Jan 13, 2009 at 12:32 AM
Posts8Registration dateWednesday November 12, 2008StatusMemberLast seenMay 18, 2009
Jan 13, 2009 at 07:29 AM
Hello, I am trying to help a friend who has an older Dell laptop running XP Home with SP 2. He acquired the Spyware Guard 2009 trojan which erased his Restore Points, locked him out of Safe Mode, and disabled programs like Malwarebytes' Anti-Malware and would not let him open them to run on his system. On top of that, he got the continual pop-ups pushing him to buy the (Russian-based) software that would 'cure his problems. He knew enough not to go for that.
Following advice he found on the Internet, he used Task Manager to stop the Spyware Guard process from running. In the 2-3 minute window he had until the trojan re-created the files, his AVG anti-virus program kicked in and spotted 4-5 trojans on the drive, removing them all. AVG said that there were infected files in the computer's system files, and should AVG run a scan for them at the next reboot? The subsequent scan of system files showed 2-3 temporary files and 10-12 other files - probably system files, I wasn't there ' and removed them all as infected.
At that point, my friend was unable to get past the login window and gave me a call. I am no expert but I am fairly familiar with computers and have had some success in correcting problems. Here is what I have already tried:
1. Booting from the XP re-installation disk. I get stuck at the same place as many others. After selecting 'R,' I am asked for the Administrator password, and the program will not let me pass without one
2. I have used ERD Commander 2005, Ophcrack, PC LogIn Now, and Ultimate Boot CD. I am persuaded from the results that there are no passwords for the Administrator account or the other account (which also has administrator rights)
3. I have been unable to figure out how to set an Administrator password using any of the above programs. PC LogIn Now shows me that the password is empty and is that it will never expire, but I can't change any of the checked fields (several of which are grayed out)
4. Using ERD Commander File Commander, I can pull up the friend's files and select them for copying. The problem is that ERD Commander 2005 does not appear to recognize the flash drive in the USB port [Question: Could I copy the ERD Commander ISO onto the flash drive and set the Boot sequence to load from the flash drive, and ' if that works - then copy the files onto the flash drive?]
5. In Safe Mode, the arrow key is frozen (uselessly) to the left side of the monitor, and the last time, the computer would not go into Safe Mode at all
6. I tried the triple Alt-Ctl-Delete trick at the login screen (not the Administrator account, but later I switched to it). I got the box with the account name and a blank box for the password. The computer did not recognize my attempts to enter a new password ' it reacted as though I was trying to use an existing password to access the account
In summary, there is no Administrator password or password for the other user account on the laptop, and never has been. I can't figure out how to use the programs I have to set a password that could then be used to get to the Repair Console on the XP re-installation disk.
Why on earth would the re-installation disk ask for an Administrator password when there isn't one, and then refuse to let me past the query by simply pressing the Enter key?
I have read through the previous advice provided by the contributors and am constantly impressed by their generosity with their time and expertise.
I think my problem is different only in the sense that I 'know' there are no passwords on the computer. How do I get past the query on the XP re-installation disk so as to accress the Recovery Console?