Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is it possible to wipe the guest account?


  • Please log in to reply
No replies to this topic

#1 Emmm

Emmm

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 13 April 2010 - 07:02 PM

Hi,

I'm having a fairly aggravating issue with the Guest account on my secondary laptop (Vista 64bit Business edition); I turned on the Guest account so that a friend could use it, and it is now seriously infected with malware (Digital Protection). It is confined to the Guest account, and I have attempted to remove it using a number of methods:


1) This set of instructions: http://www.bleepingcomputer.com/virus-remo...ital-protection

Problem: cannot enter the guest account in safe mode; following error:

"Windows could not connect to the Sens service. Please contact your system administrator."

Google was startlingly unhelpful, so I entered the admin account in safe mode, but Malware Bytes does not detect the infection on the Guest account.


2) This set of instructions: http://www.bleepingcomputer.com/virus-remo...e-security-tool

I chose this as an alternative as google results suggested rkill as a means to help remove Digital Protection.

Problem: rkill (Run as Administrator) terminates conime.exe, but the scare-tactic pop-ups continue. Running Malware Bytes immediately after the rkill results in the computer restarting itself halfway through the scan, regardless of my attempts to cancel the restart. I assume this is due to the malware attempting to protect itself.


3) Removing the registry keys created by the virus. This was stupid of me and I knew better. I ended up having to repair a missing dll using the Vista install disc.


Ultimately, the wear and tear on my patience is not worth further expended effort, so I created another account for my friend to use. The Administrator account continues to be unaffected. I have attempted to research methods to completely wipe the Guest in order to purge the infection, but I have discovered no way to do so, and it isn't possible to delete a built-in account (which I attempted through administrator tools). For now, the guest account is disabled, but I am uncomfortable with the idea of the malware simply being shunted off to the side rather than removed. Any suggestions would be most welcome.

Thank you.

Edited by Budapest, 13 April 2010 - 07:10 PM.
Moved from Vista ~BP


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users