Results 1 to 4 of 4
  1. #1
    Lounger
    Join Date
    Feb 2003
    Location
    Minneapolis, Minnesota, USA
    Posts
    26
    Thanks
    0
    Thanked 0 Times in 0 Posts

    No pswd recognition on boot

    Edited by WyllyWylly to add bulleted list. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

    I'm running W2K on my primary workstation and today, it won't let me logon. Says it doesn't recognize my password.
    Stuff I've tried to-date:
    <UL><LI>it's not about caps lock
    <LI>I didn't change my password in the last session.
    <LI>I pinged the workstation from my laptop and used the IP address to telnet it. Apparently, telnet isn't installed on my Workstation (I think I once received advice from Woodys to disable all protocols to the internet that I didn't actually use to prevent more avenues for viruses).
    <LI>I can't logon using Administrative names and passwords that I assigned to other computers on the network so they could access shared data on my machine.
    <LI>The primary logon name is the same as the Administrator name and pswd on the workstation.
    <LI>I have used Microsoft Window's Update within the last 3 weeks[/list]Configuration of my network:
    <UL><LI>I use cable for internet services
    <LI>I run a server that acts as a router. It uses Windows 2000 Server Pro. I also have an apache web server running on that machine (as well as ftp server etc.)
    I typically access the server using terminal services from the Workstation, although I can access it directly as well. The workstation only has terminal services client installed.
    <LI>There are typically 2-3 computers hardwired to the LAN at any given time. However, I also have a wireless access point so that my roommate can access the internet from his workstation using a wireless card. (52g)
    <LI>The laptop runs WXP home.
    <LI>On the workstation, I use Norton Systemworks, which includes antivirus and Sygate firewall (the firewall is relatively new - within the last month after uninstalling Norton Firewall). However, the laptop is still using Norton Firewall. Both systems use Spykiller to get rid of malicious and advertising scripts, although it only works when I run it which I've done within the last 2 weeks. I continue to get the "Alexa" script on all machines within hours after I remove it.
    <LI>When I had Norton Firewall up, it let in what seemed to be a malicious script called winservn.exe (I think). It had a popup window that said PServ and came on before the antivirus or firewall upon booting. I also got what seemed like a malicious program called ssut.exe and it constantly wanted to access the internet so I told Sygate to always block it. These actions were guesses because it seemed like after those two things came onto my workstation, it started misbehaving in odd ways (I ran scandisk, chkdisk). I could not find and remove them using Add/Remove programs, I could only block their internet access.
    <LI>The workstation has a dual-boot setup for Linux or W2K.[/list]I hope that is all the pertinent information. This is really baffling to me. Could a virus do this? Have you ever heard of this kind of thing before? And if it's a virus, how did it get past all security?

    Thanks ahead of time for any help.
    Lisa <img src=/S/crazy.gif border=0 alt=crazy width=15 height=15>

  2. #2
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: No pswd recognition on boot

    I found WINSERVN.EXE at one of my favorite sites. It is a spyware component. No such luck for the other EXE you suspect is problematic.

    Can you log in using Safe Mode, or the Command Prompt With Safe Mode options? Can you attach to the workstation remotely, from another workstation? I have not personally heard of a virus disabling a password hash, but it certainly is possible.

    As far as getting past security, all the tools in the world will make little difference if the wrong program or script is run. I cannot say how this happened, but once you get into the workstation, there should be more clues that could explain it. But let's start small and see if we can get that far, first.
    -Mark

  3. #3
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: No pswd recognition on boot

    Another short note - the Alexa component is part of Internet Explorer. I have never found it to be much of a worry in experience, it is only invoked when you use the Related Sites in Internet Explorer's tool menu. The full blown Alexa service was once a great idea that turned into a parasite, but at this point it should be the least of your worries.
    -Mark

  4. #4
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Vienna, Wien, Austria
    Posts
    5,009
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: No pswd recognition on boot

    Sounds like you may have become victim of a Trojan. In some ways, these are more inisidious that viruses - as they are much harder to detect - but are less prevalent as they are harder to write. As a future first step in maintenance, try running SpyBot and Ad-aware - as mentioned in <!post=this Star Post,296439>this Star Post<!/post>. Running Hijack This could also be helpful. All three are free. I run the first two regularly and have good results. (Like Anti-Virus, they issue regular updates.) I also use Sygate - and am satisfied with it. There are commercial anti-trojan products available.

    As best I understand it, you can log on to the laptop and the server, but not to the workstation. Presumably, any mapped drives that you might have to the workstation are not open. If you have not already done so, use the Server to block the workstation's internet access a.s.a.p.

    As far as I can remember, you keep all your data on separate partitions from your Operating Systems. Thus, the unwelcome prospect of a reinstall would not result in any loss of work. On any future configuration, you might want to look at having a "backup" Administrator account.

    I appreciate that this doesn't really tackle the immediate access issue, but I hope it helps.
    Gre

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •