[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 383
  • Last Modified:

After Virus and Trojan clean up of the Registry, I get the error - unable to log you on because of an account restriction

I was working on a machine remotely and was having an issue with the Windows Update Service not allowing me to set it to Automatic.  The Windows Update service was disabled.  After some research, I found the resolution here at Experts-Exchange.  Message ID 21615856

With this resolution, I searched the registry for the trojan/virus entry that was hooked into the IE AddOns.  I deleted all refrences to the file name that was listed.  After successfully acomplishing this task, I rebooted the Machine.

The machine rebooted and when I got to windows, the system was prompting me for a password for the user account  No password was initially assigned.  I can not access the system now.

0
DJBrotherDon
Asked:
DJBrotherDon
1 Solution
 
brad4444Commented:
Seems obvious but did you try just clicking ok without a password?
0
 
LeeTutorretiredCommented:
Well, maybe a first step in solving this problem is resetting the unknown password.  This site allows you to download files needed to create a bootable floppy disk or CD-ROM which contains a program that can be used to reset passwords on a Windows NT-based OS (such as WinXP and Vista):

http://home.eunet.no/~pnordahl/ntpasswd/
Offline NT Password & Registry Editor

It is a rather "geeky" tool; not a nice Windows graphical user interface.  You might want to check this page for a demonstration of its use, with screenshots provided in the article:

http://blogs.techrepublic.com.com/window-on-windows/?p=639
Reset lost Windows passwords with Offline Registry Editor

There is also a video about using this tool here:

http://blogs.techrepublic.com.com/itdojo/?p=140&tag=nl.e550
Video: Reset Windows passwords with the Offline NT Password and Registry Editor

0
 
DJBrotherDonAuthor Commented:
I have tried to reset the password on this machine for the owner account and the Administrator Account, however, the issue still exists.  The passwords were origionally blank, and now I have set the password and the system will not accept the passwords that I have set using the Offlie Registry Editor.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
LeeTutorretiredCommented:
Well this question on the FAQ page suggests that blanking the passwords is the best option:

It seems to change the password, but NT won't agree.
The NTFS code wasn't that great after all (probably didn't write things properly)
My code wasn't that great after all. (it didn't change or changed in the wrong place. The V struct is still marked "here be dragons..")
Try blanking the password instead (menu selection 1), this may straighten things out. In fact, reports indicate: BLANKING RECOMMENDED!
If it still won't work, see the previous solution.
Blanking will probably be the only option in newer releases.
0
 
MonajiCommented:
Try this, it worked for me.
Download a CD image from
http://home.eunet.no/~pnordahl/ntpasswd/cd080802.zip,
Extract the image and Burn the Image to a CD
This Will make a bootable copy of the Off-line NT Password & Registry
Editor

On the affected PC Boot from this new CD

Note: Do not type the brackets [ ], only the data in the Brackets
Note: All Keys and commands are Case Sensitive
Note:****** It is very important to make sure your spelling is correct and
the case is correct****

After the boot is complete, Press [1] and then press [Enter] to select the
Boot Partition
Then Press [Enter] to accept the Default registry Directory]
Then Type [system] and press Enter
Then Type [9] to invoke the Registry Editor

Type [ls] to list the available keys

You should see one or all of the following
[ControlSet001]
[ControlSet002]
[ControlSet003]

1 Type [cd ControlSet00x] and Press [Enter] (Replace the x with the actual
ControlSet number that you see)
2 Type [cd Control] and Press [Enter]
3 Type [cd Lsa] and Press [Enter]

4 Type [nv 7 Authentication Packages] and press [Enter]
5 Type [ed Authentication Packages] and press [Enter]
6 Type [msv1_0] and press [Enter]
7 Type [--q] (two dashes) and press [Enter]

Type [hive 0] and Press Enter
Repeat Steps 1 - 7 for each ControlSet00x value that exists.

After your last change press [q] to Quit then Press [Enter].
Then Press [q] again and press [Enter]
Then Press [y] and press [Enter] to write the data back to the registry

This will Write the data to the Registry.
If you get an error that umount was not successful, then type the command
[umount all] and press [Enter]

When you are finished, you should be at a prompt with just a Number Sign

#

Remove the CD and Press [CTRL+ALT+DEL] to Reboot the computer
You should be able to log into the computer at this point.
0
 
DJBrotherDonAuthor Commented:
Thank you for your solution.  These steps worked perfectly to correct my issue.  The Keys shown were deleted during the registry clean, and this solution put the necessary keys back.  Thank You.
0
 
DJBrotherDonAuthor Commented:
Thank you for your solution.  These steps worked perfectly to correct my issue.  The Keys shown were deleted during the registry clean, and this solution put the necessary keys back.  Thank You.
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now