Owner account trashed

[Li'l Abner]

Somebody brought me a Dell with XP Home SP3. Their desktop had been
populated with a bunch of porn site links and they were getting the usual
"your computer is infected" stuff.

I didn't even try normal mode. In Safe Mode I could see the mess on the
desktop. I couldn't *run* anything at all. Anything I tried to run brought
up the famous "Open With" window. Task Manager was greyed out.
Control-Alt-Delete yields no administrative privileges. Control Panel came
up but none of the menu items would open. "rundll32.exe - file missing".

Plan B, still in Safe Mode I logged off and logged back in as
Administrator. I could do stuff there. So I downloaded and ran MBam. It
found almost 200 infected items - Rogue wiresharkAntivirus, Trojan.FakeAV,
Trojan.Agent, Trojan.FakeAlert, Trojan.Dropper, Trojan,DNSChanger,
Rogue.Antivirus, and one instance of TDSS Rootkit. I ran TDSSKiller but it
found nothing so MBAM must have gotten it. I then ran ComboFix which ran
fast and found nothing. I toppedit off with SuperAntiSpyware which found
nothing but cookies, albeit a lot of them. All this in Safe Mode as
Administrator.

Then I went back into Normal Mode as Owner (the only user acoount) and it
is still the same damn thing. No task manager, nothing opens in Control
Panel, and *nothing* will run, either from the command prompt or from the
desktop. The same thing happens in Safe Mode in the Owner account.

I went back to the Administrator account and created a new user called
Family. While I was in there I made Owner a limited account. The Family
Account works fine with no symptoms of anything. I ran MBAM and SAS in the
new account with the hopes that one of them might find the trouble in the
Owner account, but both came up with absolutely nothing.

Any ideas on how to revive the Owner account. Or do I just take the easy
way out and copy all the Owner's documents to the Family account and delete
the Owner account?


--
--- Everybody has a right to my opinion. ---

[Whoever]

"Li'l Abner" <blvstk@dogpatch.com> wrote in
news:Xns9E91CD92364F1butter@wefb973cbe498:
>
> Any ideas on how to revive the Owner account. Or do I just take the
> easy way out and copy all the Owner's documents to the Family account
> and delete the Owner account?


Try:

http://www.technibble.com/xp_fileass...epair-tool-of-
the-week/

Even if that does fix it, it sounds like this one was infected badly
enough to warrant a wipe and reinstall after backing up your data files.



--
Don't bother trying to
contact me via email.

[David H. Lipman]

From: "Li'l Abner" <blvstk@dogpatch.com>

| Somebody brought me a Dell with XP Home SP3. Their desktop had been
| populated with a bunch of porn site links and they were getting the usual
| "your computer is infected" stuff.

| I didn't even try normal mode. In Safe Mode I could see the mess on the
| desktop. I couldn't *run* anything at all. Anything I tried to run brought
| up the famous "Open With" window. Task Manager was greyed out.
| Control-Alt-Delete yields no administrative privileges. Control Panel came
| up but none of the menu items would open. "rundll32.exe - file missing".

| Plan B, still in Safe Mode I logged off and logged back in as
| Administrator. I could do stuff there. So I downloaded and ran MBam. It
| found almost 200 infected items - Rogue wiresharkAntivirus, Trojan.FakeAV,
| Trojan.Agent, Trojan.FakeAlert, Trojan.Dropper, Trojan,DNSChanger,
| Rogue.Antivirus, and one instance of TDSS Rootkit. I ran TDSSKiller but it
| found nothing so MBAM must have gotten it. I then ran ComboFix which ran
| fast and found nothing. I toppedit off with SuperAntiSpyware which found
| nothing but cookies, albeit a lot of them. All this in Safe Mode as
| Administrator.

| Then I went back into Normal Mode as Owner (the only user acoount) and it
| is still the same damn thing. No task manager, nothing opens in Control
| Panel, and *nothing* will run, either from the command prompt or from the
| desktop. The same thing happens in Safe Mode in the Owner account.

| I went back to the Administrator account and created a new user called
| Family. While I was in there I made Owner a limited account. The Family
| Account works fine with no symptoms of anything. I ran MBAM and SAS in the
| new account with the hopes that one of them might find the trouble in the
| Owner account, but both came up with absolutely nothing.

| Any ideas on how to revive the Owner account. Or do I just take the easy
| way out and copy all the Owner's documents to the Family account and delete
| the Owner account?


Back up the data in the "Owner" account.

Delete the "Owner" account.

Re-create the "Owner" account.

Restore the data.

--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp

[Li'l Abner]

Whoever <whoever@wherever.invalid> wrote in news:Xns9E91DBF276A55somewhere@
69.16.185.250:

> "Li'l Abner" <blvstk@dogpatch.com> wrote in
> news:Xns9E91CD92364F1butter@wefb973cbe498:
>>
>> Any ideas on how to revive the Owner account. Or do I just take the
>> easy way out and copy all the Owner's documents to the Family account
>> and delete the Owner account?
>
>
> Try:
>
> http://www.technibble.com/xp_fileass...epair-tool-of-
> the-week/
>
> Even if that does fix it, it sounds like this one was infected badly
> enough to warrant a wipe and reinstall after backing up your data files.

That worked like a charm. Thanks!

--
--- Everybody has a right to my opinion. ---

[Li'l Abner]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:ijq6k80vvn@news4.newsguy.com:

> From: "Li'l Abner" <blvstk@dogpatch.com>
>
>| Somebody brought me a Dell with XP Home SP3. Their desktop had been
>| populated with a bunch of porn site links and they were getting the
>| usual "your computer is infected" stuff.
>
>| I didn't even try normal mode. In Safe Mode I could see the mess on
>| the desktop. I couldn't *run* anything at all. Anything I tried to
>| run brought up the famous "Open With" window. Task Manager was greyed
>| out. Control-Alt-Delete yields no administrative privileges. Control
>| Panel came up but none of the menu items would open. "rundll32.exe -
>| file missing".
>
>| Plan B, still in Safe Mode I logged off and logged back in as
>| Administrator. I could do stuff there. So I downloaded and ran MBam.
>| It found almost 200 infected items - Rogue wiresharkAntivirus,
>| Trojan.FakeAV, Trojan.Agent, Trojan.FakeAlert, Trojan.Dropper,
>| Trojan,DNSChanger, Rogue.Antivirus, and one instance of TDSS Rootkit.
>| I ran TDSSKiller but it found nothing so MBAM must have gotten it. I
>| then ran ComboFix which ran fast and found nothing. I toppedit off
>| with SuperAntiSpyware which found nothing but cookies, albeit a lot
>| of them. All this in Safe Mode as Administrator.
>
>| Then I went back into Normal Mode as Owner (the only user acoount)
>| and it is still the same damn thing. No task manager, nothing opens
>| in Control Panel, and *nothing* will run, either from the command
>| prompt or from the desktop. The same thing happens in Safe Mode in
>| the Owner account.
>
>| I went back to the Administrator account and created a new user
>| called Family. While I was in there I made Owner a limited account.
>| The Family Account works fine with no symptoms of anything. I ran
>| MBAM and SAS in the new account with the hopes that one of them might
>| find the trouble in the Owner account, but both came up with
>| absolutely nothing.
>
>| Any ideas on how to revive the Owner account. Or do I just take the
>| easy way out and copy all the Owner's documents to the Family account
>| and delete the Owner account?
>
>
> Back up the data in the "Owner" account.
>
> Delete the "Owner" account.
>
> Re-create the "Owner" account.
>
> Restore the data.

Well, seeing as it's you, I'm sure that would have worked. :-)
However "whoever" replied first and his solution worked as well.

Thanks though. You've bailed me out a lot of times and I appreciate it!


--
--- Everybody has a right to my opinion. ---