[Razer]

I always used to use my desktop for everything, emails, games, IM, the whole lot. one day along came a virus which McAffee didnt pick up and my pc ran slower than a bears backside in winter. Every time i went to an internet page i was hijacked to the "WinAntiVirus Pro 2007" site where i had 2 "ok or cancel" boxes which i closed using alt+f4. I ran scan after scan with mcaffee, avast, spybot, avg and even windows defender. They all came up clean so i thought right ill do it in safe mode. ever since then every account has been restricted, the passwords made blank and there is no way i can log into that system. any advice? or is format the only way forward?

[Jonathon28]

I would be inclined to format it and reinstall. However, I would back up any files that I wanted off it first, if you can't access it by logging on I would either connect the hdd to another pc as a secondary and copying files over to the primary hdd or by using Knoppix (Live CD) and copying onto an external hdd or memory stick.

At least with a format, your mind is at rest and you are certain there isn't a virus on it! Always do a full format.

Hope this helps! If you want any further help, please ask.

[evilfantasy]

Originally Posted by Jonathon28 I would be inclined to format it and reinstall.

I wouldn't

WinAntiVirus Pro is a sticky one but can be handled easily enough.

• Download HijackThis to your desktop.
• Double-click on the file you just downloaded.
• Click on the "Install" button to install.
• It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
• Please do not change the default install location.
• Upon install, HijackThis should open for you.
• Next click on the "Do a system scan and save a log file" button.
• HijackThis will scan and then a log will open in notepad.
• In the top left of the notepad window click "File" > "Save As" name it hijackthis and then save it to the Desktop.
• Please save the log as a text (.txt) file or .log
• Please do not attach MS-Word .DOC files.
• Copy and then paste the log in your post.

* Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

[Razer]

errrrrr, i cant log on. every account is restricted. admin, limited and the administrator account. both in and out of safe mode. when i go to log in i get "cannot log in due to account restriction"

[Jonathon28]

There's a seperate built in Administrator account in Windows XP Home and Pro. It's hidden. Are you running Home or Professional Edition?

[Jonathon28]

The built-in Administrator account is hidden from Welcome Screen when a user account with Administrator privileges exists and enabled. In Windows XP Home Edition, you can login as built-in Administrator in Safe Mode only. For XP Professional, press CTRL + ALT + DEL twice at the Welcome Screen and input your Administrator password in the classic logon window that appears.

Try This ^ Except theirs usually no Admin password on this account unless you've made one

[Razer]

tried, again its restricted. the built in one, my own admin account and a limited account are all restricted. whether safe mode or not.

[Jonathon28]

EvilFantasy? If he used bootable Knoppix (on a CD) (free+downloadable) he could delete the virus as he would be able to access the hard drive. That's only if EvilFantasy or anyone else knows what files are included in the virus. You could google it to see what files are infected.

Otherwise format if there's nothing valuable on it. or back up the files onto another pc as suggested earlier and reinstall.

[evilfantasy]

I can give all of the C:\ locations and registry keys associated with it.

That will likely not change the restrictions that have been set in place though.

You will have to edit that in the registry as well. I will dig out the information for that also.

[Razer]

all this boot cd stuff sounds confusing. theres nothin on the pc that cant be redone. its a shame thats the only copy of my avatar left but life goes on and this stuff happens. ill go dog out ye olde xp cd.

[Jonathon28]

Ok. Quickest and easiest method is reinstalling I suppose.

[evilfantasy]

When you did the CTRL + ALT + DEL twice at the Welcome Screen method did you try to use "Administrator" as the user name with no password?

[evilfantasy]

http://home.eunet.no/~pnordahl/ntpasswd/

-----

Or....

If you want to try your luck with something else, you may want to check Austrumi out. Austrumi is a live Linux distribution CD that allows you, amongst other things, to reset your password the same way the Offline NT password & Registry editor does. Just create a bootable CD with the provided ISO, and boot on it. When you get at the prompt, type boot: nt_pass. This will start the utility and display a menu that let you modify any user's password on the current system. NT_pass is only included in version 0.9.2, so be sure to get this distribution if you want to use this feature.

[Razer]

Tried the account many times with no joy. Decided to format and reinstall. Problem is due to where my pc is stored i have to move 93 million things to move out my pc the write down my xp home key in tiny little letters at the back. thats a saturday afternoon of fun i suppose :P