Serious Computer Problems, all help wanted Options

[HaysoosKreesto]

Alright, this is going to take the likes of an expert. I have spent all my knowledge of this computer and it still remains unusable.

So this is the situation. Apparently one of the people who owned this computer had downloaded a virus while download porn or music. Limewire strikes again some would say.

I thought this would be a simple issue of just installing anti-virus/ anti-malware. Problem is, I am 90% certain this is a bot and not a virus or malware. So what happened is that something has created an new Administrator account called Administrators, using that account, had weakened the Admin account so I can't change the Administrators account.

The new admin account had made it so that I cannot install any new programs, nor could I use the internet. Not only that, but now I can't change any settings because I don't have permission in any account to do so.

I tried using Slackware to see if I could see the account and its password, but I couldn't. I tried using ERD 2005 and 2007 to see if I could change it through there however everytime I tried to use it, the computer would BSoD on me so I had no luck with that. I tried using CCleaner, no luck. I tried using Malwarebytes, couldn't install. I tried installing HiJack this, and it wouldn't install. I tried all of this in safe mode, no dice. I tried getting the i386 presets on the computer, but no dice as well.

What am I missing to complete this project? What haven't I tried?

[95CelicaST]

How is he to google search executables if he cannot launch IE? How is he to install antivirus if he no longer has appropriate permissions?


My professional opinion (lots of people talk - I do this for a living) is that your best bet is to buy a new hard drive and reload XP on it. Then use a SATA/IDE to USB adapter to mount your old drive and pull what you want back over, but I would highly recommend not bringing anything back over, unless you're running a live scan as things are being brought over. The reason is that the virus might have worked its way down into files with specific extensions. Jpeg, mpeg, doc, xls, etc. - stuff you want to keep. Stuff that actually has personal value. So when you transfer it over you will end up bringing the virus, which will append itself to the startup and prefetch folders, so once you reboot you get to deal with it all over again. You no longer have admin rights over your own system. There really isn't any way to get that back. The virus has locked you out of any way for you to change permissions back, short of blowing out the registry, but this virus is most likely within personal folders as well. You need to start clean. You need to reload on a new drive.