Trojan has overwritten User Accounts

Discussion in 'Virus Information' started by full-measure, Jun 18, 2004.

  1. full-measure

    full-measure Guest

    Despite reasonable precautions (3 AV applications, and a
    Norton Firewall), I suspect a trojan has overwritten my
    user accounts, leaving only an 'Administrator'. No
    password seems to work, and leaving the password field
    blank doesn't work either.

    Any suggestions how to get around the login issue so that
    I can reinstall the OS?
     
    full-measure, Jun 18, 2004
    #1
    1. Advertisements

  2. full-measure

    Malke Guest

    I very much doubt that a trojan has overwritten your os. Normally
    trojans don't do that - rather they sit on your hard drive, sending
    whatever information they've been coded to gather back to their owners.
    However, without more information about your computer it is impossible
    to say what has gone wrong. To reinstall Windows, just boot from your
    XP CD. You don't need to log in. Here are some links about installing
    Windows:

    http://www.michaelstevenstech.com/XPrepairinstall.htm - Repair Install
    http://michaelstevenstech.com/cleanxpinstall.html - Clean Install

    Malke
     
    Malke, Jun 18, 2004
    #2
    1. Advertisements

  3. full-measure

    Phil Weldon Guest

    Since you still have an Administrator account what is the problem with
    setting up new user accounts?

    If your antivirus program and definitons are up-to-date, and you have a
    personal firewall, corruption of your operating system for reasons
    unconnected to malware is a good possibility. (By the way, use of more than
    one antivirus program simultaneously is not a good idea.)

    --
    Phil Weldon, pweldonatmindjumpdotcom
    For communication,
    replace "at" with the 'at sign'
    replace "mindjump" with "mindspring."
    replace "dot" with "."
     
    Phil Weldon, Jun 18, 2004
    #3
  4. On Fri, 18 Jun 2004 20:53:34 GMT, "Phil Weldon"
    Just a wild guess: Loss of data and settings stored in those profiles?
    Hmm, agreed. I'd handle this as a PC Crisis a la
    http://cquirke.mvps.org/pccrisis.htm if this was brought in as a case.


    Trsut me, I won't make a mistake!
     
    cquirke (MVP Win9x), Jun 19, 2004
    #4
  5. full-measure

    Phil Weldon Guest

    Well, shouldn't the data and settings in the previous user accounts still be
    accessible by the administrator account? It doesn't seem likely that
    malware or OS corruption would destroy selected contents of 'Documents and
    Settings'.

    --
    Phil Weldon, pweldonatmindjumpdotcom
    For communication,
    replace "at" with the 'at sign'
    replace "mindjump" with "mindspring."
    replace "dot" with "."
     
    Phil Weldon, Jun 19, 2004
    #5
  6. On Sat, 19 Jun 2004 16:04:30 GMT, "Phil Weldon"
    Er, subject line "Trojan has overwritten User Accounts" does rather
    imply the entire subtrees may have been overwritten, and that means
    goodbye per-user data stores.

    If there's any file system corruption caused by raw disk access
    beneath the file system level of abstraction (e.g. Witty) then all
    bets are off. So yes, malware or OS corruption is very likely to barf
    data, esp. where it's stored on C: as it is by duhfault.


    Trsut me, I won't make a mistake!
     
    cquirke (MVP Win9x), Jun 19, 2004
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.