Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BlazeFind Malware: Cannot use Recovery Console

Status
Not open for further replies.
Dougall999

Dougall999

IS-IT--Management
Oct 18, 2004
8
0
0
GB
My friend is suffering from the BlazeFind Malware problem where you log into the computer and it logs straight back out again. I have read this thread which contains really usedful informarion (thread779-924408).

However when accessing Recovery Console via the XP Pro CD, we cannot get passed the admin password. We are using the password for his profile and he thinks he was an administrator but no way to be sure, leaving it blank does not work either and he has no other passwords. i don't think it would make any difference but its a Sony Vaio notebook.

He has recovery disks but he would lose his data if we used them. Any ideas on how the data could be saved?
 
Sort by date Sort by votes
What it wants is the original Administrator account used when the computer was first setup. Try "Administrator" and a blank or empty password.

If that does not succeed, try using the floppy disk method:
A final option would be to use an XP preinstallation enviornment and not Recovery Console.
 
Upvote 0 Downvote
Looks like you need some way of changing the administrator password in XP then. If it was me and I was in this situation, I'd be looking for a Linux boot floppy/CD with the appropriate software.

However, I might get my knuckles wrapped if I go any further.

Google is a wonderful thing though......
 
Upvote 0 Downvote
If the admin password was not set by your friend then it might be worth a call to his local sony support centre. it may be that this was set by them to a default password.

Failing that take a look at the FAQ i wrote for corrupt registry problems. Following my suggestions should get you sorted. faq779-5362

Greg Palmer
Free Software for Adminstrators
 
Upvote 0 Downvote
Thanks for the help guys. The strange thing is when I boot up and access the computer via safemode, I can see administrator profile icon to login. I have tried to guess the password and managed to get it right, it's 'password. Although it's correct I get the Malware problem and get kicked out straight away - annoying but at least I know the password. However 'password' still does not work in the Recovery console.

My next attempt was to create a BartPe disk as per gPalmer711's advice. That was going ok until I realised I only have an original XP disc, it only works with the service pack 1 or above disc. Back to the drawing board until I locate a XP SP1 disc.
 
Upvote 0 Downvote
If you have access to another computer, you can remove the hard drive from you infected system. Put that hard drive in a working system and follow the instructions for loading the software hive into the registry per the thread you posted the link to. When you are finished editing the hive to change the correct path to userinit, unload it. Put your hard drive back into your system and see if it now loads up.

I hope this helps
Art
 
Upvote 0 Downvote
Art, the problem is with a sony vaio, I have a dell latitude laptop that I could put the hard disk into. Can you explain anymore on how this would work?
 
Upvote 0 Downvote
308402 - 'The Password Is Not Valid' Error Message Appears When You Log On to Recovery Console in Windows XP

312149 - HOW TO: Enable Administrator to Log On Automatically in Recovery Console


If you can get a 2000 CD that Recovery Console can enter XP without a password due to a bug in XP.

 
Upvote 0 Downvote
Basically add the problemed HD to the other computer as a slave. Then...
Open Regedit
Highlight HKEY_LOCAL_MACHINE (note: this is important, if you do not highlight this the next step will not work)
goto file - load hive...
Now select your old registry file which should be in ProblemedDrive:\windows\system32\config\software
ProblemedDrive being your drive you added as slave
It will ask you what to name it, if you don't understand, just type "test".
Now navigate to the following:
HKEY_LOCAL_MACHINE\<what your named this in the previous step>\microsoft\windows nt\currentversion\winlogon.
Look at what the userinit value is. On my customer's machine it was %system32%\userinit.exe which is invalid.

Next change the value to read C:\windows\system32\userinit.exe,

When you are finished unload the hive you added above and then close the registry editor.
Now remove the hard drive and add it back into the machine it belongs in

 
Upvote 0 Downvote
Thanks again everyone, I'll have a read and disgest all the information and try some of the above.
 
Upvote 0 Downvote
Quite interested in the thread from linney about using a windows 2000 disc to get in. Seems like a big hole in security though?
 
Upvote 0 Downvote
If you let someone have physical access to a computer, there is no security.

And Microsoft never claimed otherwise.

For example, would you really let linney have access to your machine?
 
Upvote 0 Downvote
I wouldn't let any of you lot near it.....I'm scared by the amount of knowledge here!
 
Upvote 0 Downvote
Dougall999,
Just for future reference have a look at the following site
Among other things it will explain to you how to create a Slipstreamed disk. Basically how to make a installation disk that contains SP1a or SP2 depending on your preference.

Greg Palmer
Free Software for Adminstrators
 
Upvote 0 Downvote
Bcastner is a real "expert" on these security questions, mind you a lot of his information comes from his cat, which incidentally was able to install SP2 on Bill's laptop on more than one occasion.

You can read about it here.

I didn't lock it!
thread779-899226
 
Upvote 0 Downvote
Managed to fix it lastnight by using a 2000 disc to access the Recovery Console as per Linney's advice and then followed bcastner's step by step instructions once in the console.

Bcastner - the value was C:\windows\system 32\wsaupdater.exe

Anyway it accesses the profiles now and I've backed-up the data. The only problem left is an error message that pops up once you get into XP saying "windows cannot find C:windows\inetdata\services.exe

Registry entry?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Miluis
  • Locked
  • Question
What application do you use
Replies
8
Views
150
2ffat
2ffat
pmonett
  • Locked
  • Question
Cannot install Notes R12 1
Replies
13
Views
173
Rick998
Rick998
VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
188
guitarzan
guitarzan
DrB0b
  • Locked
  • Question
Possibly malware/script but not sure what or how
Replies
7
Views
60
Edward Cramer
Edward Cramer
xwb
  • Locked
  • Question
Switching to admin user when installing msi
Replies
0
Views
38
xwb
xwb

Part and Inventory Search

Sponsor

Back
Top