Kit, Software, Appian, D-IE2K Premium, DELL AMERICAS ORGANIZATION..., V3
1 6W678 Kit, Software, Overpack, WXPHSP1, Compact Diskette with Documentation, English
2 D0837 Kit, Doc/Dsk, Software, DVD, CYB, 4.13C
2 J0202 Dimm, 512, 400M, 64X64, 8K, 184
1 T0103 DVD Plus RW, 4.7, NEC CORPORATION..., 4X, DVD Plus R, CHASSIS 2001..., V2

What next?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users