User accounts have gone missing!

Discussion in 'alt.windows7.general' started by Yousuf Khan, Jul 25, 2010.

  1. Yousuf Khan

    Yousuf Khan Guest

    I have a perplexing problem here. I went on vacation outside of the
    country, and when I got back my Windows 7 desktop lost almost all of its
    user login accounts (5 altogether), except for one. The one that isn't
    lost, cannot be logged into, as the password doesn't get accepted.

    The machine also has a dual-boot to Windows XP, and choosing to boot
    into XP gets you the message that that operating system doesn't exist.
    Going to Safe mode in Windows 7 doesn't help as it doesn't accept the
    password to the one remain account.

    Using a Ubuntu Linux, I've taken a look at the Windows file system and
    all files seem to be still there and I can access them, and Ubuntu
    doesn't report any physical problems with the boot disk (SMART looks
    fine). This happened while I was away, so I didn't even observe it
    myself, and I can't even login to an account to look at the event logs.

    Yousuf Khan
    Yousuf Khan, Jul 25, 2010
    1. Advertisements

  2. Yousuf Khan

    Parko Guest

    I've used this quite successfully in the past. Fairly straightforward to
    Parko, Jul 26, 2010
    1. Advertisements

  3. Yousuf Khan

    Arno Guest

    I suppose the machine was running with INternet connectivity?
    If so: Congratulations, you have aquired a SPAM-relay/bot-net node.
    I would recommend complete sanitization while not connected
    to a network.

    Arno, Jul 26, 2010
  4. Yousuf Khan

    Yousuf Khan Guest

    Hey, thanks, this seems to have done the trick. After I ran this, it
    showed that all of my missing user accounts were actually still there,
    but they were somehow disabled. At least all of the administrator-level
    accounts were disabled, but the standard user level accounts were unchanged.

    I re-enabled all of those administrator accounts, and changed their

    If I had gone with the restore from CD or restore from backups route,
    then my machine would've been set back to a level from April 2010, and
    that would've been too far back.

    Yousuf Khan
    Yousuf Khan, Jul 28, 2010
  5. Yousuf Khan

    Yousuf Khan Guest

    I looked into that possibility, but my last full backup was from April
    2010, so it would've set the system back too far. Using the password
    cracker option, I was able to get it back to the level where I last left

    Yousuf Khan
    Yousuf Khan, Jul 28, 2010
  6. Yousuf Khan

    Yousuf Khan Guest

    I don't think it got to that level. I did a complete virus scan of the
    disk, while booted into another operating system, and it checked out as
    clean. I think virus scanners can usually pick up root kits too.

    Also I told my brother to shut this machine done completely when I heard
    what was happening to it. So it's been shut off for over a month now, so
    I don't think if somebody was trying to seize this machine, it went
    offline fairly quickly and they didn't have time to use it.

    However, the fact that all of the administrator accounts were disabled,
    while the non-admin accounts were fine does lead me to believe perhaps
    someone was trying to seize the machine. However, the machine was behind
    a NAT router, so it's hard to understand how they planned to take over
    this machine.

    Yousuf Khan
    Yousuf Khan, Jul 28, 2010
  7. In this thread you have twice equated System Restore with restoring your
    drive from a backup. That's not what it is.

    System Restore basically just fixes a few (mostly Windows) problems from a
    backup-like stash of a few (mostly Windows) items, supposedly without
    affecting user data. These backups are made frequently and automatically.

    Google for it so you can see what I'm talking about.
    Gene E. Bloch, Jul 28, 2010
  8. Yousuf Khan

    Arno Guest

    At least they should. With current signatures I would say your
    assumption is reasonable.
    Hmm. Maybe they hacked the NAT first? Would not be the first time.
    Anyways, good success with the cleanup.

    Arno, Jul 28, 2010
  9. Glad you got it working too.

    I wonder, did you try booting into the safe mode and using the built in
    Administrator account or was that disabled as well?
    GlowingBlueMist, Jul 29, 2010
  10. Yousuf Khan

    Gordon Guest

    The built-in Administrator Account is disabled by default in Windows 7.
    That's why its very good practice to have an administrator account for
    elevation and emergency purposes and a Standard User account for day to
    day running...
    Gordon, Jul 29, 2010
  11. Yousuf Khan

    Yousuf Khan Guest

    That was disabled as well.

    Yousuf Khan
    Yousuf Khan, Jul 29, 2010
  12. Yousuf Khan

    Yousuf Khan Guest

    Well, I don't know how they can, the firewall is inside a Dlink
    broadband router with all external interfaces turned off. It's not the
    well-known hackable Linksys WRT54G router.

    I'm going through the event logs right now, but it's a needle in a
    haystack. Where would I notice unauthorized access? Will it even leave a
    trace in the event logs? There were several errors, warnings, and
    criticals during the time period in question, but that's no different
    than what was there before that time period.

    Yousuf Khan
    Yousuf Khan, Jul 29, 2010
  13. Yousuf Khan

    Gordon Guest

    That's by default, so don't worry about that.
    Gordon, Jul 30, 2010
  14. Yousuf Khan

    Arno Guest

    You can try a different appoach: Seach for known vulnerabilities
    for this device.

    It is quite possible that the logs will not help.

    Arno, Jul 30, 2010
  15. Yousuf Khan

    Yousuf Khan Guest

    It's still a mystery why the other accounts got disabled. Wonder if it
    could've been a Microsoft bug?

    Yousuf Khan
    Yousuf Khan, Jul 30, 2010
  16. Yousuf Khan

    Yousuf Khan Guest

    Good answer, considering that there were no operators around at the time.

    Yousuf Khan
    Yousuf Khan, Jul 31, 2010
  17. Yousuf Khan

    Mr Baracuda Guest

    frank is this newsgroups senile wrinkled old bastard that thinks he knows
    stuff about computers... BUT HE DOESN’T!

    ignore him, or better yet, if try making fun of him like I do... its really
    enjoyable to kick suck a lowlife in the ass!

    "Yousuf Khan" wrote in message
    Good answer, considering that there were no operators around at the time.

    Yousuf Khan
    Mr Baracuda, Jul 31, 2010
  18. Yousuf Khan

    Mr Baracuda Guest

    There are 2 ways to motivate a person

    with a stick
    or with a carrot

    we stuck both in franks ass and he is still not motivated!


    "Frank" wrote in message
    Really? So your computer destroyed itself all by itself?
    WoW! I've never heard that one before.
    Well, maybe capin' crunch has used that excuse for his incompetence.
    Mr Baracuda, Jul 31, 2010
  19. Yousuf Khan

    Mr Baracuda Guest

    you are old and gay...

    you are more of a creep than I thought....

    give me your csons email so I can send him what his daddy is posting in

    ill bet they will be proud of you

    Ill CC it to your local pastor too.....

    "Frank" wrote in message
    Mr Baracuda, Aug 1, 2010
  20. Yousuf Khan

    Parko Guest

    Not heard of a brown out, Fwank? It's the opposite of a power surge.

    And your solution to the OP's problem was useless, as usual.
    Parko, Aug 1, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.