asked on Why at random login in Windows 8 my 'home-path' changes
We had a computer Windows 8 infected with malicious data. We ran comodo antivirus, spybot S&D, malware, etc. and cleaned it up.
At bootup, the %homepath% changed to temp.username.001 and randomly next boot up to .002 and so on. Yet the username at top is the same exact as when first purchased. It's like the path is always created and the user has to go to the original user\user-name to access the files.
whats going on?
At bootup, the %homepath% changed to temp.username.001 and randomly next boot up to .002 and so on. Yet the username at top is the same exact as when first purchased. It's like the path is always created and the user has to go to the original user\user-name to access the files.
whats going on?
Windows 8Vulnerabilities
Last Comment
jana
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
what do you mean by " Sounds about right for Comodo and spybot."?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
What is "hosed"?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
We are currently running the recommended apps for cleanup. However, our question still is:
When the this happens and the user logged in, he thinks that all his pix, videos, documentation has been deleted when it's not because when we go into the original username folder (c:\users\SusanSmith), all his data is there.
At this point the user has the following folders created under c:\users folder
Can somebody explain this?
Thanx in advance.
- Why after the initial cleanup with the apps (with apps comodo antivirus, spybot S&D, malware, etc.) it changed the %homepath% to temp.username.001 and an actual folder is created as temp.username.001? (where the 'username' is replaced by an actual user name of the user, example 'temp.SusanSmith.001')
- Then at random PC restart %homepath% is changed to temp.username.002 and a folder is created with same name
- Again, in another restart, change the %homepath% to temp.username.003 and so on?
- Yet the username at top of the user screen is the same exact as when first purchased, for example it says at top 'SusanSmith'.
When the this happens and the user logged in, he thinks that all his pix, videos, documentation has been deleted when it's not because when we go into the original username folder (c:\users\SusanSmith), all his data is there.
At this point the user has the following folders created under c:\users folder
c:\users\SusanSmith
c:\users\temp.SusanSmith.0
c:\users\temp.SusanSmith.0
c:\users\temp.SusanSmith.0
c:\users\temp.SusanSmith.0
c:\users\temp.SusanSmith.0
c:\users\temp.SusanSmith.0
Can somebody explain this?
Thanx in advance.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
that seems a likely cause at last
ASKER
We ran then recommendations in ID: 41807751 to no avail.
that can be - but it does not hurt imo
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
hosed = corrupt
login as an administrator
from regedit go to
HKLM\SOFTWARE\Microsoft\Wi
go through the SID's S-1-5-21's
locate the profile image path of interest and rename the GUID to GUID.old
in c:\users rename the profiles that are corrupted. or backup all of them
You will have to determine which ones have files in them.
![Regedit]()
i.e. rename S-1-5-21-262614696-1447481
logoff and then login as the user, copy the users data (documents/pictures/video/
login as an administrator
from regedit go to
HKLM\SOFTWARE\Microsoft\Wi
go through the SID's S-1-5-21's
locate the profile image path of interest and rename the GUID to GUID.old
in c:\users rename the profiles that are corrupted. or backup all of them
You will have to determine which ones have files in them.
i.e. rename S-1-5-21-262614696-1447481logoff and then login as the user, copy the users data (documents/pictures/video/
ASKER
Thanx for the info. That is what we meant in "we found a series of tedious steps that comprehend of working with registry, etc." in D: 41815101.
ASKER
viable solution to our situation.