Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP passwords blanked bt still prompted for psswords


  • Please log in to reply
12 replies to this topic

#1 eddb

eddb

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 19 August 2013 - 09:03 AM

This XP pc was/is infected with a syskey password before windows logon.  I was able to remove that and have blanked out all user passwords including Administrator.  But windows still prompts for a password at logon even in safe mode.

I have run numerous CD-boot virus scanners and have cleaned out all found items.  Still get a password failure trying to logon.  What other than a destructive reinstall can be done?

Obviously cannot get into the system in any way, so no control panel.  I can get to the registry via a bot CD and can modify some aspects of the registry.  I do not find any RUN entries that look at al suspicious.


Edited by hamluis, 31 August 2013 - 05:15 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 .X.

.X.

  • Members
  • 490 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:44 AM

Posted 19 August 2013 - 09:21 AM

How did you get rid of the syskey password. I've tried and failed. Would like to know how you accomplished it. I tried it with Offline NT Password & Registry Editor

 

.



#3 eddb

eddb
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 19 August 2013 - 09:37 AM

I've tried a few but that or its equivalent is what I used also.  It worked for syskey and says the user passwords are blank, but somehow windows (or some rogue program I cannot find) still wants a password.



#4 eddb

eddb
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 19 August 2013 - 10:57 AM

I have checked again and that IS the program I used.



#5 .X.

.X.

  • Members
  • 490 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:44 AM

Posted 19 August 2013 - 11:15 AM

Hmm. I tried and tried in a virtual machine and the section for resetting the syskey just wouldn't come up. I stopped recommending it because of my tests. Guess, I'll start recommending it again. Thanks for letting me know.

 

BTW, you can do a reinstall on the same partition but not format. It will make the Windows folder Windows.0 and the docs and setting folders following the same naming scheme.

A fresh format and install is better but I guess you don't do backups?



#6 eddb

eddb
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 19 August 2013 - 11:37 AM

This is not my PC.  I begged the owner not to EVER install a program he "finds" on the web but he often ignored me with bad consequences.  This is the worst.  He paid (and tried to stop payment) on ransomware, then he called me.

I can get all his user data off the machine, but am not equipped to or interested in re-installing the user programs.  I have had the hard drive attached to another machine so backing up, if I care to, is easy. Needless to say, he never backed up. Wish I could do a system restore from outside the machine, but that is beyond my skill set even after reading how to do it.  Maybe I missed an easier way.

 

FYI all my machines get image backups monthly.



#7 .X.

.X.

  • Members
  • 490 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:44 AM

Posted 19 August 2013 - 12:36 PM

You can easily restore the registry from a restore point. Read part 2 on How to recover from a corrupted registry that prevents Windows XP from starting If it doesn't say so in the KB article, make backup copies of the original hives first.



#8 eddb

eddb
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 19 August 2013 - 12:43 PM

Here is the line in this procedure that makes it a no-go.

 

When you are prompted to do so, type the Administrator password. If the administrator password is blank, just press ENTER

 

 

The Administrator password is supposedly blank, but the recovery console prompts for one, and a blank attempt fails.

 

I am thinking that there is corruption in the registry that is doing this.



#9 .X.

.X.

  • Members
  • 490 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:44 AM

Posted 19 August 2013 - 12:48 PM

I should have been more clear. Do it offline. Hook up the drive to another computer and do it through Windows Explorer.



#10 eddb

eddb
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 19 August 2013 - 12:52 PM

thanks,  I did think of this immediately after hitting POST on my reply.

 

I think it will also work under BART-PE. 

 

There is a Microsoft warning about doing any of this with an OEM install.  I'll have to do some studying before I rush blindly into it.

 

Thanks again.



#11 bsguy

bsguy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 31 August 2013 - 03:37 PM

For resetting (disabling) syskey password Offline NT Password & Registry Editor works well, but you have to use undocumented prompt #2 at a certain point. 

 

Create a bootable disc of your choice with Offline NT Password & Registry Editor included

 

 

Prompt path to disable syskey:

- Select "1" (or the whatever choice represents your correct Windows partition)

- Select "y" (yes, you wish to force changes)

- Hit enter for the default registry directory (Windows/system32/config is the default) or type in the path to the correct registry location

- Select "1" for Password reset

- The next screen presents you with choices 1, 9 or q. Type in a 2 and hit enter. NOTE: A warning tells you NOT to try this on Vista or Win 7. 

- Type "y" (if you really want to disable syskey)

- Select "q" to quit

- Select "y" (you must do this in order to write changes)

- You are presented with the opportunity to start a new run of the script or to end the session. Once disabled, the secret "2" prompt will not work again until you have booted into Windows.



#12 hamluis

hamluis

    Moderator


  • Moderator
  • 55,872 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:44 AM

Posted 31 August 2013 - 05:11 PM

<<This XP pc was/is infected with a syskey password before windows logon. >>

 

If the system is infected...you need to initiate a topic in a BC forum that deals with malware.  This forum does not have the expertise to deal with such.

 

Topic moved to Am I Infected.

 

Louis

 



#13 .X.

.X.

  • Members
  • 490 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:44 AM

Posted 31 August 2013 - 06:38 PM

Thanks bsguy! Learned something new today. I'm copying and pasting your post into my notes.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users