Advice Needed.......Badly

Running Win 7 Home Pre, I booted up this morning, typed in my password, "wrong user name/password". Checked cap lock, re-typed, same error except I noticed that where it says "hint" was "none" but should have said my hint word.

It booted fine yesterday morning and I didn't surf much yesterday and when I do it's nothing but new's, mail, facebook, pcmech, espn and that's it. I have alot of malware protection running on that machine and it is behind a router.

Not asking for advice on how to crack my machine open, I know and respect the forum rules. Would like some advice on what you think this is. Was I hacked, a virus, malware, or just some kinda system glitch.

Right now I have booted with Windows Standalone System Sweeper and its
scanning as I type this. Like I said earlier I've got NIS 2012 (no boo's please), malwarebytes (paid version), Spybot and Prevx running on the suspect rig and behind a router.

One thing I did find interesting was once I got the error for password, there was a "reset password" which required either a floppy or usb device. I also tried booting to safe mode, no joy. Anyway, thanks for any advice you may provide.

[David M]

Sorry to hear this. Malware would be my first guess.

Yes, there are ways around this which cannot be discussed in here. Google is your friend.

As a last resort you can slave you C drive to another computer and retrieve your files that way.

Yea that's what I figure also, I'm very picky where and what I view to avoid this. System sweeper is still running, nothing yet. Visited google already but not ready to try some of those yet, still have a few more things I can do including slaving the drive. I"ll post the fix provided it doesn't break the rules.

What really p****** me off is having a lot of protection and being vigilant about web surfing and still get tagged if it indeed turns out to be malware. Thanks for the reply Dave.

Well, after 9.5 hours of scanning............nothing found. Going try another scanner and see what happens.

[jdeb]

There may be a restore point before you set the password.

If this is the case, then boot to Win 7 disk and choose repair, then Restore your PC to a time before you set the p/w. No password asked for this.

Did you have a @ symbol in your name or password?

I know the password, it's just not working, my password hint now says "none" where it once said "son", that was my hint. Working on almost 10.5 hours of scanning today using Norton's disaster recovery and still hasn't found anything, just like yesterday. I tired once to use my win 7 disk to do a system restore but never got the repair option or at least it seem it wanted to start a new install of win 7 so I stopped. Beginning to have my doubts it's malware though it could be something very new. Anyway, thanks for the advice and I'll keep posting back as long as results remain with the rules framework.

[Preston]

Just spitballing here, but have you tried a blank password? As in do not enter a password at all.

I tried that, tried typing password, nothing, Norton spent 15 hours scanning and came back clean. I used a program to modify a few things but the few things weren't there, not good. If I can't get to a system recovery state, looks like the old "Nuke & Pave" route. Thanks for the idea Preston.

I suspect a mbr rootkit or a corrupted user profile, Alienware said it isn't covered under warranty. I've decided if money is to be spent the local repair shop gets my business so tomorrow off it goes. Owner thinks he can reset the pw without having me do a nuke and pave so time, hair, and stress level hopefully be saved. Let ya know how it turns out.

[Preston]

Quote:

Originally Posted by David M Yes, there are ways around this which cannot be discussed in here. Google is your friend.

If you want to save a few bucks, there are some DIY approaches out there. I know I am walking a slippery slope here, but see what options a Google search will give you.

I went the google route, tried a few, no joy and decided that I just didn't want to spend the next 3 days installing and rebuilding my software. I realize the local repair guy isn't a sure thing but he has many more proven tools at his disposal. He was also fairy confident he could tell my how it happened but will have to wait and see, thanks again for all the response's. I'll let ya know what the cause was if able and if he can fix the issue quickly.

[jdeb]

Is this a licensed copy of Windows 7? Something is missing in this whole thread.

[glc]

You have a PM.

George, I didn't get the message, in fact I've gotten several emails telling me I have a PM but my inbox has remained empty.

My computer is fixed and he only charged me $42.60, he ruled out malware but wasn't sure why the password changed, possible corruption but I'm not going with a p/w anymore. Thanks again for the help.

[glc]

You had 2 accounts - and I apologize - when I tried to merge them it blew one completely away. I'm working on how to fix it, but in the meantime I sent a password reset to your iwon.com account.

[usnavyretired]

Thanks George, I don't use the iwon account anymore, you can use (removed). My old password worked ok, do I need to reset it??

[glc]

I'm afraid we can't use Yahoo accounts any more - do you have an alternate? You can PM it to me.

If your password works, no problem.

I can't see a way to get your account back, so I adjusted your post count. Sorry about that, but all previous posts will show as guest under your name.

I removed your address from your post to help protect you from spam.

Log into your User CP and make the adjustments you want.

[David M]

George, just give him your account.

[Duckweather]

Just a thought. Do you have a supervisor password? If not someone could get in and set one and lock you out. If you get into BIOS setup you can check it. If someone did you can take the battery out for a few minutes and it should erase their password.

[usnavyretired]

jdeb it is a legit Window's 7 oem product.

Duckweather, it's fixed now but thank you for the suggestion. This is my home rig, my wife nor my 10 year old son changed it. I think SAMS somehow got corrupted but no longer going to use a PW so hopefully this won't ever be an issue again.

[Duckweather]

Glad everything is OK. I read you should set a supervisor password for BIOS setup. If you don't someone can hack in and set one and then set a user password and you can no longer get in because it will ask for a password you don't know. From a book called PC Hacks, to help you manipulate your own computer, not others. I will look up the list of keys to use for different computers to get to BIOS setup and post it here. It is an "older" trick and sometimes overlooked