OS passwords no longer work. Help!

jwcater

New Member
Thread author
Nov 22, 2014
8
Hello, I am new to your forum and I hope I'm in the right place. I’m having a problem that I hope you can help me with. I am running a Windows 7 Home Edition desktop computer (at my home). Yesterday, I discovered that my OS password no longer works. I have admin rights on this computer. The only other user is my wife and her password no longer works either. I immediately suspected a virus. I own Windows Password Unlocker (WPU) and have it on a USB drive. I changed the boot configuration to boot to USB first. Using WPU, I removed the passwords for all users including administrator (created a null field) and rebooted – did not resolve problem. I booted from WPU again and then added a password for each user and checked the boxes that do not allow the password to be changed – didn’t resolve problem. So, I restored the OS to a previous moment in time using the Windows restore feature. This DID work and I was able to go through a normal Windows boot. I immediately made sure that my Norton AV and Malwarebytes databases were up-to-date and active (they have been running well simultaneously for months). After running full scans on both drives with both programs, I then ran my Hit Man Pro program. None of the three programs found any problems. I’m no computer guru but this really surprised me given that, today, the same problem is back. Can you offer any suggestions on how to remove this virus or whatever it is? Thanks in advance for your time.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.

  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"




FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

jwcater

New Member
Thread author
Nov 22, 2014
8
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.

  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"




FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

THE, thanks for helping but, as I stated in my post, I cannot log on to my computer. The last time my computer had this problem (yesterday), I did a Windows restore (before I posted a "help" message on this forum) that gave me temporary access but has now reverted to its original infected state. Yesterday, I could log on in Safe Mode (before I did the Windows restore) but immediately got a message "Windows Explorer has encountered an error and must shut down." When I attempt to close that message box, I can click on something and it may or may not allow me to proceed for just a second or two but then I get the same message popping up again. That's when I decided to do the Windows restore, updated my AV and Malware programs, ran scans and thought I had the problem beat. Later, I went back to that computer and found it in the original infected state. So, now I'm back to the point where I can, if I wish, boot into Safe Mode but with unpredictable results thereafter.

I do have another computer that is not infected (the one with which I'm using to write this post). So, I can download programs, copy to USB drive and boot from it - if that helps.

Also, fyi, it seems that there is another thread on this forum with the same title as mine. Not sure how that happened. Anyway, thought you should be made aware of it.

Lastly, before I read your post this morning, I powered down my infected computer. It is still down. I understand that, with a computer in an infected state, even something as simple as a power cycling can create problems but, again, I did that before reading your reply. I will follow your instructions carefully. Please read my responses carefully as I try to communicate effectively, the first time. I await your next instruction.

In your instructions, please keep in mind that I know more than the average layperson about computers/Windows OS, but nothing close to what someone like you knows. What would you have me do next?
 
Last edited:

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Okay, then we will scan outside Windows to see what is going on.


Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.
  • Plug the flashdrive into the infected PC.
  • Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
  • Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
  • In the Choose Recovery Tool menu select Command Prompt.
  • You will see a big black window with a blinking cursor (command prompt).



    notepad.png
    Access the notepad and identify your USB drive

    In the Command Prompt please type in:
    Code:
    notepad
    and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
  • Note down the letter and close the notepad.



    FRST.gif
    Scan with Farbar Recovery Scan Tool

    Once back in the command prompt window, please do the following:
  • Type in e:\frst64.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
  • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

    Transfer it to your clean machine and include it in your next reply.
 

jwcater

New Member
Thread author
Nov 22, 2014
8
Didn't get very far. I downloaded the Farbar file to the USB drive, went to infected computer, during boot pressed F8 and got message on screen "Loading FreeDOS . . . ROOT FAT KERNEL" and it seem to just freeze at that point.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's try this:



Ok, we will burn required tools on your USB.


Please download the following tools on your Desktop:
  1. Farbar Recovery Scan Tool x64
  2. Rufus
  3. Windows 7 RC x64

  • Insert your USB and then start Rufus
  • Select the ISO file win7 64bit rc.iso on the desktop via the ISO icon.

16kbazl.jpg


  • Under the Device select your USB Flash.
  • Press Start
  • When the process is complete, copy Farbar Recovery Scan Tool x64 on this USB
  • Insert USB into infected computer and power on the computer. Now you need to set your computer to boot from USB. In order to do that, follow this guide.
  • When you boot from USB, you will see image like this:

2mo49iw.jpg


  • Click Repair your computer
  • Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • When notepad opens, click File and select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter.
Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run. When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.
 

jwcater

New Member
Thread author
Nov 22, 2014
8
On the USB boot, it asked for the Keyboard Input Country first, then the attached image appeared on the screen. Sorry, image was too large to upload. I didn't get the "Windows 7 Install Now" screen with an option to "repair your computer" at the bottom. Instead, it indicated "Windows is loading files", then a dialog box appeared where "English" was grayed out and "US" was the default option. I clicked "Next" and was taken to another dialog box "System Recovery Options" where I could "Use Recovery Tools that can help fix problems starting Windows. Select an OS to repair" and there is no OS listed to select - that entire box was empty, no options. The other option was to "Restore your computer using a system image that you created earlier." Why didn't I see the screen that you showed in your instructions?
 

jwcater

New Member
Thread author
Nov 22, 2014
8
Sorry, but when things don't work as advertised, I sometimes tend to go rogue (I improvised). The notepad file that you wanted is attached.
 

Attachments

  • FRST.txt
    13.6 KB · Views: 40

jwcater

New Member
Thread author
Nov 22, 2014
8
During my improvisation, I got lucky (maybe unlucky) and found myself at the Windows Desktop! I went to Malwarebytes and poked around in settings. I saw that the "scan rootkits" block was not checked (by default, I discovered). Anyway, not knowing whether this was a rootkit issue, I checked the block and started a "hyper scan." I stayed with it but the computer blue-screened before the scan could finish. Before it crashed though, one "object" popped up and it was the PUP.Optional.Conduit.A. Of course, I don't know if that is the problem or not - just fyi.
 

jwcater

New Member
Thread author
Nov 22, 2014
8
It took a few tries for success. The files created are attached.
 

Attachments

  • Addition.txt
    30.1 KB · Views: 44
  • FRST (2).txt
    31.2 KB · Views: 31

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    1.3 KB · Views: 52

jwcater

New Member
Thread author
Nov 22, 2014
8
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

THE, after my previous post, the computer blue-screened again and I just left it alone until around 5am when I awoke and decided to boot it again and see if it would stay stable long enough for me to look for any obvious problems. Well, I found that my Windows Update settings mysteriously had been changed and were no longer updating automatically. There were 14 important updates awaiting installation, some of which were security updates. I quickly did that update and ran it again to make sure the updates didn't need updates - all was fine. I then began running every AV/MW scan, optimization and defrag I could find in NAV, Malwarebytes and Hitman Pro. The system seemed to stabilize. I updated the settings in those programs to scan more things automatically and more often. I wanted to use the computer and boot it several more times today to see if it remained stable. So far so good. If you could leave this "ticket" open a couple more days to see if continues to run ok, I would appreciate it. If you can't, that's ok, just let me know.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top