User accounts have gone missing!

On 29/07/2010 12:00 PM, GlowingBlueMist wrote:
> On 7/28/2010 1:18 PM, Yousuf Khan wrote:
>> On 26/07/2010 12:12 AM, Frank wrote:
>>> Boot from your Win 7 DVD, if you have one, and do a system restore.
>>
>> I looked into that possibility, but my last full backup was from April
>> 2010, so it would've set the system back too far. Using the password
>> cracker option, I was able to get it back to the level where I last left
>> it.
>>
>> Yousuf Khan
> Glad you got it working too.
>
> I wonder, did you try booting into the safe mode and using the built in
> Administrator account or was that disabled as well?

That was disabled as well.

Yousuf Khan

On 28/07/2010 6:31 PM, Arno wrote:
>> However, the fact that all of the administrator accounts were disabled,
>> while the non-admin accounts were fine does lead me to believe perhaps
>> someone was trying to seize the machine. However, the machine was behind
>> a NAT router, so it's hard to understand how they planned to take over
>> this machine.
>
> Hmm. Maybe they hacked the NAT first? Would not be the first time.
> Anyways, good success with the cleanup.

Well, I don't know how they can, the firewall is inside a Dlink
broadband router with all external interfaces turned off. It's not the
well-known hackable Linksys WRT54G router.

I'm going through the event logs right now, but it's a needle in a
haystack. Where would I notice unauthorized access? Will it even leave a
trace in the event logs? There were several errors, warnings, and
criticals during the time period in question, but that's no different
than what was there before that time period.

Yousuf Khan

On 29/07/10 23:11, Yousuf Khan wrote:
> On 29/07/2010 12:00 PM, GlowingBlueMist wrote:
>> On 7/28/2010 1:18 PM, Yousuf Khan wrote:
>>> On 26/07/2010 12:12 AM, Frank wrote:
>>>> Boot from your Win 7 DVD, if you have one, and do a system restore.
>>>
>>> I looked into that possibility, but my last full backup was from April
>>> 2010, so it would've set the system back too far. Using the password
>>> cracker option, I was able to get it back to the level where I last left
>>> it.
>>>
>>> Yousuf Khan
>> Glad you got it working too.
>>
>> I wonder, did you try booting into the safe mode and using the built in
>> Administrator account or was that disabled as well?
>
> That was disabled as well.
>
> Yousuf Khan

That's by default, so don't worry about that.

In comp.sys.ibm.pc.hardware.storage Yousuf Khan <> wrote:
> On 28/07/2010 6:31 PM, Arno wrote:
>>> However, the fact that all of the administrator accounts were disabled,
>>> while the non-admin accounts were fine does lead me to believe perhaps
>>> someone was trying to seize the machine. However, the machine was behind
>>> a NAT router, so it's hard to understand how they planned to take over
>>> this machine.
>>
>> Hmm. Maybe they hacked the NAT first? Would not be the first time.
>> Anyways, good success with the cleanup.

> Well, I don't know how they can, the firewall is inside a Dlink
> broadband router with all external interfaces turned off. It's not the
> well-known hackable Linksys WRT54G router.

> I'm going through the event logs right now, but it's a needle in a
> haystack. Where would I notice unauthorized access? Will it even leave a
> trace in the event logs? There were several errors, warnings, and
> criticals during the time period in question, but that's no different
> than what was there before that time period.

You can try a different appoach: Seach for known vulnerabilities
for this device.

It is quite possible that the logs will not help.

Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email:
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

On 30/07/2010 2:48 AM, Gordon wrote:
> On 29/07/10 23:11, Yousuf Khan wrote:
>> On 29/07/2010 12:00 PM, GlowingBlueMist wrote:
>>> I wonder, did you try booting into the safe mode and using the built in
>>> Administrator account or was that disabled as well?
>>
>> That was disabled as well.
>>
>> Yousuf Khan
>
> That's by default, so don't worry about that.
>

It's still a mystery why the other accounts got disabled. Wonder if it
could've been a Microsoft bug?

Yousuf Khan

On 30/07/2010 7:39 PM, Frank wrote:
> More likely, an operator error.

Good answer, considering that there were no operators around at the time.

Yousuf Khan

frank is this newsgroups senile wrinkled old bastard that thinks he knows
stuff about computers... BUT HE DOESN’T!

ignore him, or better yet, if try making fun of him like I do... its really
enjoyable to kick suck a lowlife in the ass!



"Yousuf Khan" wrote in message news:4c53be15$...

On 30/07/2010 7:39 PM, Frank wrote:
> More likely, an operator error.

Good answer, considering that there were no operators around at the time.

Yousuf Khan

There are 2 ways to motivate a person

with a stick
or with a carrot

we stuck both in franks ass and he is still not motivated!

DAMN THE OLD BASTARD!

"Frank" wrote in message news:4c5446a6$...

On 7/30/2010 11:09 PM, Yousuf Khan wrote:
> On 30/07/2010 7:39 PM, Frank wrote:
>> More likely, an operator error.
>
> Good answer, considering that there were no operators around at the time.
>
> Yousuf Khan

Really? So your computer destroyed itself all by itself?
WoW! I've never heard that one before.
Well, maybe capin' crunch has used that excuse for his incompetence.

you are old and gay...

you are more of a creep than I thought....

give me your csons email so I can send him what his daddy is posting in
newsgroups

ill bet they will be proud of you

Ill CC it to your local pastor too.....

"Frank" wrote in message news:4c54c559$...

On 7/31/2010 5:31 PM, Mr Baracuda wrote:
> others watch tv, go to ball games or shoot pool
>
> I lick franks ass!
>
> It’s a hobby of mine!
---------------------------------------

hehehe...AND YOU LIKE IT!...lol!
OOPS!

On Sat, 31 Jul 2010 08:52:37 -0700, Frank scrawled:

> On 7/30/2010 11:09 PM, Yousuf Khan wrote:
>> On 30/07/2010 7:39 PM, Frank wrote:
>>> More likely, an operator error.
>>
>> Good answer, considering that there were no operators around at the
>> time.
>>
>> Yousuf Khan
>
> Really? So your computer destroyed itself all by itself? WoW! I've never
> heard that one before.

Not heard of a brown out, Fwank? It's the opposite of a power surge.

http://www.dtidata.com/resourcecente...rive-recovery-
power-failure-surge-brown-out/

And your solution to the OP's problem was useless, as usual.
--
You will be prompted to restart the computer. Click Yes. "This is not a
psychotic episode. It's a cleansing moment of clarity."