A Nasty Virus

I have a nasty virus, and I need some advice of what to do. First of all, it won't go away, I've scanned with malwarebytes, and like 5 different AV scanners. For this reason I'm thinking it was more of a physical prank then a virus. Basically my user account got turned into a guest. The administrator account is disabled, I can't enable it, or do anything which requires administrator privileges. In safe mode, I can only login to my (guest) account. I'm not sure what to do, and I can't even backup my files, make a new partition, etc.

I really don't think it's a virus, as this computer isn't even connected to the internet. What other options can I try?

Is admin account disabled by default (vista)?
I dont know if it will work from guest accnt but u can anable it by running a cmd window as admin and typing this:

net user administrator /active:yes

If you have another account with admin privledges u can use Offline NT Password & Registry Editor
to change the password on it.

Other than that...... Clean Load.

slithernet said:

Is admin account disabled by default (vista)?
I dont know if it will work from guest accnt but u can anable it by running a cmd window as admin and typing this:

net user administrator /active:yes

If you have another account with admin privledges u can use Offline NT Password & Registry Editor
to change the password on it.

Other than that...... Clean Load.

I've tried both of those, I can't do anything, the only admin account is disabled.

Hi there
I don't know HOW your machine got infected or even what the virus is but there is only one decent way you can get this computer clean again.

1) Download from the net a LIVE CD of any OS that has a proper hard disk erase utility. You need a Live CD since the OS can't be written to by any infections lurking in specific Disk sectors when you launch a program.

2) Run the erase utility. This should erase THE ENTIRE DISK (if you've partitioned it erase ALL partitions / logical drives). This ERASE should do a physical write to EVERY SECTOR ON THE DISK of binary zeros and preferably set to run for 3 or 4 passes. This should flush out ANY virus lurking in "un-erased" areas of your Disk.

Note a Windows or an Operating system delete doesn't actually physically delete data - it just marks that area on the disk is available for use again - and it could be a LONG time before new data overwites what was on the disk before. That's how these "Undelete" and "Unformat" type of utilities work.

3) Now re-install your OS from a KNOWN VIRUS FREE COPY. Install your AV software and then your applications checking carefully that they are all clean.

NOTE NOTE NOTE it's 100% important you run the Secure Erase type utility on your ENTIRE DISK(S). This - apart from buying a totally new set of disks is the only reasonably certain way of cleaning an infected machine.

Any other method that doesn't completely erase the disks via a "destructive write" i.e writes binary zeros to every sector on the disk can't be guaranteed to be effective these days -- there's some really clever stuff out there.



Note also that the advice above is for when a computer is actually infected. Normal AV protection hopefully should stop your machine getting infected in the first place but once you have an infection getting rid of it is not as simple as a lot of the AV software seems to think it is.

Trojans etc don't need the drastic action that I've specified above but the best safety mechanism is to do all your downloads on to a specific stand alone machine and only when it's passed the av scan check should you copy the data to the machine you want to use it on. Something like a network switch should enable you to switch the disks from the stand alone machine to the applicatopn machine.

If you can only use one machine then download say to an external device like a usb disk and scan it completely before allowing the data to be moved to a directory where you want to use it.

Cheers
jimbo