XP Pro password reset

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

One of the workstations in our office was hit with a virus or worm that
changed the user and administrator passwords. How in the heck can I attempt
to recover the system when I can't gain access to anything?

I know that it was a snap to do under NT and Win2K, because I remember
resetting passwords routinely back in that era. However, I was told that XP
is a tough nut to crack.

I would much rather spend a few hours of "quality time" repairing a little
damage than to spend a week or two reinstalling and reconfiguring all of the
applications -- not to mention wasting an install for each application.

Any ideas?
 
Scott said:
One of the workstations in our office was hit with a virus or worm that
changed the user and administrator passwords. How in the heck can I attempt
to recover the system when I can't gain access to anything?

http://home.eunet.no/~pnordahl/ntpasswd/

I know that it was a snap to do under NT and Win2K, because I remember
resetting passwords routinely back in that era. However, I was told that XP
is a tough nut to crack.

I would much rather spend a few hours of "quality time" repairing a little
damage than to spend a week or two reinstalling and reconfiguring all of the
applications -- not to mention wasting an install for each application.

Any ideas?
Click to expand...
 
Thanks Demmpa, but I believe that is useful only for NT (or possibly Win2K).
There used to be an on-line service that did pretty much the same, as I
recall. As I said, I used to reset those passwords all of the time ... back
in the day. I don't think that they have an XP solution though. I shall
look into it over the weekend.

Well, it looks as though I might have some "heavy lifting" to do. I'll put
it off for a few more days, in hopes that someone will rescue me from wasting
another couple weeks of my life!

Thanks again.
 
Scott said:
Thanks Demmpa, but I believe that is useful only for NT (or possibly
Win2K). There used to be an on-line service that did pretty much the
same, as I
recall. As I said, I used to reset those passwords all of the time
... back
in the day. I don't think that they have an XP solution though. I
shall look into it over the weekend.

Well, it looks as though I might have some "heavy lifting" to do.
I'll put it off for a few more days, in hopes that someone will rescue
me from wasting another couple weeks of my life!
Click to expand...

The information you have is incorrect. NTpasswd will work for NT, Win2k,
Win2003 Server, and for XP.

Not counting the time to download the very small free program and to
create the bootable media, it will take you less than 5 minutes to set
the Administrator to a blank.

Malke
 
Thanks kindly fellows.

I suppose it would have helped if I would have read a bit further than the
opening screen.

One critical thing though ... I don't know whether or not EFS had been
enabled. That could make the cure more lethal than the initial problem. I
shall give it a shot and get back to you.

Wish me luck.
 
Scott said:
Thanks kindly fellows.

I suppose it would have helped if I would have read a bit further than
the opening screen.

One critical thing though ... I don't know whether or not EFS had been
enabled. That could make the cure more lethal than the initial
problem. I shall give it a shot and get back to you.

Wish me luck.
Click to expand...

Yes, if encryption was used you will have a very big problem. Find out
first.

Malke
 
Thankfully, there was no encryption. The password hack worked like a charm
.... well, sort of.

My first attempt failed, although I suppose that I could have overlooked
something. (I swear that I didn't though!) Anyway, on the second attempt I
reset administrator, guest, and user passwords, to be certain that I could
get in somewhere. Ordinarily I would not recommend doing this, seeing as
other issues arose, although it is most likely damage inflicted by the
malware.

In safe mode, the guest account magically "disappeared" from the user
accounts screen after being reset. Frankly, I thought that a bit curious.

On rebooting into "UNsafe" mode, I able to get in as the administrator, but
was greeted by the good old "Let's activate Windows" screens. This HAD been
a fully actived system prior to what I now call "the fiasco". Nevertheless,
I proceeded to answer the activation questions step-by-step. Each time it
ended with the error that it was unable to access the activation server.
After three failed attempts, I opted for telephone activation, which worked
(but wasted an install).

I am tackling detection and removal from several different avenues beginning
with HijackThis and a host of other common (and not-so-common) tools. The
battle has commenced.

It's getting rather late, so I will have to pick up where I left off
tomorrow evening or the next, provided that the passwords remain blank.
 
Scott said:
Thankfully, there was no encryption. The password hack worked like a
charm ... well, sort of.

My first attempt failed, although I suppose that I could have
overlooked
something. (I swear that I didn't though!) Anyway, on the second
attempt I reset administrator, guest, and user passwords, to be
certain that I could
get in somewhere. Ordinarily I would not recommend doing this, seeing
as other issues arose, although it is most likely damage inflicted by
the malware.
Click to expand...
(snip)

I'm glad it worked for you. Thanks for updating the thread. Post back
with problem symptoms - numbered/bulleted lists are good - if you need
further help.

Malke
 
Back
Top