Administrator account password always reset after reboot?!

  • Thread starter Thread starter Olaf
  • Start date Start date
O

Olaf

Hello,

I have Windows XP Pro SP3, and have used the administrator account
(renamed to another account name) also for normal work in the normal
Windows mode (not safe mode). This has worked without problems for more
than a year.

However, since some weeks, there is a strange behaviour of this account:
Whenever I reboot, the password of this Administrator account is reset
(to something unknown to me, the previous password does not work), and
also any information I give in the account description is blanked.

Therefore, I can access the account again only by using another account
with administrator rights (which I luckily have), reset the password for
the administrator account from there, and then log in back to the
administrator account with the newly reset password. This works without
problems, and the password also continues to work if I do standby,
hibernate, or even if I reboot and then boot directly into safe mode (!).

But once I reboot and get back to normal Windows mode, the administrator
account password is reset again to something unknown, and the account
information is blanked again. I have also tried to change the
administrator password in safe mode, but the same behaviour occurs after
getting back to normal mode.

-> Any help in what could cause this, and how to get rid of it would be
highly appreciated!

Thanks,
Olaf
 
Olaf said:
Hello,

I have Windows XP Pro SP3, and have used the administrator account
(renamed to another account name) also for normal work in the normal
Windows mode (not safe mode). This has worked without problems for more
than a year.

However, since some weeks, there is a strange behaviour of this account:
Whenever I reboot, the password of this Administrator account is reset
(to something unknown to me, the previous password does not work), and
also any information I give in the account description is blanked.

Therefore, I can access the account again only by using another account
with administrator rights (which I luckily have), reset the password for
the administrator account from there, and then log in back to the
administrator account with the newly reset password. This works without
problems, and the password also continues to work if I do standby,
hibernate, or even if I reboot and then boot directly into safe mode (!).

But once I reboot and get back to normal Windows mode, the administrator
account password is reset again to something unknown, and the account
information is blanked again. I have also tried to change the
administrator password in safe mode, but the same behaviour occurs after
getting back to normal mode.

The First Question Of Troubleshooting: If the problem is new, what changed
between the time things worked and the time they didn't?

The Second Question of Windows Troubleshooting: what is the malware/virus
status of the machine? If you think it is clean, what programs (and
versions) did you use to determine this?

Be sure the computer is clean:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

In your case, I would answer the Second Question first.

Malke
 
Hello,

I have Windows XP Pro SP3, and have used the administrator account
(renamed to another account name) also for normal work in the normal
Windows mode (not safe mode). This has worked without problems for
more than a year.

However, since some weeks, there is a strange behaviour of this
account: Whenever I reboot, the password of this Administrator
account is reset (to something unknown to me, the previous password
does not work), and also any information I give in the account
description is blanked.
Therefore, I can access the account again only by using another
account with administrator rights (which I luckily have), reset the
password for the administrator account from there, and then log in
back to the administrator account with the newly reset password. This
works without problems, and the password also continues to work if I
do standby, hibernate, or even if I reboot and then boot directly
into safe mode (!).
But once I reboot and get back to normal Windows mode, the
administrator account password is reset again to something unknown,
and the account information is blanked again. I have also tried to
change the administrator password in safe mode, but the same
behaviour occurs after getting back to normal mode.

-> Any help in what could cause this, and how to get rid of it would
be highly appreciated!

Thanks,
Olaf

Assuming only that one account has that problem:

It really sounds like you may have malware at work and possibly even
have had that account hijacked or somehow compromised. Try Malke's
links, they are decent, not perfect, but often do the job. If that
doesn't work, come back here and explain where you are in as much detail
as you can.
For the time being, I would advise creating a new account and using
that instead if you cannot just switch to one of the other accounts that
already exist and do not have the problem. Rather than rebuild a new
account by copying from the other, build it manually instead, just in
case there is a trigger in the other one to cause the password problem
to happen.
It may not help, but I'm guessing it will (it could be just simple
corruption too); whatever it is would be attached to that old account
somehow. And if it works, you could then just delete the old account to
throw it away.

You are wise to keep two admin accounts; just because of problems like
this that can arise.

HTH

Twayne
 
Hello,

and thank you for your reply. My answers are below.
The First Question Of Troubleshooting: If the problem is new, what changed
between the time things worked and the time they didn't?

To my memory, there were two changes that day:

- Some Windows Updates were installed

- I tried to do a backup of the system partition via Paragon Partition
Manager to an external hard disk. Since it was the system partition to
be backed up, this was done in "blue screen mode", but for some reason
it failed. (This problem of Paragon Partition Manager is now fixed.) The
first thing I did is to contact the people at Paragon whether this could
have any impact to the password system, but they answered that there is
no way they could imagine that it does.

The Second Question of Windows Troubleshooting: what is the malware/virus
status of the machine? If you think it is clean, what programs (and
versions) did you use to determine this?

The machine is a desktop PC, behind a (professional) firewall, and runs
F-Secure Client Security continuously since it has been set up. In
addition to the normal background scan, I run a full manual scan about
every two weeks. So far never in the lifetime of the machine, any
viruses or malware were detected by F-Secure. I know this is not a 100%
proof anyway, but I assume it is quite unlikely that there is a
virus/malware problem, or that anyone would have tried to hijack the
machine (one would need to know the internal IP address that is not
shown to outside world). I will try Spybot anyway.

Windows Updates are all installed.
Be sure the computer is clean:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

In your case, I would answer the Second Question first.

If you have any more suggestions based on my answers above, please let
me know.

Thanks,
Olaf
 
P.S.: I have created a new account, and do not use the problematic
administrator account regularly anymore. With the new account, no
problems appear with the password on reboot, and neither on other
accounts that I tried. It is only the built-in administrator account.
 
Olaf said:
Hello,

and thank you for your reply. My answers are below.


To my memory, there were two changes that day:

- Some Windows Updates were installed

- I tried to do a backup of the system partition via Paragon Partition
Manager to an external hard disk. Since it was the system partition to
be backed up, this was done in "blue screen mode", but for some reason
it failed. (This problem of Paragon Partition Manager is now fixed.) The
first thing I did is to contact the people at Paragon whether this could
have any impact to the password system, but they answered that there is
no way they could imagine that it does.



The machine is a desktop PC, behind a (professional) firewall, and runs
F-Secure Client Security continuously since it has been set up. In
addition to the normal background scan, I run a full manual scan about
every two weeks. So far never in the lifetime of the machine, any
viruses or malware were detected by F-Secure. I know this is not a 100%
proof anyway, but I assume it is quite unlikely that there is a
virus/malware problem, or that anyone would have tried to hijack the
machine (one would need to know the internal IP address that is not
shown to outside world). I will try Spybot anyway.

Windows Updates are all installed.


If you have any more suggestions based on my answers above, please let
me know.

Thank you for the very comprehensive answer. The only thing I can think of
is that somehow by working with the partitions you corrupted the built-in
Administrator account. Since you have XP, I'd just make an extra
Administrator account, calling it "Tech" or "CompAdmin" or the like and
forget about using the built-in Administrator account.

The only other thing I can think of is to do a Repair Install and then if
that doesn't work, a Clean Install. However, if everything else is working
well, you may just want to do the workaround I suggested above and live
with the built-in Administrator account not working. If you create the
extra account as suggested, you won't ever need the built-in Administrator
account anyway.

Malke
 
Malke said:
Thank you for the very comprehensive answer. The only thing I can think of
is that somehow by working with the partitions you corrupted the built-in
Administrator account. Since you have XP, I'd just make an extra
Administrator account, calling it "Tech" or "CompAdmin" or the like and
forget about using the built-in Administrator account.

The only other thing I can think of is to do a Repair Install and then if
that doesn't work, a Clean Install. However, if everything else is working
well, you may just want to do the workaround I suggested above and live
with the built-in Administrator account not working. If you create the
extra account as suggested, you won't ever need the built-in Administrator
account anyway.

Malke


Thank you for your response.

Indeed I now did it like you suggested: I transferred the settings from
the built-in Administrator account (which was used for normal work) to a
new account, made another "Admin" account for emergency purposes, and
took the built-in Administrator account out of use (it still has the
same password issue as described). Since the other accounts do not have
any password problems, things work as needed now. It would have been
interesting to understand what has happened with the built-in
Administrator account password system and how to fix it, but if that
needs a new/repair install, I think it is really not worth the trouble.

Best regards,
Olaf
 
Olaf said:
Indeed I now did it like you suggested: I transferred the settings from
the built-in Administrator account (which was used for normal work) to a
new account, made another "Admin" account for emergency purposes, and
took the built-in Administrator account out of use (it still has the
same password issue as described). Since the other accounts do not have
any password problems, things work as needed now. It would have been
interesting to understand what has happened with the built-in
Administrator account password system and how to fix it, but if that
needs a new/repair install, I think it is really not worth the trouble.

I'm glad that sorted it for you. Sometimes it's easier to just live with the
workaround and you'll never figure out what really happened. Then when you
do a new install at some point (if ever!), it won't matter any more. ;-)

Thanks very much for updating the thread. Have a Happy New Year!

Malke
 
Malke said:
I'm glad that sorted it for you. Sometimes it's easier to just live with the
workaround and you'll never figure out what really happened. Then when you
do a new install at some point (if ever!), it won't matter any more. ;-)

Thanks very much for updating the thread. Have a Happy New Year!

Malke

Thank you, and have a happy new year, too!

Best regards,
Olaf
 
Back
Top