Deleted NT Authenticated Users from my domain, now I can't access.

Hello folks from Seven Forums,

I have a real issue here, hope anyone can help.

I had a security issue with my computer. Someone accessed my account from another domain, maybe some kind of malware tagged as kwikdelivery.com.

However, I managed to get it out of my domain, by eliminating it from a domain administation panel on Windows, but on my ignorance, and seeing it as some name that I don't know I deleted NT Authenticated Users from the domain too.

At first it didn't seem to be a trouble because I didn't shut down or restart my computer in a while, but when I actually wanted to get back to my account by entering the password, when it access, the computer screen stays black. I can access to the CTRL+ALT+DEL menu and click on Task Manager, but the app doesn't open and the screen keeps black.

I want to know how to solve this issue but I don't know what could be the best way to achieve this without risking my files.

Can anyone give me advice on how to solve this issue?

I have another HDD from which I can work on the affected one.

Thanks in advance!

Welcome to the forum. I am not clear you have a local PC and also a DC is it a company one or private? Can you get onto domain locally

samuria said:

Welcome to the forum. I am not clear you have a local PC and also a DC is it a company one or private? Can you get onto domain locally

Hi, thank you for the response!

It's my personal computer, I think it got infected by a malware because someone got it inside a domain I don't know. That kwikdelivery.com domain is not from my work. Maybe because the computer did not have a password initially they could break through it easily.

You've already lost. Once you realize a virus is running on your system it's already too late to act, it could do virtually anything you can do. At this point, the best, and really the ONLY way out of the mess is a clean install. Take adventage of the spare HD you mention and use that to backup all your files. Be sure to never, ever start the affected system again, do all this from another OS, to minimize possible damage.

townsbg said:

If you don't have a system backup then your safest bet would be a reinstall.

One should be wary of backups too, as those could be affected as well as the system. Even the widely advertised (here) "system images" are poor for recovering against a security compromise. You must ensure the system was safe at the time of taking the "backup". Being infected and you knowing about it are very different things.

Alejandro85 said:

You've already lost. Once you realize a virus is running on your system it's already too late to act, it could do virtually anything you can do. At this point, the best, and really the ONLY way out of the mess is a clean install. Take adventage of the spare HD you mention and use that to backup all your files. Be sure to never, ever start the affected system again, do all this from another OS, to minimize possible damage.




One should be wary of backups too, as those could be affected as well as the system. Even the widely advertised (here) "system images" are poor for recovering against a security compromise. You must ensure the system was safe at the time of taking the "backup". Being infected and you knowing about it are very different things.

I see it's probably too late, but at least I want to be able to make a backup of the files I had on the other HDD, I know it's infected so, what could be my best approach?

I have my spare HDD and a HDD 2.5" enclosure to connect it to my spare.

Should I scan it with some sort of antivirus & antispyware software to get rid of any virus/malware remains?

I appreaciate your comments.