User accounts have gone missing!
in [Storage]
|
From: Frank on 28 Jul 2010 15:18 On 7/28/2010 11:18 AM, Yousuf Khan wrote: > On 26/07/2010 12:12 AM, Frank wrote: >> Boot from your Win 7 DVD, if you have one, and do a system restore. > > I looked into that possibility, but my last full backup was from April > 2010, so it would've set the system back too far. Using the password > cracker option, I was able to get it back to the level where I last left > it. > > Yousuf Khan Glad you go it fixed although you don't seem to fully understand system restore.
From: Arno on 28 Jul 2010 18:31 In comp.sys.ibm.pc.hardware.storage Yousuf Khan <bbbl67(a)spammenot.yahoo.com> wrote: > On 26/07/2010 5:35 AM, Arno wrote: >> In comp.sys.ibm.pc.hardware.storage Yousuf Khan<bbbl67(a)yahoo.com> wrote: >>> I have a perplexing problem here. I went on vacation outside of the >>> country, and when I got back my Windows 7 desktop lost almost all of its >>> user login accounts (5 altogether), except for one. The one that isn't >>> lost, cannot be logged into, as the password doesn't get accepted. >> >> I suppose the machine was running with INternet connectivity? >> If so: Congratulations, you have aquired a SPAM-relay/bot-net node. > I don't think it got to that level. I did a complete virus scan of the > disk, while booted into another operating system, and it checked out as > clean. I think virus scanners can usually pick up root kits too. At least they should. With current signatures I would say your assumption is reasonable. > Also I told my brother to shut this machine done completely when I heard > what was happening to it. So it's been shut off for over a month now, so > I don't think if somebody was trying to seize this machine, it went > offline fairly quickly and they didn't have time to use it. Agreed. > However, the fact that all of the administrator accounts were disabled, > while the non-admin accounts were fine does lead me to believe perhaps > someone was trying to seize the machine. However, the machine was behind > a NAT router, so it's hard to understand how they planned to take over > this machine. Hmm. Maybe they hacked the NAT first? Would not be the first time. Anyways, good success with the cleanup. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno(a)wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
From: GlowingBlueMist on 29 Jul 2010 12:00 On 7/28/2010 1:18 PM, Yousuf Khan wrote: > On 26/07/2010 12:12 AM, Frank wrote: >> Boot from your Win 7 DVD, if you have one, and do a system restore. > > I looked into that possibility, but my last full backup was from April > 2010, so it would've set the system back too far. Using the password > cracker option, I was able to get it back to the level where I last left > it. > > Yousuf Khan Glad you got it working too. I wonder, did you try booting into the safe mode and using the built in Administrator account or was that disabled as well?
From: Gordon on 29 Jul 2010 12:06 On 29/07/10 17:00, GlowingBlueMist wrote: > On 7/28/2010 1:18 PM, Yousuf Khan wrote: >> On 26/07/2010 12:12 AM, Frank wrote: >>> Boot from your Win 7 DVD, if you have one, and do a system restore. >> >> I looked into that possibility, but my last full backup was from April >> 2010, so it would've set the system back too far. Using the password >> cracker option, I was able to get it back to the level where I last left >> it. >> >> Yousuf Khan > Glad you got it working too. > > I wonder, did you try booting into the safe mode and using the built in > Administrator account or was that disabled as well? The built-in Administrator Account is disabled by default in Windows 7. That's why its very good practice to have an administrator account for elevation and emergency purposes and a Standard User account for day to day running...
From: Yousuf Khan on 29 Jul 2010 18:11
On 29/07/2010 12:00 PM, GlowingBlueMist wrote: > On 7/28/2010 1:18 PM, Yousuf Khan wrote: >> On 26/07/2010 12:12 AM, Frank wrote: >>> Boot from your Win 7 DVD, if you have one, and do a system restore. >> >> I looked into that possibility, but my last full backup was from April >> 2010, so it would've set the system back too far. Using the password >> cracker option, I was able to get it back to the level where I last left >> it. >> >> Yousuf Khan > Glad you got it working too. > > I wonder, did you try booting into the safe mode and using the built in > Administrator account or was that disabled as well? That was disabled as well. Yousuf Khan |