0

Hello, everyone. I am running Windows XP Proffesional SP2 with one password-protected user/administrator account and two non-password-protected limited user accounts. Windows boots up and runs normally, but after logging out of or switching to an account, Windows will occassionally ask for non-existant passwords on the two unprotected accounts and says the correct password is wrong for the one account that has a password, although the hint is right. A reboot will generally revert all to normal. There is no evidence of infection, and I looked in the event log, but didn't see any warnings or problems, and I haven't messed with anything in the registry. I searched Microsoft's forums and newsgroups as well as Google, but can't find anything similar to my question, and the techs I have asked have never heard of this happening. It may be that I am asking the wrong question, or perhaps I am not describing the problem well. Can anyone point me in the right direction so I can discover a solution? I'm concerned that this is a symptom of a greater problem and I want to correct it myself, but am hoping to avoid a reinstallation. Thanks for your attention, A. Johnson
Post Script: I recently re-googled my querry and found that someone suggested malware is the culprit, but there is no way to reply. Again, maybe I am not decribing this event well enough. I have never heard of malware or any virus that would cause this anomaly, but if I am wrong, please correct me so I can learn how to remove the possible threat and avoid it in the future. Thanks again for your attention. A.

2
Contributors
5
Replies
6
Views
9 Years
Discussion Span
Last Post by AndyOne
0

I suspect you have malware too,,,,,,,,,,and the best way around this is doing some scans, and deleting the accounts and recreate new one....BTW do you have any software that stores password on the BOX

0

Thanks for replying, Bobbyraw,
Malware was the first thing I thought of, too, so I ran the usual scans...AdAware, SpyBot, Microsoft Malware Removal Tool, et cetera. I came up with nothing but the usual cookies. I also have the BHO Demon constantly running, and it has detected no changes. I have since gone into Safe Mode, disabled the system restore, deleted all cookies and temps, and rescanned, and haven't found anything unusual. There is also no evidence of Smitfraud. I haven't ruled out the possibility that they may use runtime packers, but this is such an unusual event, I thought there had to be something screwed up in the registry. Again, it doesn't act as though my password has been reset, or anything, it is acting as if what I am typing is wrong when I know it isn't. Why it does this on the non-protected accounts is beyond me...I wondered if there isn't something in the lsass that is messed up, but I can't boot to DOS with NTFS support to see. Any other ideas, or should I just suck it up and break out the recovery disk? Thanks again, A.

0

go to control panel>user account and change/add password for the accounts then try to log on to them

Are you running the latest update for the spy wares.

0

I forgot to answer one of your questions, sorry! I do have SamInside stored as a Zip file on my Hard Drive and on Flash, but that's just stuff I use at work...it shouldn't affect My accounts...Anyway, thanks again!

0

I can manipulate the accounts in every way, but it seems to respond (not always, as I've said) as though the limited accounts are my account and the password is wrong...a puzzlement. A new event has occurred, as well, in that it will not let me type anything at all at the password prompt, but the other accounts are accessible with no problems. AVG, Defender, BHO Demon all up to date, thinking of adding Asquared. Other suggestions?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.