DV Info Net

DV Info Net (https://www.dvinfo.net/forum/)
-   The TOTEM Poll: Totally Off Topic, Everything Media (https://www.dvinfo.net/forum/totem-poll-totally-off-topic-everything-media/)
-   -   Nothing to do with media - just a lost win7 admin pw (https://www.dvinfo.net/forum/totem-poll-totally-off-topic-everything-media/500060-nothing-do-media-just-lost-win7-admin-pw.html)

Ozzie Alfonso August 27th, 2011 01:02 PM
Nothing to do with media - just a lost win7 admin pw
 
I'm posting this cry for help here since DV Info has been a trusted friend through the years. The post is long, but I hope clear. It has nothing to do with DV or media, except that because I've "lost" my Administrator status in Windows7, I can't even install Adobe CS5.5. Here we go:

Here is my nightmare.

The whole problem started when I found unknown user IDs on my home network. It was in trying to reconfigure the network when the “stuff” hit the fan. After fiddling for nearly a day I created a new admin profile. I don't recall giving it a password, but now I can't run most utilities, Firefox, or even do a system restore!

Let me take you on a visual tour of my headache.

Let’s say I try to run the utility 7Smoker.exe. Since it’s a utility that needs admin privileges, I get this message:
[ATT #1--> OZ66.JPG]
That “OZ66” is an account I created in an attempt to get my admin profile back, but I never gave it a password since I’m the only one using this system. Anything I enter, even leaving it blank, will yield the wrong ID or PW error ---and this happens even when running in safe mode.

Okay, let’s backup a little and go to the credentials manager, and here is what I get:


The “Generic Credential” at the bottom is a total mystery to me.

Let’s move to advanced security settings:

I don’t know who the “Authenticated Users” are, but I do see “Administrators”. It was on this screen that I originally found users with long alphanumeric names. I deleted them.

Finally we move to User Groups – a real doozey since I haven’t a clue who or why most of these “users” are here. I know I most have created them in the past, but why, when?

You can see one of those alphanumeric users at the top. Most of these “users” are a total mystery to me.

By the way, I did create a “password retrieval disk” when I created “OZ66”, and the file is where I placed it – in one of my external drives: userkey.psw and it’s 1.5KB. The problem is that I have no idea how it’s supposed to run. I’ve tried restoring, but no luck.

That is all I can supply you with at the moment. When I boot in safe mode the default user is “OZ Standard User”.

Please help!!!

P.S. Apologies for the size of the graphics. Next time I'll reduce them ahead of time.

Ozzie Alfonso
NYC

Andrew Smith August 31st, 2011 05:37 AM
Re: Nothing to do with media - just a lost win7 admin pw
 
Given the unknown user IDs that you have found, it would be a fair assumption that your computer has been compromised. You could try fixing it yourself but would be up against people who have a greater knowledge than you do.

My advice:

1. Backup all your data to external drives.

2. Wipe the hard drive and re-install Windows and all service packs.

3. Re-install software and copy your data files back over. Only now do you finally connect the computer to the internet again.

4. Don't install 7Smoker.exe ever again. By the results of a Google search it looks like a dodgy app, and some sites regard it as malware. (Needless to say: don't install "free" smiley face toolbars or similar crapware.)

5. Neither should anyone reading this post ever use pirated software. If an evil hacker is clever enough to crack and defeat the licensing systems in modern software then they are also clever enough to insert their own payload in to the finished package. The end-user installing the illegal copy of the software wouldn't be savvy enough to even think that there could be a problem. Or that the software really doesn't come for "free" when all things are considered.

6. Properly document your usernames and passwords.

This will give you a good start in terms of recovery. Let's see how you go.

Andrew

Andrew Smith August 31st, 2011 05:45 AM
Re: Nothing to do with media - just a lost win7 admin pw
 
Just did a bit more searching on Google and 7Smoker.exe is supposed to be an app that speeds up Windows. And people fall for it.

It may well be the mechanism by which the computer was compromised. In fact, out of anything it would be the one that I would be putting my money on as to how the computer got owned.

Andrew

Dave Blackhurst September 1st, 2011 09:55 AM
Re: Nothing to do with media - just a lost win7 admin pw
 
If you've got a virus/malware issue, you might consider pulling the drive, connecting it to another machine, run a couple good virus scanners on the drive while it's not the "system" drive, and seeing if they can clean the infections - one of the few ways I've found to clean some of the very nasty viruses that seem to be floating around, many under the guise of some software that's supposed to improve your machine, or protect it or whatever....

The newer viral infections seem to be really good at locking you out of your own system, so trying to eradicate the infection on a "live" system/drive is like putting out a burning building while standing on the roof... not likely to turn out well... and potentially hazardous.

Howard Harrelson September 1st, 2011 03:08 PM
Re: Nothing to do with media - just a lost win7 admin pw
 
Why not look into whether you can reset the admin p/w by using a jumper to short two pins on the motherboard?

Bill Koehler September 1st, 2011 03:23 PM
Re: Nothing to do with media - just a lost win7 admin pw
 
Quote:
Originally Posted by Howard Harrelson (Post 1679190)
Why not look into whether you can reset the admin p/w by using a jumper to short two pins on the motherboard?
What you are suggesting applies to the BIOS Admin & User passwords, not the OS passwords.


All times are GMT -6. The time now is 10:05 PM.

DV Info Net -- Real Names, Real People, Real Info!
1998-2024 The Digital Video Information Network