PC locked out - please help

G

Guest

My PC has picked up a trojan horse virus (filename thematri1hasyou.exe) and
WAS still running okay, albeit slowly. I thought I'd identified the virus as
the downloader trojan horse and was recommended by a anti-virus website to
treat it by restarting in safe mode (which i did via msconfig boot.ini tab
and then clicking on safe mode), ie not pressing F8).
The Pc restarts in safe mode and asks me to log in either as the
administrator or my usual log in name.
If I click on my usual log in, the computer resets.
If I click on the administrator it asks for a password which I don't
have/can't remember (btw, I've tried leaving it blank).
Any ideas on how to get back in are most welcome.
Paul (from his spare PC!!)
 
M

Malke

Paul said:
My PC has picked up a trojan horse virus (filename
thematri1hasyou.exe) and WAS still running okay, albeit slowly. I
thought I'd identified the virus as the downloader trojan horse and
was recommended by a anti-virus website to treat it by restarting in
safe mode (which i did via msconfig boot.ini tab and then clicking on
safe mode), ie not pressing F8). The Pc restarts in safe mode and asks
me to log in either as the administrator or my usual log in name.
If I click on my usual log in, the computer resets.
If I click on the administrator it asks for a password which I don't
have/can't remember (btw, I've tried leaving it blank).
Any ideas on how to get back in are most welcome.
Paul (from his spare PC!!)
Click to expand...

Change the Administrator password to a blank with NTpasswd.
http://home.eunet.no/~pnordahl/ntpasswd/

Then you should be able to get into the computer in Safe Mode. Go
through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with either Sysclean or Multi_AV, plus Ewido. Do all
prep/finishing work and follow instructions to do all scans in Safe
Mode.

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

If the procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a professional
computer repair shop (not your local version of BigStoreUSA).

Malke
 
G

Guest

I'll give that a try, many thanks - I'm definitely a novice so I might have
to take it to a shop.
 
M

Malke

Paul said:
I'll give that a try, many thanks - I'm definitely a novice so I might
have to take it to a shop.
Click to expand...

It is a wise person who knows their area of expertise.

Good luck,

Malke
 
G

Guest

I managed to reset the administrator password using the method Malke
prescribed - however clicking on administrator now has the same effect as
clicking on my username, ie it shows the "loading your personal settings"
screen for a few seconds and then resets.
Any suggestions before I take it to a pro/throw it out of the window?
 
M

Malke

Paul said:
I managed to reset the administrator password using the method Malke
prescribed - however clicking on administrator now has the same effect
as clicking on my username, ie it shows the "loading your personal
settings" screen for a few seconds and then resets.
Any suggestions before I take it to a pro/throw it out of the window?
Click to expand...

At this point it will probably be easier to just back up the data and do
a clean install. Certainly you can take it to a pro who is very good at
removing malware and they might be able to clean up the machine without
doing the clean install. Since I can't see the computer, I can't answer
that definitively. I'll tell you how to get the data off without
booting Windows and you can make the decision whether you want to do
this yourself. Don't underestimate yourself either; after all, you did
just fine with NTpasswd.

So, here are some things to try to recover your data:

1. Pull the drive and slave it in a computer running a working install
of XP. Depending on the target drive's characteristics, you may need a
drive adapter; i.e., laptop-to-IDE or a SATA controller card, etc. A
usb external drive enclosure works very well, too. Use the working
Windows Explorer to copy the data to the rescue system's hard drive and
then burn the data to cd or dvd.

2. Often XP will not boot with a slaved drive that has a damaged file
system. In that case, boot the target computer with either a Bart's PE
or a Linux live cd such as Knoppix and retrieve the data that way.

Make sure you scan the data with a current version (not earlier than
2005) antivirus using updated virus definitions before you copy it back
to a clean installation.

For the clean install:

http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To
http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows -
What you will need on-hand

Let me know if you need more help.

Best of luck,

Malke
 
G

Guest

many thanks Malke,
I will pass your message onto a friend who knows a little more than me and
we'll see if we can thrash it out.
your effort is much appreciated and I'll let you know how I get on.
 
M

Malke

Paul said:
many thanks Malke,
I will pass your message onto a friend who knows a little more than me
and we'll see if we can thrash it out.
your effort is much appreciated and I'll let you know how I get on.
Click to expand...

Hi, Paul. Yes, please do post back if I can help and please do let me
know how things work out for you.

Best of luck,

Malke
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Administrator problem when trying to run MSCONFIG 1
Trojan Horse Downloader 1
HELP ME, PLEASE Administrator's Password Needed! 11
Virus Infected..plz help 1
when i log my pc logs me out 1
unable to login on WindowsXP Home Edition 1
tojans took over my computer please help.... 9
Pc only works in safe mode - Help! 4

Top