Serious Computer Problems, all help wanted Options

[HaysoosKreesto]

Alright, this is going to take the likes of an expert. I have spent all my knowledge of this computer and it still remains unusable.

So this is the situation. Apparently one of the people who owned this computer had downloaded a virus while download porn or music. Limewire strikes again some would say.

I thought this would be a simple issue of just installing anti-virus/ anti-malware. Problem is, I am 90% certain this is a bot and not a virus or malware. So what happened is that something has created an new Administrator account called Administrators, using that account, had weakened the Admin account so I can't change the Administrators account.

The new admin account had made it so that I cannot install any new programs, nor could I use the internet. Not only that, but now I can't change any settings because I don't have permission in any account to do so.

I tried using Slackware to see if I could see the account and its password, but I couldn't. I tried using ERD 2005 and 2007 to see if I could change it through there however everytime I tried to use it, the computer would BSoD on me so I had no luck with that. I tried using CCleaner, no luck. I tried using Malwarebytes, couldn't install. I tried installing HiJack this, and it wouldn't install. I tried all of this in safe mode, no dice. I tried getting the i386 presets on the computer, but no dice as well.

What am I missing to complete this project? What haven't I tried?

[SlvrCelica09]

What OS are you running? Im assuming windows If I were you Id reinstall windows, and keep your hard drive partition in tact, then once windows is reinstalled.. go under documents and settings.. find the "Adminstrators" folder and delete that completely. Your OS has been compromised too much in my opinion to try anything else. This way you can keep your old files and delete that "Adminstrators" account.

[HaysoosKreesto]

What OS are you running? Im assuming windows If I were you Id reinstall windows, and keep your hard drive partition in tact, then once windows is reinstalled.. go under documents and settings.. find the "Adminstrators" folder and delete that completely. Your OS has been compromised too much in my opinion to try anything else. This way you can keep your old files and delete that "Adminstrators" account.

Well I have Drivewash which can completely eliminate any threat, but they really wanted to keep their computer the way it was. I know, I know I told them many times it would be much easier to just start fresh, but they wanted me to try all possible things before I do that.

Just to answer your question yes it is windows, XP Home Edition.

[95CelicaST]

Fresh install would be the ideal. If there are files they want to keep, put them on a thumb drive (if you're even allowed to mount a volume), but that might bring some corruption over.


Basically, they assumed the risk by illegally downloading crap on the computer. When I do home repairs and find a virus typically caused by shareware I don't have any sympathy when I need to reinstall.

[SlvrCelica09]

Fresh install would be the ideal. If there are files they want to keep, put them on a thumb drive (if you're even allowed to mount a volume), but that might bring some corruption over.


Basically, they assumed the risk by illegally downloading crap on the computer. When I do home repairs and find a virus typically caused by shareware I don't have any sympathy when I need to reinstall.

Theres that myth on windows XP where when you do a fresh install, all your personal files are deleted. It really isnt true, if you elect to keep the partition intact, your files will still be the same and you can access them once the windows install is complete. The files that get deleted are the files from the "windows" folder. Ive reinstalled windows XP soo many times and user accounts from the "Documents and Settings" folder are never removed. Just make sure you elect not to format the drive or to delete the partition during setup.

Hope you get your CPU back on its feet =)

[benzo]

if its what my lil sisters got a while back you might have to wipe it allll and start from fresh. viruses, or what ever it is that you got, tend to change the registry and once thats happens your kinda screwed.


anyways try AVG and search and destroy. both are free.

& do you know how to look up the current processes? on xp i believe its just ctrl alt delete, click processes and organize them in order from most memory to least. then google each process name, if you have a lot, google the ones with wierd names. i bet you will find something that doesnt belong.


second. go to run. type MSCONFIG, then start up. you should have a lot of things starting up. ya probably got itunes, quicktime, media player, and other programs you use daily loading up as soon as the computer gets to the desktop. I would suggest turning off anything LIMEWIRE related, then google each start up name if its not familiar and turn then OFF! do not turn off anything windows related....

EDIT i didnt want to start rambling or anything..so if you got any questions let me know..

This post has been edited by benzo: Dec 1, 2009 - 1:43 PM

[95CelicaST]

How is he to google search executables if he cannot launch IE? How is he to install antivirus if he no longer has appropriate permissions?


My professional opinion (lots of people talk - I do this for a living) is that your best bet is to buy a new hard drive and reload XP on it. Then use a SATA/IDE to USB adapter to mount your old drive and pull what you want back over, but I would highly recommend not bringing anything back over, unless you're running a live scan as things are being brought over. The reason is that the virus might have worked its way down into files with specific extensions. Jpeg, mpeg, doc, xls, etc. - stuff you want to keep. Stuff that actually has personal value. So when you transfer it over you will end up bringing the virus, which will append itself to the startup and prefetch folders, so once you reboot you get to deal with it all over again. You no longer have admin rights over your own system. There really isn't any way to get that back. The virus has locked you out of any way for you to change permissions back, short of blowing out the registry, but this virus is most likely within personal folders as well. You need to start clean. You need to reload on a new drive.

[legalkid86]

dude idk why but for me as well my harddrive just crashed on me last night as well on my other laptop it lets me start on safe mode but none of the i.e systems work and when i try to boot it up normal it doesnt load any files it just says loading for like 3 hours already i think thier is something new out there lurking around cause **** its got me so mad!! i was thinkin i just may have to reboot my computer idk yet, sorry to add this to your link but im so looking for help right now on this, has anyone heard of something going on, is the y2k bug coming back? lol

[HaysoosKreesto]

dude idk why but for me as well my harddrive just crashed on me last night as well on my other laptop it lets me start on safe mode but none of the i.e systems work and when i try to boot it up normal it doesnt load any files it just says loading for like 3 hours already i think thier is something new out there lurking around cause **** its got me so mad!! i was thinkin i just may have to reboot my computer idk yet, sorry to add this to your link but im so looking for help right now on this, has anyone heard of something going on, is the y2k bug coming back? lol

What most likely happened is that your registry (or a windows critical file) went kaboom, and now its trying to look for a folder that just ain't there anymore. It is technically a savable problem IF you backed up the registry onto a floppy or such.



95CelicaST, since you and I do this for a living (I don't do this nearly as much as you do I'm sure) you are my best bet. I have access to Drive Wash which is a utility that can completely delete any and all traces according to federal specifications. Takes hours and hours to do, but it will get rid of everything. I have used this before, and the Hard drive has stayed intact enough to reload the partition and Windows XP. The problem is that they didn't give me the XP Install CD or the back up CD that usually comes with the computer so that I can reinstall.

XP licenses are virtually gone now. Should I convert them to linux? This computer cannot support Vista or 7, and I hate dealing with the licensing people from India. They can't use 98 se or 2k because they need modern access to the internet. I can download an illegal copy for them, would I be liable if they were to stupidly be caught?

[lagos]

XP licenses are virtually gone now. Should I convert them to linux? This computer cannot support Vista or 7, and I hate dealing with the licensing people from India. They can't use 98 se or 2k because they need modern access to the internet. I can download an illegal copy for them, would I be liable if they were to stupidly be caught?

I had to deal with a similar situation recently on my moms windows XP laptop that contracted a terrible virus.

I finally had enough, and decided to convert her to Linux by installing it on her laptop. She honestly could be happier with her computer now. With windows XP her machine would often slow down a lot, because it only had 512megs of ram, and with virus scanners, internet explorer running it would bog down quite a bit. Now with Ubuntu on there it runs so much faster and there is no risk of any virus or spyware stealing her personal info as she does quite a bit of online banking.

So download a linux iso and burn it to disk. You can boot into the OS right off the cd and see how well it runs on that computer before installing anything. You can even use it to inspect the windows xp drive and backup any important files or pictures that they might have had on it.

If you want a good distro, I highly recommend Linux Mint. Its based on Ubuntu (most popular Linux distro) but it looks more sleek and comes with all the codecs and plugins that they might need for the web.

http://www.linuxmint.com/

dude idk why but for me as well my harddrive just crashed on me last night as well on my other laptop it lets me start on safe mode but none of the i.e systems work and when i try to boot it up normal it doesnt load any files it just says loading for like 3 hours already i think thier is something new out there lurking around cause **** its got me so mad!! i was thinkin i just may have to reboot my computer idk yet, sorry to add this to your link but im so looking for help right now on this, has anyone heard of something going on, is the y2k bug coming back? lol

That sounds more like a physical problem with your hard drive. Try running scan disk on it to see if you have a damaged drive. Its also a good idea to clean out all the dust in your system with compressed air, as overheating can cause a lot of similar issues.

[Galcobar]

If you can figure out what program is causing the problem, sue Task Manager to end all the associated processes you can find. That should give you enough control back to install an anti-virus/malware program. Alternately, try running the program off a USB key, rather than installing it onto the computer.

Once the virus is disabled you do the manual deleting as necessary, and re-run the security program.

[HaysoosKreesto]

If you can figure out what program is causing the problem, sue Task Manager to end all the associated processes you can find. That should give you enough control back to install an anti-virus/malware program. Alternately, try running the program off a USB key, rather than installing it onto the computer.

Once the virus is disabled you do the manual deleting as necessary, and re-run the security program.

You don't understand. The bot now has gone beyond backround processes into creating its own profile as "AdministratorS" (not with a capitol s) and doesn't need to opporate under my profile, or any for that matter. I can't access it and it just basically a lost cause.





A live boot CD is what I gave them in order to use the damn computer momentarily lol. I was thinking about Ubuntu and I've never heard of Linux Mint. Sounds interesting and i'll have to dust off the old laptop to see what its all about.

[SlvrCelica09]

a clean install with the partition intact will solve this problem. Just delete the "Administrators" account when finished.

[soulshadow]

There is a CD you can download and burn. It pretty much cracks windows XP accounts at boot up so you can get access to admin again in case you need to do some dirty stuff. Forgot what it was called, you can find it on isohunt or piratebay. Then again the easiest way is to swipe the HDD clean and start over from scratch or better yet install pirated versions of black XP.

[95CelicaST]

Jack the Ripper utility will remove passwords, but there isn't much I would want to salvage from the system.


Art - I downloaded linux mint and I really like it over my Ubuntu 7.10, which is absolute garbage. I liked it so much that I blew away my dual boot drive and reloaded xp and mint 8. Thanks for showing that link!