Announcement

Collapse
No announcement yet.

Password set by virus, can not get into Windows now

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password set by virus, can not get into Windows now

    Hi There!
    I am new here and came across your site thru several searches on google. I am having a problem with a system running Win XP Media Center, that never had a password set on it, and then it had a virus, which I am not sure if that is even completely taken care of, but,.... now the system won't even let me boot to windows, because it is asking for a password. It won't let me go into safe mode either, without wanting a password. I have no idea how to either bypass this, or reset the password that I am assuming the virus has not set up in there. Any help here would be deeply appreciated! There are several files of mine that I need to save, before I even want to think about formatting.
    PLEASE HELP!!!

  • #2
    Re: Password set by virus, can not get into Windows now

    Have you tried to options listed at this link? http://forums.petri.com/showthread.php?t=2438
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Re: Password set by virus, can not get into Windows now

      I did look at all those options, but did not know which one would apply to what it is I need to do? Like I said before, we can only assume that it was the virus that set up this password, because I never put a password on this system, prior to having this problem. Also I can not get into the command prompt, to try and reset it that way either, nor can I do a system restore.

      ok, I want to add to my post to give you the full spectrum of what is going on. I am going to copy and paste some stuff here.

      Let me tell you what I did.

      I told you in a previous email about my daughters computer getting a virus and I said how I used Vundofix to try and repair it.

      Well that took care of most of the problems. What would happen when I would reboot back to windows a message would come up and say "Windows cannot load the program C:\Windows\System32\gebcy.exe" then when I would click ok another prompt came up and said that it could not find the program and if it didn't exist go to the registry and delete the references to it.

      Well all day long I thought about doing that but was reluctant to remove the items from the registry. The system would reboot fine but I would get this message that it cannot load that program and then I click ok and got the second one that says to remove it from the registry. When I clicked ok for the second time everything seemed normal. Everything seemed to work.

      So after pondering on it all day I decided to see if I could remove the references in the registry and get rid of these 2 prompts.

      I figured it I messed it up I would still be able to go into safe mode and do a system restore and recover from the deleted registry entries. WRONG!!!!!!

      I made a new restore point before I delete the items in the registry and then went to regedit deleted the items, which it was in there 6 times or places, and then did a reboot.

      That's when things went BAD!!!!

      What happens now is it reboots and ask for a PASSWORD to logon to windows. Well there NEVER was a password ever set to logon to windows. I guess this VIRUS must have set something up so that when I deleted the entries from the registry it now as me to have a password to logon to windows.

      HOW DO I BYPASS THIS LOGON TO GET BACK TO THE DESKTOP SO THAT I CAN DO A SYSTEM RESTORE AND FIX THIS????

      She is running Windows Media Edition on her system. Any other info that you need please let me know.

      I've been doing a lot of research on the internet to find a solution but have not tried anything yet.

      Also,....

      when I go to Safe Mode there is no option to do a system restore there.

      I don't know if that is normal for Windows Media Edition or the virus caused that to happen.

      Also I CANNOT even go to a command prompt in safe mode either.

      What it does is attempts to start window and then ask for a password to logon.

      Back to square 1. It needs a password to logon.

      So in effect I can't really get to safe mode to do anything.

      OK,... so what do you think????? oh and this system does not have a floppy drive in it.
      Last edited by Nugrl; 16th January 2008, 20:20.

      Comment


      • #4
        Re: Password set by virus, can not get into Windows now

        Try this one first and see how you go. http://www.petri.com/forgot_administrator_password.htm

        When trying to remove a virus or spyware the recommended proceedure is to turn off System Restore (because the stuff you are trying to get rid of is also stored in there), boot to Safe Mode and do the cleaning. Then you boot back into Normal Mode and turn System Restore on.

        It is unlikely that a virus would change your password and more likely an incorrect registry edit caused it. That is why it is a good idea to back up the Registry, System State and all your data before trying to remove any unwanted guests (virus, spyware & malware).

        If you follow the instructions from the above link (and you have a CD or DVD drive that is set as the boot device) then you should be able to reset the Administrator password.

        Since the PC seems to be in such a mess, an alternative (possibly a last option) would be to save all your data and settings and reinstall the operating system from scratch. This would certainly remove any unwanted guests and also remnants of other programs that had been previously installed and then removed. However I would be giving the "forgot_administrator_password" option a go first.
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: Password set by virus, can not get into Windows now

          well..... the "last option" you mention, is not even an option as of yet. because we can not boot to windows to save the data that needs to be saved. And the hard drive that is in that system is a SATA and we have no way to connect it to another system as of yet, to copy the files over that need to be saved. so......... thats why I am here. since I was having no luck coming up with a solution on my own. I was hoping someone here could shed some light on the subject.

          Comment


          • #6
            Re: Password set by virus, can not get into Windows now

            That is not a problem. There are SATA to IDE/USB adapters that allow the HDD to be removed and attached to another PC or laptop for the data to be removed.

            (This is also a good lesson that frequently backed up data reduces stress levels quite considerably and makes a clean install decision very easy ).

            Try the link I left for you and see if you can get that to work. Many have had success with it in the past.
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Re: Password set by virus, can not get into Windows now

              Well I just wanted to let you all know, that we got it fixed. The hard drive was taken to a local computer shop and had them save the data, and then it was brought home fdisked and formatted, windows reinstalled, and seems to be working fine. so far so good. Thank you for your help in this matter.
              Nugrl

              Comment


              • #8
                Re: Password set by virus, can not get into Windows now

                Thanks for the update, glad you got it all working. Sometimes it's much easier to pay that few $$$ for a local shop to get your data out, especially in cases where the data has special value to the owner of the computer.
                Cheers,

                Daniel Petri
                Microsoft Most Valuable Professional - Active Directory Directory Services
                MCSA/E, MCTS, MCITP, MCT

                Comment

                Working...
                X