User accounts have gone missing!

Discussion in 'alt.windows7.general' started by Yousuf Khan, Jul 25, 2010.

  1. Yousuf Khan

    Yousuf Khan Guest

    I have a perplexing problem here. I went on vacation outside of the
    country, and when I got back my Windows 7 desktop lost almost all of its
    user login accounts (5 altogether), except for one. The one that isn't
    lost, cannot be logged into, as the password doesn't get accepted.

    The machine also has a dual-boot to Windows XP, and choosing to boot
    into XP gets you the message that that operating system doesn't exist.
    Going to Safe mode in Windows 7 doesn't help as it doesn't accept the
    password to the one remain account.

    Using a Ubuntu Linux, I've taken a look at the Windows file system and
    all files seem to be still there and I can access them, and Ubuntu
    doesn't report any physical problems with the boot disk (SMART looks
    fine). This happened while I was away, so I didn't even observe it
    myself, and I can't even login to an account to look at the event logs.

    Yousuf Khan
     
    Yousuf Khan, Jul 25, 2010
    #1
    1. Advertisements

  2. Yousuf Khan

    Parko Guest

    On Sun, 25 Jul 2010 13:17:19 -0500, Yousuf Khan scrawled:

    > I have a perplexing problem here. I went on vacation outside of the
    > country, and when I got back my Windows 7 desktop lost almost all of its
    > user login accounts (5 altogether), except for one. The one that isn't
    > lost, cannot be logged into, as the password doesn't get accepted.
    >
    > The machine also has a dual-boot to Windows XP, and choosing to boot
    > into XP gets you the message that that operating system doesn't exist.
    > Going to Safe mode in Windows 7 doesn't help as it doesn't accept the
    > password to the one remain account.
    >
    > Using a Ubuntu Linux, I've taken a look at the Windows file system and
    > all files seem to be still there and I can access them, and Ubuntu
    > doesn't report any physical problems with the boot disk (SMART looks
    > fine). This happened while I was away, so I didn't even observe it
    > myself, and I can't even login to an account to look at the event logs.
    >
    > Yousuf Khan


    I've used this quite successfully in the past. Fairly straightforward to
    use.
    http://pogostick.net/~pnh/ntpasswd/

    --
    You will be prompted to restart the computer. Click Yes. "This is not a
    psychotic episode. It's a cleansing moment of clarity."





    --
    You will be prompted to restart the computer. Click Yes. "This is not a
    psychotic episode. It's a cleansing moment of clarity."
     
    Parko, Jul 26, 2010
    #2
    1. Advertisements

  3. Yousuf Khan

    Arno Guest

    In comp.sys.ibm.pc.hardware.storage Yousuf Khan <> wrote:
    > I have a perplexing problem here. I went on vacation outside of the
    > country, and when I got back my Windows 7 desktop lost almost all of its
    > user login accounts (5 altogether), except for one. The one that isn't
    > lost, cannot be logged into, as the password doesn't get accepted.


    I suppose the machine was running with INternet connectivity?
    If so: Congratulations, you have aquired a SPAM-relay/bot-net node.

    > The machine also has a dual-boot to Windows XP, and choosing to boot
    > into XP gets you the message that that operating system doesn't exist.
    > Going to Safe mode in Windows 7 doesn't help as it doesn't accept the
    > password to the one remain account.


    > Using a Ubuntu Linux, I've taken a look at the Windows file system and
    > all files seem to be still there and I can access them, and Ubuntu
    > doesn't report any physical problems with the boot disk (SMART looks
    > fine). This happened while I was away, so I didn't even observe it
    > myself, and I can't even login to an account to look at the event logs.


    I would recommend complete sanitization while not connected
    to a network.

    Arno

    --
    Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email:
    GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
    ----
    Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
     
    Arno, Jul 26, 2010
    #3
  4. Yousuf Khan

    Yousuf Khan Guest

    On 25/07/2010 10:09 PM, Parko wrote:
    > I've used this quite successfully in the past. Fairly straightforward to
    > use.
    > http://pogostick.net/~pnh/ntpasswd/
    >


    Hey, thanks, this seems to have done the trick. After I ran this, it
    showed that all of my missing user accounts were actually still there,
    but they were somehow disabled. At least all of the administrator-level
    accounts were disabled, but the standard user level accounts were unchanged.

    I re-enabled all of those administrator accounts, and changed their
    passwords.

    If I had gone with the restore from CD or restore from backups route,
    then my machine would've been set back to a level from April 2010, and
    that would've been too far back.

    Yousuf Khan
     
    Yousuf Khan, Jul 28, 2010
    #4
  5. Yousuf Khan

    Yousuf Khan Guest

    On 26/07/2010 12:12 AM, Frank wrote:
    > Boot from your Win 7 DVD, if you have one, and do a system restore.


    I looked into that possibility, but my last full backup was from April
    2010, so it would've set the system back too far. Using the password
    cracker option, I was able to get it back to the level where I last left
    it.

    Yousuf Khan
     
    Yousuf Khan, Jul 28, 2010
    #5
  6. Yousuf Khan

    Yousuf Khan Guest

    On 26/07/2010 5:35 AM, Arno wrote:
    > In comp.sys.ibm.pc.hardware.storage Yousuf Khan<> wrote:
    >> I have a perplexing problem here. I went on vacation outside of the
    >> country, and when I got back my Windows 7 desktop lost almost all of its
    >> user login accounts (5 altogether), except for one. The one that isn't
    >> lost, cannot be logged into, as the password doesn't get accepted.

    >
    > I suppose the machine was running with INternet connectivity?
    > If so: Congratulations, you have aquired a SPAM-relay/bot-net node.


    I don't think it got to that level. I did a complete virus scan of the
    disk, while booted into another operating system, and it checked out as
    clean. I think virus scanners can usually pick up root kits too.

    Also I told my brother to shut this machine done completely when I heard
    what was happening to it. So it's been shut off for over a month now, so
    I don't think if somebody was trying to seize this machine, it went
    offline fairly quickly and they didn't have time to use it.

    However, the fact that all of the administrator accounts were disabled,
    while the non-admin accounts were fine does lead me to believe perhaps
    someone was trying to seize the machine. However, the machine was behind
    a NAT router, so it's hard to understand how they planned to take over
    this machine.

    Yousuf Khan
     
    Yousuf Khan, Jul 28, 2010
    #6
  7. On Wed, 28 Jul 2010 14:17:27 -0400, Yousuf Khan wrote:

    > On 25/07/2010 10:09 PM, Parko wrote:
    >> I've used this quite successfully in the past. Fairly straightforward to
    >> use.
    >> http://pogostick.net/~pnh/ntpasswd/
    >>

    >
    > Hey, thanks, this seems to have done the trick. After I ran this, it
    > showed that all of my missing user accounts were actually still there,
    > but they were somehow disabled. At least all of the administrator-level
    > accounts were disabled, but the standard user level accounts were unchanged.
    >
    > I re-enabled all of those administrator accounts, and changed their
    > passwords.
    >
    > If I had gone with the restore from CD or restore from backups route,
    > then my machine would've been set back to a level from April 2010, and
    > that would've been too far back.
    >
    > Yousuf Khan


    In this thread you have twice equated System Restore with restoring your
    drive from a backup. That's not what it is.

    System Restore basically just fixes a few (mostly Windows) problems from a
    backup-like stash of a few (mostly Windows) items, supposedly without
    affecting user data. These backups are made frequently and automatically.

    Google for it so you can see what I'm talking about.

    --
    Gene E. Bloch (Stumbling Bloch)
     
    Gene E. Bloch, Jul 28, 2010
    #7
  8. Yousuf Khan

    Arno Guest

    In comp.sys.ibm.pc.hardware.storage Yousuf Khan <> wrote:
    > On 26/07/2010 5:35 AM, Arno wrote:
    >> In comp.sys.ibm.pc.hardware.storage Yousuf Khan<> wrote:
    >>> I have a perplexing problem here. I went on vacation outside of the
    >>> country, and when I got back my Windows 7 desktop lost almost all of its
    >>> user login accounts (5 altogether), except for one. The one that isn't
    >>> lost, cannot be logged into, as the password doesn't get accepted.

    >>
    >> I suppose the machine was running with INternet connectivity?
    >> If so: Congratulations, you have aquired a SPAM-relay/bot-net node.


    > I don't think it got to that level. I did a complete virus scan of the
    > disk, while booted into another operating system, and it checked out as
    > clean. I think virus scanners can usually pick up root kits too.


    At least they should. With current signatures I would say your
    assumption is reasonable.

    > Also I told my brother to shut this machine done completely when I heard
    > what was happening to it. So it's been shut off for over a month now, so
    > I don't think if somebody was trying to seize this machine, it went
    > offline fairly quickly and they didn't have time to use it.


    Agreed.

    > However, the fact that all of the administrator accounts were disabled,
    > while the non-admin accounts were fine does lead me to believe perhaps
    > someone was trying to seize the machine. However, the machine was behind
    > a NAT router, so it's hard to understand how they planned to take over
    > this machine.


    Hmm. Maybe they hacked the NAT first? Would not be the first time.
    Anyways, good success with the cleanup.

    Arno

    --
    Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email:
    GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
    ----
    Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
     
    Arno, Jul 28, 2010
    #8
  9. On 7/28/2010 1:18 PM, Yousuf Khan wrote:
    > On 26/07/2010 12:12 AM, Frank wrote:
    >> Boot from your Win 7 DVD, if you have one, and do a system restore.

    >
    > I looked into that possibility, but my last full backup was from April
    > 2010, so it would've set the system back too far. Using the password
    > cracker option, I was able to get it back to the level where I last left
    > it.
    >
    > Yousuf Khan

    Glad you got it working too.

    I wonder, did you try booting into the safe mode and using the built in
    Administrator account or was that disabled as well?
     
    GlowingBlueMist, Jul 29, 2010
    #9
  10. Yousuf Khan

    Gordon Guest

    On 29/07/10 17:00, GlowingBlueMist wrote:
    > On 7/28/2010 1:18 PM, Yousuf Khan wrote:
    >> On 26/07/2010 12:12 AM, Frank wrote:
    >>> Boot from your Win 7 DVD, if you have one, and do a system restore.

    >>
    >> I looked into that possibility, but my last full backup was from April
    >> 2010, so it would've set the system back too far. Using the password
    >> cracker option, I was able to get it back to the level where I last left
    >> it.
    >>
    >> Yousuf Khan

    > Glad you got it working too.
    >
    > I wonder, did you try booting into the safe mode and using the built in
    > Administrator account or was that disabled as well?


    The built-in Administrator Account is disabled by default in Windows 7.
    That's why its very good practice to have an administrator account for
    elevation and emergency purposes and a Standard User account for day to
    day running...
     
    Gordon, Jul 29, 2010
    #10
  11. Yousuf Khan

    Yousuf Khan Guest

    On 29/07/2010 12:00 PM, GlowingBlueMist wrote:
    > On 7/28/2010 1:18 PM, Yousuf Khan wrote:
    >> On 26/07/2010 12:12 AM, Frank wrote:
    >>> Boot from your Win 7 DVD, if you have one, and do a system restore.

    >>
    >> I looked into that possibility, but my last full backup was from April
    >> 2010, so it would've set the system back too far. Using the password
    >> cracker option, I was able to get it back to the level where I last left
    >> it.
    >>
    >> Yousuf Khan

    > Glad you got it working too.
    >
    > I wonder, did you try booting into the safe mode and using the built in
    > Administrator account or was that disabled as well?


    That was disabled as well.

    Yousuf Khan
     
    Yousuf Khan, Jul 29, 2010
    #11
  12. Yousuf Khan

    Yousuf Khan Guest

    On 28/07/2010 6:31 PM, Arno wrote:
    >> However, the fact that all of the administrator accounts were disabled,
    >> while the non-admin accounts were fine does lead me to believe perhaps
    >> someone was trying to seize the machine. However, the machine was behind
    >> a NAT router, so it's hard to understand how they planned to take over
    >> this machine.

    >
    > Hmm. Maybe they hacked the NAT first? Would not be the first time.
    > Anyways, good success with the cleanup.


    Well, I don't know how they can, the firewall is inside a Dlink
    broadband router with all external interfaces turned off. It's not the
    well-known hackable Linksys WRT54G router.

    I'm going through the event logs right now, but it's a needle in a
    haystack. Where would I notice unauthorized access? Will it even leave a
    trace in the event logs? There were several errors, warnings, and
    criticals during the time period in question, but that's no different
    than what was there before that time period.

    Yousuf Khan
     
    Yousuf Khan, Jul 29, 2010
    #12
  13. Yousuf Khan

    Gordon Guest

    On 29/07/10 23:11, Yousuf Khan wrote:
    > On 29/07/2010 12:00 PM, GlowingBlueMist wrote:
    >> On 7/28/2010 1:18 PM, Yousuf Khan wrote:
    >>> On 26/07/2010 12:12 AM, Frank wrote:
    >>>> Boot from your Win 7 DVD, if you have one, and do a system restore.
    >>>
    >>> I looked into that possibility, but my last full backup was from April
    >>> 2010, so it would've set the system back too far. Using the password
    >>> cracker option, I was able to get it back to the level where I last left
    >>> it.
    >>>
    >>> Yousuf Khan

    >> Glad you got it working too.
    >>
    >> I wonder, did you try booting into the safe mode and using the built in
    >> Administrator account or was that disabled as well?

    >
    > That was disabled as well.
    >
    > Yousuf Khan


    That's by default, so don't worry about that.
     
    Gordon, Jul 30, 2010
    #13
  14. Yousuf Khan

    Arno Guest

    In comp.sys.ibm.pc.hardware.storage Yousuf Khan <> wrote:
    > On 28/07/2010 6:31 PM, Arno wrote:
    >>> However, the fact that all of the administrator accounts were disabled,
    >>> while the non-admin accounts were fine does lead me to believe perhaps
    >>> someone was trying to seize the machine. However, the machine was behind
    >>> a NAT router, so it's hard to understand how they planned to take over
    >>> this machine.

    >>
    >> Hmm. Maybe they hacked the NAT first? Would not be the first time.
    >> Anyways, good success with the cleanup.


    > Well, I don't know how they can, the firewall is inside a Dlink
    > broadband router with all external interfaces turned off. It's not the
    > well-known hackable Linksys WRT54G router.


    > I'm going through the event logs right now, but it's a needle in a
    > haystack. Where would I notice unauthorized access? Will it even leave a
    > trace in the event logs? There were several errors, warnings, and
    > criticals during the time period in question, but that's no different
    > than what was there before that time period.


    You can try a different appoach: Seach for known vulnerabilities
    for this device.

    It is quite possible that the logs will not help.

    Arno
    --
    Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email:
    GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
    ----
    Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
     
    Arno, Jul 30, 2010
    #14
  15. Yousuf Khan

    Yousuf Khan Guest

    On 30/07/2010 2:48 AM, Gordon wrote:
    > On 29/07/10 23:11, Yousuf Khan wrote:
    >> On 29/07/2010 12:00 PM, GlowingBlueMist wrote:
    >>> I wonder, did you try booting into the safe mode and using the built in
    >>> Administrator account or was that disabled as well?

    >>
    >> That was disabled as well.
    >>
    >> Yousuf Khan

    >
    > That's by default, so don't worry about that.
    >


    It's still a mystery why the other accounts got disabled. Wonder if it
    could've been a Microsoft bug?

    Yousuf Khan
     
    Yousuf Khan, Jul 30, 2010
    #15
  16. Yousuf Khan

    Yousuf Khan Guest

    On 30/07/2010 7:39 PM, Frank wrote:
    > More likely, an operator error.


    Good answer, considering that there were no operators around at the time.

    Yousuf Khan
     
    Yousuf Khan, Jul 31, 2010
    #16
  17. Yousuf Khan

    Mr Baracuda Guest

    frank is this newsgroups senile wrinkled old bastard that thinks he knows
    stuff about computers... BUT HE DOESN’T!

    ignore him, or better yet, if try making fun of him like I do... its really
    enjoyable to kick suck a lowlife in the ass!



    "Yousuf Khan" wrote in message news:4c53be15$-lp.com...

    On 30/07/2010 7:39 PM, Frank wrote:
    > More likely, an operator error.


    Good answer, considering that there were no operators around at the time.

    Yousuf Khan
     
    Mr Baracuda, Jul 31, 2010
    #17
  18. Yousuf Khan

    Mr Baracuda Guest

    There are 2 ways to motivate a person

    with a stick
    or with a carrot

    we stuck both in franks ass and he is still not motivated!

    DAMN THE OLD BASTARD!

    "Frank" wrote in message news:4c5446a6$-privat.org...

    On 7/30/2010 11:09 PM, Yousuf Khan wrote:
    > On 30/07/2010 7:39 PM, Frank wrote:
    >> More likely, an operator error.

    >
    > Good answer, considering that there were no operators around at the time.
    >
    > Yousuf Khan


    Really? So your computer destroyed itself all by itself?
    WoW! I've never heard that one before.
    Well, maybe capin' crunch has used that excuse for his incompetence.
     
    Mr Baracuda, Jul 31, 2010
    #18
  19. Yousuf Khan

    Mr Baracuda Guest

    you are old and gay...

    you are more of a creep than I thought....

    give me your csons email so I can send him what his daddy is posting in
    newsgroups

    ill bet they will be proud of you

    Ill CC it to your local pastor too.....

    "Frank" wrote in message news:4c54c559$-privat.org...

    On 7/31/2010 5:31 PM, Mr Baracuda wrote:
    > others watch tv, go to ball games or shoot pool
    >
    > I lick franks ass!
    >
    > It’s a hobby of mine!

    ---------------------------------------

    hehehe...AND YOU LIKE IT!...lol!
    OOPS!
     
    Mr Baracuda, Aug 1, 2010
    #19
  20. Yousuf Khan

    Parko Guest

    On Sat, 31 Jul 2010 08:52:37 -0700, Frank scrawled:

    > On 7/30/2010 11:09 PM, Yousuf Khan wrote:
    >> On 30/07/2010 7:39 PM, Frank wrote:
    >>> More likely, an operator error.

    >>
    >> Good answer, considering that there were no operators around at the
    >> time.
    >>
    >> Yousuf Khan

    >
    > Really? So your computer destroyed itself all by itself? WoW! I've never
    > heard that one before.


    Not heard of a brown out, Fwank? It's the opposite of a power surge.

    http://www.dtidata.com/resourcecenter/2007/08/07/hard-drive-recovery-
    power-failure-surge-brown-out/

    And your solution to the OP's problem was useless, as usual.
    --
    You will be prompted to restart the computer. Click Yes. "This is not a
    psychotic episode. It's a cleansing moment of clarity."
     
    Parko, Aug 1, 2010
    #20
    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. AidyD
    Replies:
    5
    Views:
    3,635
    AidyD
    Jan 7, 2010
  2. win7
    Replies:
    2
    Views:
    13,386
  3. Oldster

    User Accounts page displayed on startup.

    Oldster, Jan 9, 2010, in forum: alt.windows7.general
    Replies:
    13
    Views:
    2,857
    Oldster
    Jan 11, 2010
  4. chrisgray1497
    Replies:
    2
    Views:
    11,859
    Veedaz
    Feb 12, 2010
  5. odin the terrible

    Assistance wih User Accounts in Windows 7 64-bit

    odin the terrible, Jan 6, 2011, in forum: Windows 7 Support
    Replies:
    1
    Views:
    1,593
    TrainableMan
    Jan 11, 2011
  6. littlex
    Replies:
    10
    Views:
    6,421
    TrainableMan
    Jan 26, 2011
  7. heloego

    User Accounts

    heloego, Feb 28, 2011, in forum: Windows 7 Support
    Replies:
    4
    Views:
    1,588
    heloego
    Mar 1, 2011
  8. Bart-K

    taskbar icons 'gone but not gone'

    Bart-K, Feb 6, 2016, in forum: Windows 7 Support
    Replies:
    3
    Views:
    642
    jefboyardee
    Feb 8, 2016
Loading...