Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Local Machine Account Passwords Reset on Windows Server 2003


  • Please log in to reply
No replies to this topic

#1 kbartley

kbartley

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 26 March 2011 - 12:12 PM

I have a new customer with a Windows 2003 server that I inherited from their previous IT provider. The server is *not* set up as a domain controller and just handles basic file and application sharing via a workgroup security model.

They called me when they started losing their connectivity to shares on the server. They also could not log in to their server because it would not accept the password for the Administrator. I initially suspected someone had accidentally reset the password, but after arriving onsite I noticed that all of the local machine passwords had been changed (which is why the shares weren't working) and I couldn't log in at all. I suspected a virus and, after using a third party software to reset the administrator password so I could log in, I ran Malwarebytes Anti-Malware and, sure enough, there were several infections, one of which was detected as a Rootkit component. I cleaned up the infection, rebooted, reran Malwarebytes, cleaned up a couple more components, rebooted and reran and came up clean. I reset the passwords on all accounts and everything was good.

Yesterday, they called with the same problem. Apparently the virus wasn't gone. I redid the whole process and this time ran several other malware and rootkit detection tools including Malwarebytes again, Norton Power Eraser, Sophos AntiRootkit, Windows malicious software removal tool and Root Repealer. Everything came up clean. Additionally, I found that nearly all the computers in the office were infected with spyware and so I ran Malwarebytes on all of them and cleaned up any infections, just in case there was any spread of the virus. I've ordered Symantec Antivirus for the machines. Their previous IT provider had Free AVG on them which, I realize is both insufficient and in violation of the AVG Free EULA. Last night at midnight, I was able to log into the server remotely no problem.

However, this morning I once again got the message that the username/password combination was invalid, so it seems the problem is back. So I'm posting this in the hopes that someone has any suggestions for what else I might run to detect this insidious virus and/or may have run up against something like this. Otherwise, I'm looking at a complete backup and reinstall which is going to add to the already major disruption to my customer's business. Thank in advance for the help.

Edited by hamluis, 26 March 2011 - 07:28 PM.
Moved from Win NT to Am I Infected.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users