09-27-2012 10:16 PM
You can try out a simple step and check if it is working.
You will need to restart the computer in safe mode with networking. And after that try to log in to the account that is infected. If that is not happening, try logging in to another "admin" user account, if you have one.
If you do not have any and the only option is to reach a cmd prompt, please create a new admin account from that. You can use the following commands for that.
net user /add useraccountname mypassword
net localgroup administrators useraccountname /add
net share concfg*C:\\/grant:useraccountname,full
net user useraccountname *
If you are getting an error at the 3rd line, you may have hidden the admin account and needs to unhide it.
And you can do that using the commands,
net user administrator /active:yes
net user administrator <Password>
And after you have successfully created/unhide your admin account, log in to it in safe mode itself using the new admin account.
From there, you will need to search and delete several files.
You will need to find a file named lsass.exe in program data corresponding to the infected user account and remove it.
You will also need to check for any files or folders with "random" names in "program data" and roaming appdata.
If you were able to log in to the infected user account using the safe mode option, type "%allusersprofile%" in "run" command and check for "random" name files and folders and remove them. And again type %appdata% in "run" command and then remove all "random name" files and folders. And while you are at it, check for "lsass.exe" file.
For an example of random named files is ... fghzide.exe
After doing these try rebooting in to normal mode. It should log in. Please let me know the out come.
This is why the likes of Bleeing Computer blocks non malware specialists from threads
The instructions given for starters requires Safe Mode, and even then hope you don't have extras and screw up.
See the users subject title
09-27-2012 10:18 PM
Some times it affects other programs in the computer also. If you have downloaded a freee version of AVG from an unreliable location, remove that first. And run NPE, it helps....well some times....and try not to remove everything that NPE suggests, remove only "random name" files.
USELESS, thread creator has no safe Mode to speak of uninstall ...................... hahahahahaha
09-27-2012 10:25 PM
Hey, genius, thats why the instructions for going in to the cmd was given. And this could also help other guys who are checking this thread.
Why can't you be a little open to new suggestions. If I have written something wrong, please feel free to correct it and provide modified instructions so that you can actually help them and not stamp up on them.
I agree these are not the most advanced trouble shooting steps, and I intend these for the beginners only.
Since, the guy is only able to reach the cmd, he can navigate to the locations using the cmd itself and try searching for all these files. Why can't you just ask to do that? Why can't you just provide simple solutions or help the beginners. It does not hurt to help others in a nice way.
09-27-2012 10:33 PM - edited 09-27-2012 10:37 PM
Because it is dangerous and I have already given instructions for the thread creator who this thread is for and I have given instructions to hand are waiting.
You are just another one that goes in all guns and these type of people are dangerous, no logging, no lets look, that is why people in my field are so good at what we do, and why malware forums like Bleeping Computer block this from happening. to stop users from giving outher information to a infected system and user.
I do help the so called "beginners" from males, females, young, old and even now and then PC techs.
The tools used are for beginners (under guidance by the likes of myself)) I do the bulk of the reading and scripting, and also find other infections and at times partitions to delete.
It is as simple as that.
09-27-2012 10:43 PM
I appologize for the inconvenience. I was thinking of only people who are stranded with this infection and just who wants to give it a try to fix the issue their own. I have tried this on couple of computers and so far this has worked.
And was'nt the last post easier than being sarcastic?
09-27-2012 10:48 PM
Malware removal; people, and I have done this for a few years, has a sense of what is going on but also when another user is giving bad info
I got another way to remove it for you DOD the Hard Drive that works to.
09-27-2012 11:08 PM
Sorry, dude... no time to argue. Did not want to get in to the fight in the first place.
Take care of the poor guy and the one who got in your way...