Deleted NT Authenticated Users from my domain, now I can't access.

xedge

New member
Local time
5:20 AM
Messages
3
Hello folks from Seven Forums,

I have a real issue here, hope anyone can help.

I had a security issue with my computer. Someone accessed my account from another domain, maybe some kind of malware tagged as kwikdelivery.com.

However, I managed to get it out of my domain, by eliminating it from a domain administation panel on Windows, but on my ignorance, and seeing it as some name that I don't know I deleted NT Authenticated Users from the domain too.

At first it didn't seem to be a trouble because I didn't shut down or restart my computer in a while, but when I actually wanted to get back to my account by entering the password, when it access, the computer screen stays black. I can access to the CTRL+ALT+DEL menu and click on Task Manager, but the app doesn't open and the screen keeps black.

I want to know how to solve this issue but I don't know what could be the best way to achieve this without risking my files.

Can anyone give me advice on how to solve this issue?

I have another HDD from which I can work on the affected one.

Thanks in advance!
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Core i7-2640M @ 2.80 GHzSamsung DDR3 & Crucial Technology DDR3 @ 4GB ...Intel HD Graphics 3000
Computer type
PC/Desktop
Computer Manufacturer/Model Number
DELL
OS
Windows 7 Ultimate x64
CPU
Intel Core i7-2640M @ 2.80 GHz
Motherboard
Dell 0PF4YC
Memory
Samsung DDR3 & Crucial Technology DDR3 @ 4GB each
Graphics Card(s)
Intel HD Graphics 3000
Hard Drives
ST500LM0 12
Antivirus
Win Defender
Browser
Google Chrome
Welcome to the forum. I am not clear you have a local PC and also a DC is it a company one or private? Can you get onto domain locally
 

My Computer My Computer

At a glance

win 8 32 bit
Computer type
PC/Desktop
OS
win 8 32 bit
Welcome to the forum. I am not clear you have a local PC and also a DC is it a company one or private? Can you get onto domain locally

Hi, thank you for the response!

It's my personal computer, I think it got infected by a malware because someone got it inside a domain I don't know. That kwikdelivery.com domain is not from my work. Maybe because the computer did not have a password initially they could break through it easily.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Core i7-2640M @ 2.80 GHzSamsung DDR3 & Crucial Technology DDR3 @ 4GB ...Intel HD Graphics 3000
Computer type
PC/Desktop
Computer Manufacturer/Model Number
DELL
OS
Windows 7 Ultimate x64
CPU
Intel Core i7-2640M @ 2.80 GHz
Motherboard
Dell 0PF4YC
Memory
Samsung DDR3 & Crucial Technology DDR3 @ 4GB each
Graphics Card(s)
Intel HD Graphics 3000
Hard Drives
ST500LM0 12
Antivirus
Win Defender
Browser
Google Chrome
User accounts all have a unique ID so recreating it probably wouldn't work since the account would have a different ID. You would have to restore the account from a computer backup or from a system restore point. Since you recently got rid of a virus I would advise against using a restore point. If you don't have a system backup then your safest bet would be a reinstall.
 

My Computers My Computers

  • At a glance

    Windows 7 pro/Windows 10 ProIntel i7 860 Quad core 2.8 ghz8 gbATI Radeon HD 5770 1 gb ram
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    HP Pavillion Elite HPE-250f
    OS
    Windows 7 pro/Windows 10 Pro
    CPU
    Intel i7 860 Quad core 2.8 ghz
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5770 1 gb ram
    Monitor(s) Displays
    Alienware 25 AW2521HF & Viewsonic
    Screen Resolution
    1920 x1080 & 1680x1050
    Hard Drives
    WD blue 1 tb & 500 gb.
    Browser
    FF of course.
    Other Info
    https://www.bestbuy.com/site/hp-pavilion-elite-desktop-intel-core-i7-processor-8gb-memory-1tb-hard-drive/9921493.p?skuId=9921493
  • At a glance

    Windows 2012 R2 Data center/Linux Minti3 9100 3.6GHz, 8M cache, 4C/4T8GB 2666MT/s DDR4 ECC UDIMM
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    Dell Poweredge T140
    OS
    Windows 2012 R2 Data center/Linux Mint
    CPU
    i3 9100 3.6GHz, 8M cache, 4C/4T
    Memory
    8GB 2666MT/s DDR4 ECC UDIMM
    Monitor(s) Displays
    Viewsonic
    Screen Resolution
    1680x1050
    Hard Drives
    1 TB & 750 GB
    Other Info
    https://www.dell.com/en-us/work/shop/productdetailstxn/poweredge-t140?~ck=bt
You've already lost. Once you realize a virus is running on your system it's already too late to act, it could do virtually anything you can do. At this point, the best, and really the ONLY way out of the mess is a clean install. Take adventage of the spare HD you mention and use that to backup all your files. Be sure to never, ever start the affected system again, do all this from another OS, to minimize possible damage.


If you don't have a system backup then your safest bet would be a reinstall.

One should be wary of backups too, as those could be affected as well as the system. Even the widely advertised (here) "system images" are poor for recovering against a security compromise. You must ensure the system was safe at the time of taking the "backup". Being infected and you knowing about it are very different things.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Core i7-740QM8 GB DDR3NVIDIA GeForce 330GT
Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba Sattelite A665-S6092
OS
Windows 7 Ultimate x64
CPU
Intel Core i7-740QM
Memory
8 GB DDR3
Graphics Card(s)
NVIDIA GeForce 330GT
Screen Resolution
1366x768
Hard Drives
Samsung 840 SSD 500GB
1TB USB3 external HD
Cooling
Coolermaster Notepal U3 notebook cooling pad
Internet Speed
3mbps ASDL
Antivirus
ClamWin 0.98.7
Browser
Opera 12.17 x86 (main), Firefox 38 (sec), IE11 (last resort)
You're right. It depends upon how old the image is and when the problem started as well as where the image was located at the time of infection.
 

My Computers My Computers

  • At a glance

    Windows 7 pro/Windows 10 ProIntel i7 860 Quad core 2.8 ghz8 gbATI Radeon HD 5770 1 gb ram
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    HP Pavillion Elite HPE-250f
    OS
    Windows 7 pro/Windows 10 Pro
    CPU
    Intel i7 860 Quad core 2.8 ghz
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5770 1 gb ram
    Monitor(s) Displays
    Alienware 25 AW2521HF & Viewsonic
    Screen Resolution
    1920 x1080 & 1680x1050
    Hard Drives
    WD blue 1 tb & 500 gb.
    Browser
    FF of course.
    Other Info
    https://www.bestbuy.com/site/hp-pavilion-elite-desktop-intel-core-i7-processor-8gb-memory-1tb-hard-drive/9921493.p?skuId=9921493
  • At a glance

    Windows 2012 R2 Data center/Linux Minti3 9100 3.6GHz, 8M cache, 4C/4T8GB 2666MT/s DDR4 ECC UDIMM
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    Dell Poweredge T140
    OS
    Windows 2012 R2 Data center/Linux Mint
    CPU
    i3 9100 3.6GHz, 8M cache, 4C/4T
    Memory
    8GB 2666MT/s DDR4 ECC UDIMM
    Monitor(s) Displays
    Viewsonic
    Screen Resolution
    1680x1050
    Hard Drives
    1 TB & 750 GB
    Other Info
    https://www.dell.com/en-us/work/shop/productdetailstxn/poweredge-t140?~ck=bt
You've already lost. Once you realize a virus is running on your system it's already too late to act, it could do virtually anything you can do. At this point, the best, and really the ONLY way out of the mess is a clean install. Take adventage of the spare HD you mention and use that to backup all your files. Be sure to never, ever start the affected system again, do all this from another OS, to minimize possible damage.




One should be wary of backups too, as those could be affected as well as the system. Even the widely advertised (here) "system images" are poor for recovering against a security compromise. You must ensure the system was safe at the time of taking the "backup". Being infected and you knowing about it are very different things.

I see it's probably too late, but at least I want to be able to make a backup of the files I had on the other HDD, I know it's infected so, what could be my best approach?

I have my spare HDD and a HDD 2.5" enclosure to connect it to my spare.

Should I scan it with some sort of antivirus & antispyware software to get rid of any virus/malware remains?

I appreaciate your comments.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Core i7-2640M @ 2.80 GHzSamsung DDR3 & Crucial Technology DDR3 @ 4GB ...Intel HD Graphics 3000
Computer type
PC/Desktop
Computer Manufacturer/Model Number
DELL
OS
Windows 7 Ultimate x64
CPU
Intel Core i7-2640M @ 2.80 GHz
Motherboard
Dell 0PF4YC
Memory
Samsung DDR3 & Crucial Technology DDR3 @ 4GB each
Graphics Card(s)
Intel HD Graphics 3000
Hard Drives
ST500LM0 12
Antivirus
Win Defender
Browser
Google Chrome
You definitely need to scan it.
 

My Computers My Computers

  • At a glance

    Windows 7 pro/Windows 10 ProIntel i7 860 Quad core 2.8 ghz8 gbATI Radeon HD 5770 1 gb ram
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    HP Pavillion Elite HPE-250f
    OS
    Windows 7 pro/Windows 10 Pro
    CPU
    Intel i7 860 Quad core 2.8 ghz
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5770 1 gb ram
    Monitor(s) Displays
    Alienware 25 AW2521HF & Viewsonic
    Screen Resolution
    1920 x1080 & 1680x1050
    Hard Drives
    WD blue 1 tb & 500 gb.
    Browser
    FF of course.
    Other Info
    https://www.bestbuy.com/site/hp-pavilion-elite-desktop-intel-core-i7-processor-8gb-memory-1tb-hard-drive/9921493.p?skuId=9921493
  • At a glance

    Windows 2012 R2 Data center/Linux Minti3 9100 3.6GHz, 8M cache, 4C/4T8GB 2666MT/s DDR4 ECC UDIMM
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    Dell Poweredge T140
    OS
    Windows 2012 R2 Data center/Linux Mint
    CPU
    i3 9100 3.6GHz, 8M cache, 4C/4T
    Memory
    8GB 2666MT/s DDR4 ECC UDIMM
    Monitor(s) Displays
    Viewsonic
    Screen Resolution
    1680x1050
    Hard Drives
    1 TB & 750 GB
    Other Info
    https://www.dell.com/en-us/work/shop/productdetailstxn/poweredge-t140?~ck=bt
Back
Top