Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Home Can't logon to any accounts


  • Please log in to reply
11 replies to this topic

#1 MisterrFixIt

MisterrFixIt

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:09:43 PM

Posted 18 November 2013 - 05:43 PM

First of all I know that you don't give step by step instructions for password recovery. I accept that.

I've successfully recovered many PC's in the past but this one has me stumped.

It is someone elses PC so I don't know how exactly it got into this shape.

There are 3 Accounts presented on splach screen, GUYS, DOLLS, GUEST.

GUEST account was always blank, GUYS and DOLLS had individual passwords.

It would not log on to GUYS or DOLLS with the passwords I was supplied.

On GUYS Error Is "Unable to log you on because of an account restriction" on GUYS...

And on DOLLS and GUEST "You are required to change your password at first logon".

And of course, empty box is again presented. You can see the ***** as you type.

SO, being really smart and knowing that the Administrator Account was blank I brought up Safe Mode.

Splash Screen there says ADMINISTRATOR, GUYS, DOLLS. Same Results FOR GUYS and DOLLS.

ADMINISTRATOR gives same response as GUYS "Unable to log you on because of an account restriction"

------------

Have used a Password Recovery Tool in the past and also a Password Reset Tool.

Recovery toll showed HASH Totals exactly the same for all 4 accounts and "Blank"

Reset Toll showed the same but used it anyway just to make sure. Same results, same errors.

------------

So downloaded KAV 2010 bootable Tool and ran it. 7 Viruses found, Deleted or quarintined.

Symptoms did not change.

------------

Being adventuresome I brought up the Recovery Console and was able to just hit enter to get into it.

(so Recovery console thinks ADMINISTRATOR has a blank password???)

It's been awhile since I used Recovery Console so tried a couple minor displays, etc.

Prompt says C:/WINDOWS. I could swear that by using CHDIR C: oor CD .. I could get to Root Directory.

Never got me there. Don't know if it matters or not, just thought I'd mention it.

 

So My problem is that I'd like to fix this for these older folks but need a bit of direction from you folks.

Is it possible I have a Virus or is this just something that Windows has a habit of creating?

Any responses greatly appreciated!!!


Edited by MisterrFixIt, 18 November 2013 - 05:59 PM.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 18 November 2013 - 06:20 PM

Get to a command prompt and type

 

Net User Administrator *

 

It will prompt you for a password. Go into safe mode and see if you can log into Administrator with your password.



#3 MisterrFixIt

MisterrFixIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:09:43 PM

Posted 18 November 2013 - 09:20 PM

Things were simpler when we had FAT32. System is, of course, NTFS therefore no real command prompt.

I can get to the User Account Screen on Normal and SAFE Boot.

I also can get recovery console option on PC and on Install Disk, no chance for a Command prompt that I know of??



#4 JohnC_21

JohnC_21

  • Members
  • 24,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 18 November 2013 - 09:30 PM

When you press F8 during boot it doesn't give you the option of Safe Mode with Command Prompt?

#5 MisterrFixIt

MisterrFixIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:09:43 PM

Posted 18 November 2013 - 10:05 PM

Yes, of course, but it comes up to the same SAFEMODE slash screen with ICONS for GUYS DOLLS ADMINISTRATOR.

And of course I'm stopped dead in my tracks again.



#6 JohnC_21

JohnC_21

  • Members
  • 24,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 18 November 2013 - 10:34 PM

I cannot guarantee this will work but download PCRegedit which will let you edit the registry offline. Burn the iso file and boot. Find the following keys and set Dword to 0.
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa]
"LimitBlankPasswordUse"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LimitBlankPasswordUse"=dword:00000000
 
If the keys are not present, create them and set Dword to 0.
http://www.pcregedit.com/

Edited by JohnC_21, 19 November 2013 - 01:42 AM.


#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,290 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:43 PM

Posted 19 November 2013 - 09:49 AM

FWIW:  http://www.raymond.cc/blog/how-to-edit-windows-registry-key-values-without-booting-in-windows/

 

The tool mentioned...appears not to have modified since it was developed and only specifies applicability through XP SP2.  See http://www.pcregedit.com/ .

 

Before contemplating any registry edit at any time...you should always ensure that the registry is backed, in case things go awry. 

 

Louis



#8 MisterrFixIt

MisterrFixIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:09:43 PM

Posted 19 November 2013 - 09:43 PM

Used Reg Editor in KAV 2010 since the other one drove me nuts. XP-Home is at SP3 so It doesn't apply I guess.

Anyway Found [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa]

                        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa]

                        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Lsa]
Changed from "LimitBlankPasswordUse"=dword:00000001 to dword:00000000 in all cases
Could not find [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
What this did is allowed we to logon the GUYS account. ADMINISTRATOR and DOLLS and GUEST still same error

On GUYS (Administrator) 1. Won't display USER Accounts not even GUYS.

                                         2. If I target an object and say copy, am unable to paste it anywhere.

 

Right now am scanning for rootkits, etc using Avira (updated today) (at about 8% complete).

Malwarebytes gives me an error on launch so suspect I will have to install a new version.

 

Anyway, since I am unable to logon to Administrator in SAFEMODE or from Selection Splash Screen (C-A=D twice), I feel this PC is badly compromised somehow but still am not sure if this is really Virus related or not.

Since I cannot copy logs to anything (won't paste) am wondering if there is anything I can do manually to get some of the material you might need to help me?



#9 JohnC_21

JohnC_21

  • Members
  • 24,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 19 November 2013 - 10:07 PM

Sorry, I am out of ideas on this one. I do think you should go to the Malware removal section and see if they can help. I believe there are tools like FRST that can scan and collect logs. As far as copying what logs you do have, you might want to look at using a small linux distro like Puppy which I have used to retrieve data from an unbootable computer. You might also want to check out Paragon Rescue Kit 11 Free which will also let you retrieve your data.

 

http://www.paragon-software.com/home/rk-express/

 

One other thing you might want to check is to enable auto-logon for the administrator account and see if that works. See Method 1 under Let me fix it myself. Good Luck.

 

http://support.microsoft.com/kb/315231


Edited by JohnC_21, 19 November 2013 - 10:09 PM.


#10 MisterrFixIt

MisterrFixIt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago
  • Local time:09:43 PM

Posted 20 November 2013 - 09:19 PM

OK Avira completed and found ONE Virus (dialer.exe) which is quarentined.

Malwarebytes gives RUNTIME ERROR 379   Fail to load VBALGRID6.OCX.

Downloaded new Malwarebytes, same issue.

Web has some entries but most caused by McAfee which this PC doesn't have.

Will probably have to do MB Clean the try to reinstall, but not optemistic.

 

One other thing is that if you double-click a file or try to open, it never does (all files on GUYS).

 

Am willing to try to repair yet but as a precaution copied off all files useful just in case a Repair or Restore is warrented.

 

John, appreciate the help, will look into the autologon, but wait to see if anyone else has ideas also.



#11 JohnC_21

JohnC_21

  • Members
  • 24,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:43 PM

Posted 20 November 2013 - 10:54 PM

Because you have access to Guy (administrator) it is possible to create another administrator account by the command line and see if that gets you anywhere.

 

click start>run>cmd

 

type

net user useraccountname /add

 

I tried this command and it adds the account but it is not administrator so you have to type the following

 

net localgroup administrators useraccountname /add

 

Log out and see if you have access to the account.

I just did this on a XP pro computer but not sure if this works for home.



#12 hamluis

hamluis

    Moderator


  • Moderator
  • 56,290 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:43 PM

Posted 24 November 2013 - 09:38 AM

Topic moved from XP to Am I Infected forum.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users