Results 1 to 5 of 5
2014-11-10, 11:11 #1
Standard user profile keeps disappearing
I have a customer who has Windows 7-64 bit. About two weeks ago I wasn't available to fix his computer, so he took it to a friend of mine who basically wiped the drive and reinstalled Windows. Now, a strange thing is happening: his standard user account keeps disappearing, along with the icons which were in the account with administrator rights. Also, Trend Micro disappears. I recreated his standard account, reinstalled Trend Micro, and set up some icons for MS Office. He called back and said that the same thing happened again.
My guess is that either (1) there is some new malware out there which Trend Micro hasn't yet detected, or (2) my friend installed a bootleg copy of Windows 7 which is vulnerable in some way.
Anyone have any thoughts on what might be the cause of this?
2014-11-12, 12:46 #2
I checked my friend's copy of Windows, and it does not appear to be a bootleg copy.
Further detail about this problem: It appears that every day, Windows resets itself to new, out-of-the-box condition. Anything that the user installs or sets up disappears. It is as if you did a backup when you first installed Windows, and then that backup is restored each night, wiping out whatever you have done since the install. The standard user profile that I created disappears; and the default account you create when you initially install Windows (the one with administrator rights) loses the icons I put there, and the password is cleared - no password is required.
I did a scan with Malwarebytes, and I turned off the System Maintenance Troubleshooter. We'll see how things turns out when I check it next.
2014-11-12, 14:53 #3
- Join Date
- Dec 2009
- Thanked 813 Times in 728 Posts
Does his user directory disappear?
Do the installed programs in Program Files (x86) and/or Program Files directory disappear or just the short cuts to them?
Did you check his startups for any strange entries that could be wiping things out at boot?
2014-11-12, 15:59 #4
- Join Date
- Oct 2012
- Thanked 267 Times in 260 Posts
If this happens on reboots, there are a number of programs that do exactly that (restore to previous state). Returnil is the one I'm familiar with but there's also Deep Freeze and probably some "optimization" suites carry the same capability as one of it's utilities.
2014-11-12, 16:46 #5
The person who wiped his drive and reinstalled Windows is a hardware tech, not a software tech. Perhaps he installed a utility which restores things to their previous state, with the idea that if the computer got infected, the infection would go away by the next day.
The user directory does not disappear. However, I didn't check the contents of it, to see if the contents were still there.
The program folders are still present in the Program Files (x86) and Program Files directories. I checked his Irfanview and Trend Micro folders; I couldn't find an .exe file in either. However, he still had shortcuts for MS Office 2007. The MS Office shortcuts still worked.
I have not checked his startups.
I'll check these things next Tuesday, when I see him again.
As a possible workaround, I copied all of the icons I created into a C:\icons folder and instructed the user to run them from there if they disappear again. Hopefully that will at least allow him to work.
Thanks to everyone for their help.