I was asked to look at a computer yesterday, with the following problem(s):
All users except the guest account have been deleted, and the guest account can only be accessed for login by hitting CAD twice. No new users can be added due to access restrictions. Also, the antivirus software is gone, and no new software can be installed(again, access restriction). Trying to use the internet (IE) results in frequent drops, essentially any time enter is hit. Attempts to boot from Norton Antivirus 2004 let me run a scan on the antivirus cd and only the antivirus cd. Whatever drive the cd is in is renamed to A:.
Oh, and this is a stock system, don't remember what brand (probably compaq), only 1 hard drive.
Any ideas on how to salvage the computer other than a clean OS install? Trying to avoid that due to lots of important files with no backup copy. Also would prefer not needing to stick the HD into another comp since it's too far to go back and forth, and I don't want to take mine out there.
Full Version: A virus?
It does sound like a virus to me (especially the antivirus is gone, for what reason?), but it also looks like one of those net-machines used in public libraries (nothing can be installed).
Is this XP Home or Professional? Probably Home since in Pro when you press CAD twice you can logon to the administrator account.
Boot into safe mode and logon using the administrator account. Hopefully the person knows the password, but most likely there is no password. People tend to bypass that part
Once in safe mode, access the Documents & Settings folder and look to see if folders for the deleted users exist. If they do, that's great...the data is probably in those folders. If they don't, uh oh. Looks like data recovery may be needed.
You can try doing a system restore at this point. If that doesn't work try recreating the user accounts then reboot normally.
Once you reboot and logon using one of the accounts you may need to do some tweaking, like changing the target of the My Douments folder, resetting the profile, etc.
An important question to ask is if anyone used encryption on their data. If they did the only way you may be able to access the data is with the administrator account (hopefully).
Boot into safe mode and logon using the administrator account. Hopefully the person knows the password, but most likely there is no password. People tend to bypass that part
Once in safe mode, access the Documents & Settings folder and look to see if folders for the deleted users exist. If they do, that's great...the data is probably in those folders. If they don't, uh oh. Looks like data recovery may be needed.
You can try doing a system restore at this point. If that doesn't work try recreating the user accounts then reboot normally.
Once you reboot and logon using one of the accounts you may need to do some tweaking, like changing the target of the My Douments folder, resetting the profile, etc.
An important question to ask is if anyone used encryption on their data. If they did the only way you may be able to access the data is with the administrator account (hopefully).
QUOTE(Alan @ 12-12-04, 10:41pm)
Is this XP Home or Professional? Probably Home since in Pro when you press CAD twice you can logon to the administrator account.
Boot into safe mode and logon using the administrator account. Hopefully the person knows the password, but most likely there is no password. People tend to bypass that part
Once in safe mode, access the Documents & Settings folder and look to see if folders for the deleted users exist. If they do, that's great...the data is probably in those folders. If they don't, uh oh. Looks like data recovery may be needed.
You can try doing a system restore at this point. If that doesn't work try recreating the user accounts then reboot normally.
Once you reboot and logon using one of the accounts you may need to do some tweaking, like changing the target of the My Douments folder, resetting the profile, etc.
An important question to ask is if anyone used encryption on their data. If they did the only way you may be able to access the data is with the administrator account (hopefully).
Boot into safe mode and logon using the administrator account. Hopefully the person knows the password, but most likely there is no password. People tend to bypass that part
Once in safe mode, access the Documents & Settings folder and look to see if folders for the deleted users exist. If they do, that's great...the data is probably in those folders. If they don't, uh oh. Looks like data recovery may be needed.
You can try doing a system restore at this point. If that doesn't work try recreating the user accounts then reboot normally.
Once you reboot and logon using one of the accounts you may need to do some tweaking, like changing the target of the My Douments folder, resetting the profile, etc.
An important question to ask is if anyone used encryption on their data. If they did the only way you may be able to access the data is with the administrator account (hopefully).
Yup, it's XP home. I'll give this a try when I'm out there next, probably be a few days. Just hope there IS an administrator account, and that I can find it.
Thanks.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.