| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91371 | 2008-07-04 16:00:00 | User profiled turned into a guest account then deleted itself.... Virus? | Agent_24 (57) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 685324 | 2008-07-04 16:00:00 | OK I think my computer is seriously screwed up this time.... I was doing nothing in particular when suddenly Comodo Memory Firewall told me that explorer.exe was trying to execute memory, and have a buffer overflow attack etc... I thought it was a false warning because explorer.exe is a legitimate program - obviously clicking always allow was a bad idea... because then my computer froze up really bad and so I restarted it. Then when it booted it explorer would just freeze up, I opened task manager, CPU usage was normal, memory usage normal etc.. nothing seemed odd except explorer was screwed up.. so I took it off the list in CMF, still did the same thing Loaded safe mode, seemed OK, disabled CMF from running, rebooted - same thing. Then I opened msconfig, disabled everything (diagnostic startup) which allowed the PC to boot properly - but when I went to open msconfig to enable stuff it said I couldn't because I didn't have admin rights (which I am supposed to) Read that system restore might fix it, but couldn't load that either because of admin rights not existing anymore - then I logged off to log back on as administrator account and the welcome screen had no accounts on it - my account completely disappeared from everything - not in control panel in user accounts or anything. Couldn't access my account files either. Couldn't even take ownership of them using cacls command. Created a new account with admin rights but couldn't do anything with that either. So I got a spare hard drive, did a fresh install of windows and then connected the old drive - and was then finally able to access the files after taking ownership of them. Now I'm backing up my entire userdata folder. Who thinks this is a virus? or something got corrupted because I hit the reset button a couple of times when explorer was frozen up? Anyone got any lovely ideas for fixing this? it's really, really screwed up... :crying |
Agent_24 (57) | ||
| 685325 | 2008-07-04 18:30:00 | Get Hijack this put it in its own folder ,run it and save the log and post it here. Someone will analise it and give you help to clean out yr system. |
kjaada (253) | ||
| 685326 | 2008-07-05 10:33:00 | I can't see how I'm going to run hijackthis when my account apparently doesn't exist anymore. I scanned with NoD32 (v3 trial) and Kaspersky (online scan) did windows folder with bitdefender found nothing. I think it may be corruption of some sort - but how to fix this when I can't run system restore or any other thing because none of my accounts have admin rights? Also, is it possible to restore the account that was 'deleted' without having to create a new account and then copy everything over? |
Agent_24 (57) | ||
| 685327 | 2008-07-05 10:55:00 | See if you can run restore from command prompt - 1. Boot into Safe mode with Command Prompt – Keep Pressing F8 at start-up then with the arrow keys select Safe mode with Command prompt. 2. At the command prompt, type C:\windows\system32\restore\rstrui.exe Press Enter. Follow the instructions given to perform the System Restore process. |
wainuitech (129) | ||
| 685328 | 2008-07-05 11:27:00 | If the baove doesn't work, you can downlaod run restore from Ultimate Boot CD 4 Windows (www.ubcd4win.com) It uses a graphical display close to windows, see screen shots. Run system restore from the CD, Boot from the CD ( takes a few minutes), when the Start Shell log in appears either click Start Shell, or leave it alone and it will auto boot. When network Support appears click No Once loaded, click Start/Programs/Registry Tools/Registry Restore Wizard ( Press Enter) Make sure your OS is selected - it should be C:\windows (Enter) Make Sure “Fix the System To that of a Previous State” is dotted, (press enter) select a restore point from the list / dates - follow the on screen instructions. |
wainuitech (129) | ||
| 685329 | 2008-07-05 11:43:00 | I can't run system restore in safe mode either. same error (on the brand new account I just made which was an administrator account) It did work on the actual admin account but when I rebooted the only account which logged on was the new one, which just gave me another permissions error about how the system restore couldn't be run. I ran this: C:\Documents and Settings\Testing>net user "<accountname>" User name <accountname> Full Name Comment User's comment Country code 000 (System Default) Account active Yes Account expires Never Password last set 3/5/2007 5:43 PM Password expires Never Password changeable 3/5/2007 5:43 PM Password required No User may change password Yes Workstations allowed All Logon script User profile Home directory Last logon 7/4/2008 9:06 PM Logon hours allowed All Local Group Memberships (Should say administrator here, right?) Global Group memberships *None The command completed successfully. |
Agent_24 (57) | ||
| 685330 | 2008-07-05 12:22:00 | Did you try it in safe mode only, or safe mode with command prompt - two totally different actions. In the command prompt you dont have the GUI that you would in "normal" safe mode. - you need to type in C:\windows\system32\restore\rstrui.exe Try that Boot CD I posted,you need to install it on a working XP Computer, and may need your XP CD to copy files if required, then make a bootable CD run restore from the CD, take it back 2-3 days, see if that's of any use. |
wainuitech (129) | ||
| 685331 | 2008-07-05 12:24:00 | yeah I'll try that CD, it's currently installing.... | Agent_24 (57) | ||
| 685332 | 2008-07-05 13:04:00 | Did you try it in safe mode only, or safe mode with command prompt - two totally different actions. In the command prompt you dont have the GUI that you would in "normal" safe mode. - you need to type in C:\windows\system32\restore\rstrui.exe In both cases system restore runs but when I reboot in normal mode it fails to run (no admin rights) |
Agent_24 (57) | ||
| 685333 | 2008-07-05 14:10:00 | Tried the CD, but it only had 1 registry backup available - the original windows installation backup from 2 years ago | Agent_24 (57) | ||
| 1 2 3 | |||||