From: Yousuf Khan on
On 25/07/2010 10:09 PM, Parko wrote:
> I've used this quite successfully in the past. Fairly straightforward to
> use.
> http://pogostick.net/~pnh/ntpasswd/
>

Hey, thanks, this seems to have done the trick. After I ran this, it
showed that all of my missing user accounts were actually still there,
but they were somehow disabled. At least all of the administrator-level
accounts were disabled, but the standard user level accounts were unchanged.

I re-enabled all of those administrator accounts, and changed their
passwords.

If I had gone with the restore from CD or restore from backups route,
then my machine would've been set back to a level from April 2010, and
that would've been too far back.

Yousuf Khan
From: Yousuf Khan on
On 26/07/2010 12:12 AM, Frank wrote:
> Boot from your Win 7 DVD, if you have one, and do a system restore.

I looked into that possibility, but my last full backup was from April
2010, so it would've set the system back too far. Using the password
cracker option, I was able to get it back to the level where I last left
it.

Yousuf Khan
From: Yousuf Khan on
On 26/07/2010 5:35 AM, Arno wrote:
> In comp.sys.ibm.pc.hardware.storage Yousuf Khan<bbbl67(a)yahoo.com> wrote:
>> I have a perplexing problem here. I went on vacation outside of the
>> country, and when I got back my Windows 7 desktop lost almost all of its
>> user login accounts (5 altogether), except for one. The one that isn't
>> lost, cannot be logged into, as the password doesn't get accepted.
>
> I suppose the machine was running with INternet connectivity?
> If so: Congratulations, you have aquired a SPAM-relay/bot-net node.

I don't think it got to that level. I did a complete virus scan of the
disk, while booted into another operating system, and it checked out as
clean. I think virus scanners can usually pick up root kits too.

Also I told my brother to shut this machine done completely when I heard
what was happening to it. So it's been shut off for over a month now, so
I don't think if somebody was trying to seize this machine, it went
offline fairly quickly and they didn't have time to use it.

However, the fact that all of the administrator accounts were disabled,
while the non-admin accounts were fine does lead me to believe perhaps
someone was trying to seize the machine. However, the machine was behind
a NAT router, so it's hard to understand how they planned to take over
this machine.

Yousuf Khan
From: Yousuf Khan on
On 25/07/2010 9:51 PM, Grant wrote:
> Leave the machine turned off next time?

It's a home-based server.

Yousuf Khan
From: Gene E. Bloch on
On Wed, 28 Jul 2010 14:17:27 -0400, Yousuf Khan wrote:

> On 25/07/2010 10:09 PM, Parko wrote:
>> I've used this quite successfully in the past. Fairly straightforward to
>> use.
>> http://pogostick.net/~pnh/ntpasswd/
>>
>
> Hey, thanks, this seems to have done the trick. After I ran this, it
> showed that all of my missing user accounts were actually still there,
> but they were somehow disabled. At least all of the administrator-level
> accounts were disabled, but the standard user level accounts were unchanged.
>
> I re-enabled all of those administrator accounts, and changed their
> passwords.
>
> If I had gone with the restore from CD or restore from backups route,
> then my machine would've been set back to a level from April 2010, and
> that would've been too far back.
>
> Yousuf Khan

In this thread you have twice equated System Restore with restoring your
drive from a backup. That's not what it is.

System Restore basically just fixes a few (mostly Windows) problems from a
backup-like stash of a few (mostly Windows) items, supposedly without
affecting user data. These backups are made frequently and automatically.

Google for it so you can see what I'm talking about.

--
Gene E. Bloch (Stumbling Bloch)