(I did read the “Computer Questions” thread, I swear…well, ok, I went through it with the “Find” command, but still…)
I have a computer which is about 8 years old. It runs Windows 2000 Pro. AVG runs and updates every morning automatically, and I have just run both AdAware and SpyBot.
When I run AdAware/Spybot my AVG pops up with a “Threat Detected!” box, but I can neither heal nor quarantine the file.
Some cursory googling told me that mssync2020 is a Trojan. I also found detailed instructions on how to remove it. This requires going into safe mode. I then found instructions for getting into safe mode. Bully.
Except not. I purchased my computer from the company I used to work for. Since multiple people used the same computer we all had passwords to log on. When I try to boot into safe mode it will not take my password. It will not take no password at all.
So my questions are several: Am I missing something? Is there some extra step I’m missing (F8 during startup, select “Safe Mode”, waiting, getting rejected)?
And if it turns out that I cannot get into safe mode, could I use a program like Hijack This to remove this Trojan?
There are several programs out there that can strip an XP password and IME they work on 2K as well.
This is the one I use in my business, works like a charm. There may be free ones out there but I also know many of the free solutions are not all that trustworthy.
Hijack this really only helps with browser modifications.
From looking at the link you posted, I could get this program, run it, and access my system from now on without a password. Is this correct? Because that would be sweet. I have/had enough admin privileges on this box to download programs (and do anything else day-to-day), but I know I don’t have full access.
You might want to wait for your dad. Even if you get into safe mode, “manual” removal instructions for many trojans/malware can involve editing the registry, deleting files from system folders, and generally doing things that can screw up your computer if you are not real familiar with the system.
I really don’t know your knowledge, and mean no offense. If you are comfortable playing around with the “guts” of the system, go for it.
Well, it helps that I know what I’m looking for. I did Autorun and there are several copies of the program on their list (which I figured, since I couldn’t close the threat window from AVG just once).
Dad is a truck driver (formerly employed by Diebold and Avaya…damn economy) so I don’t know when he’ll be available and undistracted again.
When I was little I did use DOS on our computer (I even wrote programs in BASIC) so I’m somewhat familiar with the guts. I’ve even installed my own memory!
I’m not totally ignorant, but I’m definitely not a master either.
The password stripper program is pretty straightforward, the only tricky thing is you have to burn it to a CD and boot from it, from there on out its just follow the prompts.
For me its been a real treat, I get to charge a 1hr minimum call @$49 for something that takes 3 min. I also get a free upgrade to the vista version since I was already a paying user …didn’t know that until I went to the site to grab a link for you.
So I download the program onto a CD, and during startup I push F8 and direct the computer to boot from the CD? Other than that, I think I can figure it out. Thanks so much for the help!
Well, I discovered that this is a password-stealing Trojan, as well as a keylogger. I haven’t noticed any strange activity in my bank account or anything - I don’t think it finds me particularly interesting. However, I’d hate for it to start now.
So I am going to a different computer to purchase that program that drachillix recommended. When I can get into safe mode, I’ll go from there.
'Cept I also have to figure out what SAM databases and logical drives are. Gurf.
Sequencial Access via Metadata, for your purposes, its where windows keeps its user and password data.
Logical drives are the partitions.
For example one drive divided into two partitions, C: and D: are one physical drive but two logical drives. There are RAID systems that can merge multiple physical drives into one logical drive as well just to make things illogical
I ran the password-change program. I had it scan all drives - logical, illogical, illegible, whatever. One SAM database.
It contained two profiles - the default admin and the default guest. My profile and username are firstinitiallastname. It’s not there.
How dangerous would it be to erase the password for the default admin and then try to log into safe mode that way? If I logged in as the admin, would I still have access to all the programs in my (personal) profile? Am I asking way too many questions? Should I just give in and get a new computer? (I can’t afford one at all, so it’s this one or none for at least a year.)
Klaatu if I actually get this fixed it will be a miracle and I will bake and send cookies. And I don’t bake.
I think that part of the problem is that I’m a user on a network that no longer exists. So I can log into my own computer, but all the stuff that would have been taken care of by Those IT People Over There is no longer available to me.
…didn’t know that until I went to the site to grab a link for you.
However, I’d hate for it to start now.