Jump to content

locked out by unknown Administrator password

Cdog

By Cdog
in General Windows PC Help

 Share

Recommended Posts

Cdog

Cdog

Posted
Posted

Hello,

I'm new to Malwarebytes, and very pleased to be here!

The Admistrator password account is great for system security.... except when it isn't!

I 'm working on another older XP , SP3(pro) machine for a friend, as it refuses to boot past the splash screen. Safe mode starts off more promising as it loads a few pages of drivers, and whatever, but then it just freezes, along with my hope for a simple fix!

My next level attempt was to invoke the recovery console via a system disk, but this demands the Administrator password, which alas, I'm afraid, has faded into history. Like when you suddenly realize you're locked out (as you shut the car door); you know you forgot the key because the engine's still running....and the window's rolled up.... and you're already late... because it's getting dark... and it's starting to rain... and there's nothing around for miles...

So I piggybacked the ailing system as a secondary drive on my own humble XP (home) machine, and alternately as a removeable mass storage device with my nifty IDE to USB adapter gadget.

I could then see at least, that the hard drive and the data therein seemed intact, even if zealously occluded with a daunting convolution of "security" attributes: "Hidden", "Read Only" etc. and who knows how many deeper levels of "administered" policy and access restrictions.

At some point, I was able to change / remove the offending attributes, yielding recoverable user data, but the log of files that refused to yield to this procedure was considerable I saw enough to lead me to believe that the operating system was still there, intact, but locked in the car, windows rolled up tight.

My friend's other family machine was crippled with over 500 trojan malignancies I learned, when I was introduced to Malwarebytes. The files were all provocatively named. I had the free version and it did an impressive job restoring system fuctionality, but the infection would creep back in... one tiny file, then another, like a pesky mosquito buzzing around. I was glad for the opportunity to see such a train wreck of a system. It was a textbook case of everything wrong by design, but I had spent enough time on that unit, and they needed a working computer. It had the valid code sticker for the bundled XP

license, so I did the practical thing: Nuke the hard drive, clean install of the OS. Lost disk? Any one would be valid using Microsoft's. Product key changer/validation. I thank them for that. Service Pack updates, and good as new. I backed up the renewed machine. Very happy.

Very Sad to lose all those treasured photo archives, though. Their music libraries, and all the other neat stuff that we endure for. They did understand it was a necessary sacrifice for the expediency of getting back a functioning system. Besides, the other computer had copies of that stuff....

Which brings us back to the case at hand. I was determined to salvage as much as I could this time around. The problems on this one were different.

I ran some AV utilities, etc. then I mounted it onto my Linux / Ubuntu installation. No problem extracting the pictures and sounds. The little 40 Gb hard drive listed as 98% or more filled to capacity! Obviously, this doesn't help the situation. So I began by making a little elbow room on the disk. Saved the pictures.... but back to the password issue. The principal user on this installation has administrative rank, and there is no password, but it seems, only a system level process will be able to override the gridlock. I can't fix a file if I can't read or write to it, and who enabled the BIOS password? I fixed that, but the kids had no hand in that.

I was intrigued and fascinated by the Ophcrack live CD which I tested on my humble machine. The free version rooted out my simple test password in no time at all, but on the machine at issue, it listed a hash code, but the final result showed NOT FOUND! in red letters, though on the accounts with no password it properly indicated EMPTY. I know the paid version has more mojo, but that's a separate can of worms I am obliged to spare any enlightened soul who has suffered my ramblings thus far!Hello,

I'm new to Malwarebytes, and very pleased to be here!

The Admistrator password account is great for system security.... except when it isn't!

I 'm working on another older XP , SP3(pro) machine for a friend, as it refuses to boot past the splash screen. Safe mode starts off more promising as it loads a few pages of drivers, and whatever, but then it just freezes, along with my hope for a simple fix!

My next level attempt was to invoke the recovery console via a system disk, but this demands the Administrator password, which alas, I'm afraid, has faded into history. Like when you suddenly realize you're locked out (as you shut the car door); you know you forgot the key because the engine's still running....and the window's rolled up.... and you're already late... because it's getting dark... and it's starting to rain... and there's nothing around for miles...

So I piggybacked the ailing system as a secondary drive on my own humble XP (home) machine, and alternately as a removeable mass storage device with my nifty IDE to USB adapter gadget.

I could then see at least, that the hard drive and the data therein seemed intact, even if zealously occluded with a daunting convolution of "security" attributes: "Hidden", "Read Only" etc. and who knows how many deeper levels of "administered" policy and access restrictions.

At some point, I was able to change / remove the offending attributes, yielding recoverable user data, but the log of files that refused to yield to this procedure was considerable I saw enough to lead me to believe that the operating system was still there, intact, but locked in the car, windows rolled up tight.

My friend's other family machine was crippled with over 500 trojan malignancies I learned, when I was introduced to Malwarebytes. The files were all provocatively named. I had the free version and it did an impressive job restoring system fuctionality, but the infection would creep back in... one tiny file, then another, like a pesky mosquito buzzing around. I was glad for the opportunity to see such a train wreck of a system. It was a textbook case of everything wrong by design, but I had spent enough time on that unit, and they needed a working computer. It had the valid code sticker for the bundled XP

license, so I did the practical thing: Nuke the hard drive, clean install of the OS. Lost disk? Any one would be valid using Microsoft's. Product key changer/validation. I thank them for that. Service Pack updates, and good as new. I backed up the renewed machine. Very happy.

Very Sad to lose all those treasured photo archives, though. Their music libraries, and all the other neat stuff that we endure for. They did understand it was a necessary sacrifice for the expediency of getting back a functioning system. Besides, the other computer had copies of that stuff....

Which brings us back to the case at hand. I was determined to salvage as much as I could this time around. The problems on this one were different.

I ran some AV utilities, etc. then I mounted it onto my Linux / Ubuntu installation. No problem extracting the pictures and sounds. The little 40 Gb hard drive listed as 98% or more filled to capacity! Obviously, this doesn't help the situation. So I began by making a little elbow room on the disk. Saved the pictures.... but back to the password issue. The principal user on this installation has administrative rank, and there is no password, but it seems, only a system level process will be able to override the gridlock. I can't fix a file if I can't read or write to it, and who enabled the BIOS password? I fixed that, but the kids had no hand in that.

I was intrigued and fascinated by the Ophcrack live CD which I tested on my humble machine. The free version rooted out my simple test password in no time at all, but on the machine at issue, it listed a hash code, but the final result showed NOT FOUND! in red letters, though on the accounts with no password it properly indicated EMPTY. I know the paid version has more mojo, but that's a separate can of worms I am obliged to spare any enlightened soul who has suffered my ramblings thus far!

The final challenge with this project, which precludes me from confidently doing a clean install as before on their other , is because THIS Dell's Product Key Sticker only refers to the original Windows 98 system, and not the crippled XP installation. I need to reference the product key and authenticate / replicate if needed for a clean install...

I'm going to subject it to Malwarebytes suite of tools next, freshly downloaded today and see what happens. I still need to find room to move several Gb's of accessible users' stuff, and I look forward to any progress that develops.

The final challenge with this project, which precludes me from confidently doing a clean install as before on their other , is because THIS Dell's Product Key Sticker only refers to the original Windows 98 system, and not the crippled XP installation. I need to reference the product key and authenticate / replicate if needed for a clean install...

I'm going to subject it to Malwarebytes suite of tools next, freshly downloaded today and see what happens. I still need to find room to move several Gb's of accessible users' stuff, and I look forward to any progress that develops.

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

@ Cdog, that sure is a lot of info....

Not sure what you are asking for though. If you are infected your best solution is to seek help from the experts.

Please read the following so that you can begin the cleaning process:

We don't work on Malware removal in the general forums.

Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

If you are a corporate customer please send an email to corporate-support@malwarebytes.org. (NOTE: An order number is required for corporate support.)

Also, when replying, please use the "ADD REPLY" button or erase what the person you are replying to said, as this makes the forum easier to read.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Thank you :D

Link to post
Share on other sites
PedroHin

PedroHin

Posted
Posted

I didn't know which of your 3 posts to reply to, they looked identical.

For Windows XP Administrator password problems, I have had a good deal of luck with the TRK (Trinity Rescue Kit) CD. It doesn't bother finding the password, it allows you to remove/change the password using it's built-in 'winpass' utility.

The ISO for TRK is linux based, and has a few other cool utilities -- like the ability to share all the files of an unbootable windows system over the network.

http://trinityhome.org

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept