Nothing to do with media - just a lost win7 admin pw

[Ozzie Alfonso]

I'm posting this cry for help here since DV Info has been a trusted friend through the years. The post is long, but I hope clear. It has nothing to do with DV or media, except that because I've "lost" my Administrator status in Windows7, I can't even install Adobe CS5.5. Here we go:

Here is my nightmare.

The whole problem started when I found unknown user IDs on my home network. It was in trying to reconfigure the network when the “stuff” hit the fan. After fiddling for nearly a day I created a new admin profile. I don't recall giving it a password, but now I can't run most utilities, Firefox, or even do a system restore!

Let me take you on a visual tour of my headache.

Let’s say I try to run the utility 7Smoker.exe. Since it’s a utility that needs admin privileges, I get this message:
[ATT #1--> OZ66.JPG]
That “OZ66” is an account I created in an attempt to get my admin profile back, but I never gave it a password since I’m the only one using this system. Anything I enter, even leaving it blank, will yield the wrong ID or PW error ---and this happens even when running in safe mode.

Okay, let’s backup a little and go to the credentials manager, and here is what I get:


The “Generic Credential” at the bottom is a total mystery to me.

Let’s move to advanced security settings:

I don’t know who the “Authenticated Users” are, but I do see “Administrators”. It was on this screen that I originally found users with long alphanumeric names. I deleted them.

Finally we move to User Groups – a real doozey since I haven’t a clue who or why most of these “users” are here. I know I most have created them in the past, but why, when?

You can see one of those alphanumeric users at the top. Most of these “users” are a total mystery to me.

By the way, I did create a “password retrieval disk” when I created “OZ66”, and the file is where I placed it – in one of my external drives: userkey.psw and it’s 1.5KB. The problem is that I have no idea how it’s supposed to run. I’ve tried restoring, but no luck.

That is all I can supply you with at the moment. When I boot in safe mode the default user is “OZ Standard User”.

Please help!!!

P.S. Apologies for the size of the graphics. Next time I'll reduce them ahead of time.

Ozzie Alfonso
NYC

[Andrew Smith]

Given the unknown user IDs that you have found, it would be a fair assumption that your computer has been compromised. You could try fixing it yourself but would be up against people who have a greater knowledge than you do.

My advice:

1. Backup all your data to external drives.

2. Wipe the hard drive and re-install Windows and all service packs.

3. Re-install software and copy your data files back over. Only now do you finally connect the computer to the internet again.

4. Don't install 7Smoker.exe ever again. By the results of a Google search it looks like a dodgy app, and some sites regard it as malware. (Needless to say: don't install "free" smiley face toolbars or similar crapware.)

5. Neither should anyone reading this post ever use pirated software. If an evil hacker is clever enough to crack and defeat the licensing systems in modern software then they are also clever enough to insert their own payload in to the finished package. The end-user installing the illegal copy of the software wouldn't be savvy enough to even think that there could be a problem. Or that the software really doesn't come for "free" when all things are considered.

6. Properly document your usernames and passwords.

This will give you a good start in terms of recovery. Let's see how you go.

Andrew

[Andrew Smith]

Just did a bit more searching on Google and 7Smoker.exe is supposed to be an app that speeds up Windows. And people fall for it.

It may well be the mechanism by which the computer was compromised. In fact, out of anything it would be the one that I would be putting my money on as to how the computer got owned.

Andrew

[Dave Blackhurst]

If you've got a virus/malware issue, you might consider pulling the drive, connecting it to another machine, run a couple good virus scanners on the drive while it's not the "system" drive, and seeing if they can clean the infections - one of the few ways I've found to clean some of the very nasty viruses that seem to be floating around, many under the guise of some software that's supposed to improve your machine, or protect it or whatever....

The newer viral infections seem to be really good at locking you out of your own system, so trying to eradicate the infection on a "live" system/drive is like putting out a burning building while standing on the roof... not likely to turn out well... and potentially hazardous.

[Howard Harrelson]

Why not look into whether you can reset the admin p/w by using a jumper to short two pins on the motherboard?

[Bill Koehler]

Quote:

Originally Posted by Howard Harrelson

Why not look into whether you can reset the admin p/w by using a jumper to short two pins on the motherboard?

What you are suggesting applies to the BIOS Admin & User passwords, not the OS passwords.