Link to home
Create AccountLog in
Avatar of mark_D74
mark_D74Flag for Ireland

asked on

Windows XP login password problem

I have a PC here which was locked by one of those India-based people who phone you, take over your PC and then lock you out unless you pay them.  So before booting to Windows, you would see this dialog:

User generated image
I used Boot CD (Offline NT/2000/XPVista/7 Password changer) to disable Syskey and while I was at it, blanked the various administrator passwords that were there.  Now, the above password dialog has disappeared, but even though the admin passwords are all blank, Windows still asks for a password when trying to log into any of them.

Has anyone any ideas?
Avatar of pjam
pjam
Flag of United States of America image

You still have malware so I would boot to one of the AV Rescue CDs and run a scan.
Avatar of rindi
Are you able to logon if you boot to safe mode? Did you also try disconnecting the LAN cable?

If you can logon in safe mode, start msconfig and disable everything you can from automatically starting. After that if you can start in normal mode scan the system using malwarebytes and allow it to remove any malware it finds.

http://malwarebytes.org
Avatar of mark_D74

ASKER

The same thing happens in safe mode.

I haven't scanned for malware, but I have checked for autoruns and there's nothing obvious there.  I'll scan for malware next.
It is malware. Its NOT actually asking for a valid XP password. Its a scam that you fell for by letting somebody access your computer!

First thing to do is to get access to ALL ONLINE accounts you have every used and change the passwords from a SECURE COMPUTER.

You then need to run malware detection software and clean this computer.
@Neilsr  Thanks, but it's not actually my PC and I've advised the owner to change all of his passwords from his other PC.  The original password dialog (as shown above) was the standard windows one which you can enable by running syskey and when I disabled syskey while in an offline state, this dialog disappeared as expected.  The problem now is that the WXP "welcome screen" which lists the various user accounts now prompts for a password for all of the accounts, even though I've blanked all passwords using the same NTPasswd tool.  If I press ctrl+alt+delete twice to get the standard logon screen (where you get to type in the username and password rather than just click the user), the exact same thing happens.
Avatar of ThomasMcA2
ThomasMcA2

@ThomasMcA2  I've just completed that.  It found a couple of viruses and corrupted executable files, but that didn't correct the problem.  The Windows logon screen still looks for passwords even though they should be blank.
SOLUTION
Avatar of ☠ MASQ ☠
☠ MASQ ☠

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Although Masqueraid's solution would have been useful in solving the problem I had this morning before I raised the question on EE, it wasn't a solution to the problem I originally posted.
Thanks

It's just the "Store startup key locally" stage in my post above which the "Disk we dare not name" doesn't do as the utility just blanks the passwords which is why you got the extra stage.

It's suprising how many people still fall for variations of the "We're from Microsoft, your computer has contacted us because you need our help" scam :(
Forgive me but I don't understand the "solution".  What did you really do?
Why is the live CD unmentionable?
I'd like to know what tools and what steps need to be taken.
There are several boot CDs out there which contain unlicensed tools.  According to Experts-Exchange, who corrected me when I mentioned the boot CD I used above, this means it can't be mentioned on EE.  But I guess it's ok to advise that were you to google the innocuous phrase "all in one bootable cd", you might stumble across it among the top few results.
:D - it also rhymes with Sirens*! - That disk used to contain a lot of pirated utilities, but because these are more widely available now it has only free or "try-before you buy" versions.  The only issue remaining now is that the image they supply contains Microsoft's bootable code for XP which they don't have permission to redistribute.  Until they use a different bootable environment EE doesn't allow reference to it here.

*Other bootable repair media are available
(Ultimate Boot CD for Windows - UBCD-W for example)