A non-OSNews-reader asks: “I’ve got 5 PCs that I’m trying to use to train disadvantaged young people. The problem is they are riddled with viruses and a firewall blocks me from updating them. The people in charge of maintaining the
PCs won’t fix them or give me the admin password (Win XP) to let me
install a new or updated antivirus. The centre is being shut down in a
few months. If they were working, I could still do a lot with them, so I’ve been
looking for a good online virus scan – but they all try to download a
little .exe onto your PC first, and the settings on the PCs won’t
allow that. Suggestions? Solutions? Links?” Read on for our recommendation. Update: It appears that this question is part of an elaborate email scam designed to propagate malware. See here for details.OSNews replies:
I’m not sure how exactly these systems are locked down, but even the “online” malware scanners that don’t download an exe use various combinations of in-browser executable code with combinations of Javascript, ActiveX, and/or Java Applets and need deeper access to those machines than they have been configured to allow. I am not aware of any that don’t because it doesn’t seem that it would be possible for them to work otherwise.
In other words, you won’t be able to get rid of the viruses on the computer without being able to install something on them.
So you’re saying that this computer center is being shut down anyway in a few months, and it sounds like the people in charge of them can’t be bothered to fix them or give you control. It sounds like you have nothing to lose, so I’m going to recommend a radical solution.Other than continuing to cajole your sysadmins or admitting defeat, the best option I can think of is to to back up any files that you might need from these machines and then wipe their hard drives and reinstall a new operating system. Essentially, just take them over from the deadbeats who are supposed to be taking care of them. It’s what I would do.Then, don’t install anything on them except a new web browser (Firefox or Google Chrome) and use Google Apps to do word processing and stuff. If you use a safer web browser and don’t install anything on them, and especially if you don’t use Windows (read on) then you’re less likely to get viruses or malware in the future.
If you wanted to reinstall Windows, and you don’t have the install disks, you can see if you have a sticker on the side of the computer somewhere that has a license key number. For example, if they’re Dells, there’s probably a sticker. It will tell you what version of Windows it’s licensed for, and if you can find a disk of that exact type, it should work. If there’s no sticker, there are ways of recovering the license key before you wipe the hard drive.
If you can’t find disks anywhere, you can find places to download Windows XP, though it’s a violation of US copyright law. Of course, since those computers have legal Windows licenses and Microsoft has already been paid, you may consider yourself morally entitled to download Windows, if not legally entitled. If you’re going to go that route, you shouldn’t bother with the standard Windows disks. Do a google search for TinyXP. It’s a specially-customized version of Windows that some people consider to be the best version of Windows available. Of course, going this route involves being able to find and download illegal software, and burn it to disk. If the PCs in your lab won’t allow you to download the the software you’d need to use to do this, or don’t have CD burners, then you’ll have to use another computer to make the disks. I don’t know what your level of technical proficiency is, but you might find it daunting.
But I’d serously consider installing Linux. Download Ubuntu. It’s free, easy to install and use, and as long as there isn’t any particular piece of Windows software you’d need, it will work fine for helping kids learn about using the internet and doing basic personal computing. It’s 100% Legal to download Linux, and Ubuntu will even send you a free install CD (though there can be a long wait) if you can’t burn one yourself. Unlike Windows, it’s vurtually impossible for you to get a virus on Linux. You don’t need any anti-virus software, and an added bonus will be the the kids in your computer center will be less likely to mess these machines up by downloading crap from the internet or falling prey to scams that lure them into installing spyware or other harmful applications. All of that stuff only works on Windows. Another advantage is that almost all consumer Linux software is free to download, so you’ll have a huge library of interesting programs to choose from, including games, if you’d like to go that route.
Don’t be afraid of the installation process. It’s easy. You don’t even need to burn Ubuntu to a disk. If you have a large-enough USB drive, you can use that. Here’s how.
Any of these options will take a couple of hours of prep and install time, but once you’ve done the first computer, the other four will go quickly. If your shiftless sysadmins ever showed up, it’s likely that they would just reinstall Windows themselves, if these computers are as messed up as you say they are, which wouldn’t be any faster than what you need to do. If they ever do show up, and see what you’ve done, my guess is that they’d be a combination of insulted and impressed.
If I were you, I’d go the Linux route, and try to include the kids in the process of downloading, burning, and installing the OS. Have them do a little background research into the difference between Windows and Linux, and where each came from. They might be interested to learn that Linus Torvalds, the guy who started Linux, was a college student in Finland who didn’t work for a big company and didn’t have any particular resources other than a good education, and now millions of people, including huge companies, use his software. It’s also worth pointing out that it’s due to the contributions of tens of thousands of individual volunteer contributors that modern-day Linux exists, and that it doesn’t take anything more than a little know-how and a desire to make things better to be a part of a huge and important movement like Linux. I think you can take those infected, broken down computers, and turn them into a great experience for the kids you’re working with. Good luck!
I’m sure other OSNews readers will have some good advice in the comments below, or will contradict me, or both.
Nuke… orbit
How are the download restrictions enforced? Will it let you download other files but not executables? Are they enforced using policies on the machines themselves, or at the network level?
Can you receive files via email?
You could try to introduce the executables to the systems via some kind of removable media…
You could try embedding executables in a word document or similar..
Also see if you can access a command prompt and download files using http://ftp..
Can the machine boot from removable media? If you can do that, you could run 0phcrack and get all the admin passwords which will probably be the same on all the boxes. If not, can you remove the HD or connect it to another machine, maybe a laptop and a usb to ide adapter – take a copy of the drive and crack the passwords..
From a boot cd, you could probably remove the malware too, but that would do nothing to prevent the machines getting quickly reinfected.
Or you could equip every box with a linux livecd, which would probably be far more useful and safer.
How are the download restrictions enforced? Will it let you download other files but not executables? Are they enforced using policies on the machines themselves, or at the network level?
Can you receive files via email?
You could try to introduce the executables to the systems via some kind of removable media…
You could try embedding executables in a word document or similar..
Also see if you can access a command prompt and download files using http://ftp..
Are the download restrictions based on filenames? many such things are, and you can download files by renaming them on the server and renaming them back once downloaded. Or you could perhaps download a zipfile if that’s permitted?
Can the machine boot from removable media? If you can do that, you could run 0phcrack and get all the admin passwords which will probably be the same on all the boxes. If not, can you remove the HD or connect it to another machine, maybe a laptop and a usb to ide adapter – take a copy of the drive and crack the passwords..
From a boot cd, you could probably remove the malware too, but that would do nothing to prevent the machines getting quickly reinfected.
Or you could equip every box with a linux livecd, which would probably be far more useful and safer.
Can these machines boot from USB? If they can, and you can afford a few cheap 2-4GB thumb drives, you have a few options. First, you could install one of many available Linux distro’s that can boot off a thumb drive. I like Slax! Then you could boot all the machines up and have a go.
Second, if you really want to get back into the existing Windows install, you MIGHT be able to install ClamAV on the USB drive’s Linux, boot into it, then run ClamAV on the hopefully mounted Windows partition and theoretically clean them up…I’ve never done anything like that, its just an idea and there may be very good reasons why that won’t work.
Finally, if you can’t boot from USB, you can always use a Linux Live CD and go from there, you just won’t have any ability to save anything, unless you boot from CD and also plug in a USB drive from some storage space.
Anyway, it sounds like a great thing you’re doing. Sorry to hear your admins are no help. A non-technical suggestion might be to try to go over their heads. Who’s _their_ boss? Does he know he’s stopping these kids from having useful computers?? Best of luck!
Edited 2009-09-25 16:46 UTC
I have successfully done exactly that 😉
Good advice!
GO ntfs-3g!!
–The loon
We use this to rescue our Windows boxes http://www.sysresccd.org You will be able to remove XP passwords and virusscan from a boot disk, will also fit on a usbstick. Good luck
ERD Commander will reset that password for you too.
I’d recommend burning “clamav-livecd 2” and scanning the effected computer with it. It’s a linux “live OS” that doesn’t install itself on your computer, but that loads and runs from cd.
It’s free and – depending on your past exposure to linux – very easy to use.
Once you have loaded the cd,
1 Issue “dhclient3 eth0” as root to bring up networking (I’m assuming you have a running DHCP server on the network, which hands out leases that enables your computers to access internet).
2 Update the virus-definitions by issuing “freshclam” as root.
3 Mount the hard-disk (if it isn’t already mounted, check with “mount” first) with the “mount” command Depending on your computer it’s something like:
“mkdir ~/tmp”
“mount /dev/sdaX ~/tmp” or “mount /dev/hdaX ~/tmp”
Now you can scan your computer using clamAV . More info on how to scan: http://www.clamav.net/ | http://www.volatileminds.net/projects/clamav/
Download link to clamAV-livecd : http://www.volatileminds.net/projects/clamav/ClamAVLiveCD2.0.iso
You need to boot from cdrom, which means you might have to ask for a bios-password. clamAV most of the times doesn’t get “everything” removed from your computer, but it’s certainly worth a try.
Quite frankly: They should trust you or enter the password for you. Not trusting the guy you are giving access to your computer to, is just plain dumb (unless they are the network admins…). Hope this helps.
Edit: Somebody “beat” me
Edited 2009-09-25 16:58 UTC
This is actually quite simple. Get another system… any system and put a clean copy of Windows on it, update it, and put current AV s/w on it. Then take the hard drives from the other machines and put them into this one as secondary drives or even through an external USB enclosure and scan ’em. In fact, this helps to remove boot resident items that typically require a reboot to remove anyway. If any system files get quarantined or removed, copy them from your clean system to the same path on the other drive. Then put the drives back into their original systems and let ’em go.
If you want to keep them current after the cleansing, install a tool that tracks every change made when installing s/w. Run it while installing the AV s/w on your clean system and get a log of everything changed (new files/dirs, registry changes, etc). Then, after the other systems drives have been cleaned but are still physically attached to your clean system, replicate those changes to them (hint: for the registry, you can export the changes and import them). Now when you put them back they will be clean and have current AV s/w on them. Hopefully the f/w won’t stop them from being updated, but if it does, hopefully it will also stop them from getting newer malware.
Still it would be much easier to use a bootable solution because dismantling the machines as swapping hard discs is much more laborious.
Alwil produces a good scanner that I believe uses FreeDOS:
http://www.avast.com/eng/avast_bart_cd.html
Of course this assumes that the machines are set to boot from CD or you have access to the BIOS.
is what most non-profit system admins say. My wife works for the local community college. Her classes are on a satellite campus (not orbiting). The computers there are naturally infected, wireless access doesn’t work, and the internet is basically banned. Can’t even get to Gmail.
I feel for you. I’ve been there. You have to work in-spite of people around you. Please take the suggestions of the previous posts.
OK. So why did you make a news item out of something that is really a help forum request? – I don’t mind if you take a current issue to write an article that has actually something to say, i.e. offer solutions. But bigging up a random user issue to a news-entry is terrible.
This question was asked in an email list of our university before. I know, since I am part of that list
He did not get enough replies there. But still I don’t think it’s front page of OSNews kind of thing.
I wrote this article because this was actually something that was emailed to me personally, and after I wrote a response, I thought, “I bet other people have had a similar issue, and instead of just letting my answer float out into the ether, maybe I could get my advice, mixed with the good advice of a bunch of smart people, and immortalize it at OSNews.”
The reason for this article is that I advise him to not be afraid to nuke those machines and install Linux on them (or reinstall Windows). Helping to spread the word about how people have OS options is what this site is all about, and although this reader isn’t in OSNews’ target audience, OSNews readers are just the the kind of folks who are best qualified to give all the people out there in this guy’s position some words of wisdom.
Edited 2009-09-25 18:07 UTC
It will take hours, per machine, to clean out infected systems. If you can re-install that would be fastest for getting your windows machines running windows.
If you can’t, run Live Linux CDs (Ubuntu, probably), and teach using that. Any computer made since 2002 should be able to run it quickly enough.
If you can re-install, Avira Antivir is a great free AV app, and ClamAV works pretty well for scheduled system scans.
As much as I like ClamAV or its derivatives (ClamWin), IMHO the best course is the BitDefender Rescue CD, that allows you to boot from a Live CD (it’s based on Knoppix), update the signatures definitions and scan the Windows partition offline.
You can get BD Rescue CD from here:
http://download.bitdefender.com/rescue_cd/
Only problems I foresee are the Windows partition(s) being marked as ‘dirty’ (in need of a chkdsk, won’t be automatically mounted) or not being able to update the signatures definitions (some sites have proxies and such, and/or other impediments).
Or, in line with more daring suggestions already made, getting a password changer somewhere and remove the local administrator password.
Edit: typo.
Edited 2009-09-25 17:39 UTC
If the lab is being dismantled in a few weeks anyways, why wouldn’t they give you local admin rights?
Ridiculous.
Assuming you need to use the current Windows OS and can’t reinstall or use a Linux LiveCD, I would follow the comment above about taking the hard drives of the infected PC’s, placing them in an external HD enclosure, and running anti-virus on the external HD from your laptop or good PC. You’d obviously need to be careful that your good PC is properly protected first though, and there is some risk involved.
You could always hack the Windows admin password but that might be asking for trouble, and probably isn’t the preferred method. Personally, I would just reinstall Windows.
Possibly misunderstanding the question, my own first assessment of the facts would be: this situation is impossible to rescue and to know for sure one has rescued it, by running any anti virus packages that exist at present.
The only secure method is to boot from optical read only media and reformat all the hard drives, then do a reinstall.
Is this maybe not understanding the question? I am always totally baffled by people who advise questioners like this that they can do this and that and ‘clean’ the system. They cannot. I have seen the task defeat real experts, and even after they thought they had succeeded, you ask them, are you sure?
The answer is usually a definite maybe. If anything hangs on it, total disk wipe and reformatting is the only sensible thing.
If the administration cannot be brought to see this, find another job. These guys are going to get themselves and their troops killed, its just a question of time, you don’t want to be around when it happens.
But maybe I am missing the point?
1) boot from installation CD
2) when asked press “R” (repair
3) let “repair” windows
4) restart, but DO NOT REMOVE CD
5) when system starts (from CD) and you will see Installing devices progress bar
press Shift + F10
6) in CLI enter:
NUSRMGR.CPL
7) now you will see a window with user accounts
8) alternatively when in CLI enter:
control userpasswords2 and select logon without password
9) once admin password is modified close all windows and continue with repair. If you stop system repair, everything will go back to the original state (before changing password)
10) now you can boot to windows and install AV
This worked pretty well long time ago. Obviously this is security hole so it is possible that MS fixed this and if you have latest/updated XP install disk above operation will not work.
It’s been a long time since I tried something similar, but doesn’t the repair procedure ask for the administrator password of the machine you want to repair? I think I remember something like that…
no password is not required for XP repair from CD. as I said this could be considered as security issue, however in some circumstances asking for password would defy whole point of XP repair CD
If the Administrator account on XP has a password set, then you will be asked for that password when you enter the Repair Console from the XP install CD. This Repair Console is the one that you access by hitting “r” from the first menu in the XP install.
You don’t need the a password if you want to do a “Repair Install”, which is different from accessing the Repair Console. A repair install is accessed by hitting “enter” at the first menu in the install (to Install XP), and then selecting the existing installation, and hitting “r” for a repair install.
However, if you can boot off a CD, there are better options than trying to use the built-in Windows tools. Unix LiveCDs are much better for this.
Edited 2009-09-26 20:25 UTC
There is actually a utility for resetting passwords on Windows NT/2k/XP/Vista: http://home.eunet.no/pnordahl/ntpasswd/ . It runs off a boot disk (CD or floppy).
I used to manage a computer lab for McNeese State University. The students would come in and corrupt the computers on a daily basis.
To solve ANY PROBLEM, I kept a set of three hard drives with duplicate images for the 25 computers in the lab.
If a system failed due to viruses, I would pull out an IDE ribbon cable and power plug, boot from the secondary drive directly into Ghost and just drive copy over the old OS. Process took less than 15 minutes (small footprint version of Windows XP).
Simple, repeat as often as necessary.
Now if you have an integrated PC or laptop lab like the ASUS 1005HA http://bit.ly/44CHFm life is going to much harder for you. In a society where PC’s are thrown away on a daily basis, you should consider getting a batch of identical older computers and moving to a scenario I described above.
Edited 2009-09-25 18:10 UTC
I would offer the thought of using a version of puppy linux that runs from a usb drive as an executable during a running windows session. It is called QEMU-Puppy. It would seem that some assembly is required.
Set up a remote server (even at home). Throw Fedora 11 on it. Then setup FreeNX on it. Then have all the people using the XP infectobrigade simply point their browsers to the NX plugin you put into apaches directory and presto. They all have a linux desktop in a window on their XP desktop. Wont solve all the problems etc but with the restrictions even in default F11 and those you can impose even if someone can see the desktop and type in it the user is going to be clobbered. Then you can train them on a clean linux install and ignore all the MS crap. FreeNX will make the desktops perferm exceedingly well over even a very modest line. Its designed for near native speeds even over the likes of 33.6. It will even allow you to print to a local printer and listen to sound etc.
BTW its important to point out here (as so many are mistakenly making it sound) is if they allow these machines to browse the net and run simple java applets my suggestion isnt violating anything. It does NOT install linux. Linux runs on the remote machine. All that “installs” is the java program it runs allows display of the remote linux desktop in the window. Each login has its own desktop. They are not shared. That is, each user would have their own unique user and desktop. Its all encrypted via ssh (and no you dont need ssh and no you dont need port 22 access at your local computer etc).
Your solution is to setup a FreeNX server? Are you kidding me?
If the goal is to get an external browser going then why not use firefox portable on a usb drive?
What if the malware is causing popups or system degredation?
Good lord every computing solution does not have to involve Linux.
Anyways as others have said use a boot cd with an anti-virus or remove the drives and scan them with a clean computer. You don’t have to worry about the drives infecting the clean computer. That is only a risk if you run programs from the drives.
If “the people in charge of maintaining the PCs won’t fix [the computers] or give [him] the admin password (Win XP) to let [him] install a new or updated antivirus” then it’s not “[his] computer lab” in the first place.
Before anyone can offer him a technical solution, I think we need more information about what exactly he’s allowed and not allowed to do, and what kind of trouble, if any, he’d get into if he did something radical like wiping Windows and installing Linux.
Red_devel’s suggestion above, to go to the site admins’ boss, is the first thing I’d do. (Also the idea of running Linux off a USB key or live CD is a good suggestion, if he’s allowed to.)
The only way I’ve successfully battled with infested computers (and not been able to physically put the sick harddrive in an external bay and scan it) was to use ubcd4win. It’s a boot cd that you create yourself using a noninfected system as a template. This way you get all msft:s file system drivers etc and a proper environment for windows programs to run. When you boot from it, the bad programs have not been started and cannot therefore fight back.
The nice thing with ubcd4win is that you can download programs and install on the ramdisk. Thus you’ll always be able to use the very latest versions which is essential.
Most of the suggestions in this thread seem to come from la-la land.
Don’t pull out any hard drives and put them in enclosures.
Don’t install any version of Linux.
Don’t waste your time wiping the machines.
If you can’t download any other anti-virus or spyware removal software, then don’t bother running a LiveCD (though it might be the least painful of all other options).
And even though it was my first thought, don’t get the admin password, cause if you get caught, you are setting a terrible example of responsible computing.
If the organization is going to scrap the computers and doesn’t want to waste time fixing them up, don’t go after a lost cause. Spend your time doing something more constructive – like helping them have a plan to recycle the old equipment, brainstorming with them about future computer lab plans and equipment needs, or just using the extra time you will have in your day to read a good book, watch a movie, or make new friends.
Even if you spend a bunch of time doing all this crazy stuff, you are only going to delay the problem since nothing is really changing. They’ll just get infected again until the computers are dumped. It’s a lost cause. Fight other battles.
Don’t do anything.
What a great solution, I’m sure he never thought of that.
Right.
It’s what the people in charge of the lab want him to do. And even if he fixes the problem, the computers get shut down in a few months. I mean, seriously, this isn’t some heroic moment to show your computer skills. There are just much better battles to fight. Spend your positive energy in a place where people are going to appreciate it.
I think you hit the nail on the head. Let me illustrate this with a with a little story:
A friend of my was working in a IT department from a large institution. There was a small training room filled with computers. They where all badly infested with malware and viruses. Needless to say they where not connected to the corporation network, but had their own “line” to the outside world. The IT department did not want to put in any effort to clean up the mess.
My friend got the idea he could make some promotion by showing off his skills. And this looked the ideal opportunity. Yeah – he would be ranking high by taking this “personal” effort. Anyway – his idea was to impress upper management by getting the computers back working smoothly and malware/virus free. He did this little project in his spare time, and managed to get everything in full working order.
You should think they would be grateful – yes?
Sadly they where not happy at all. You see – they want to replace the “old” computer stuff with brand new equipment. They just have to “persuade” the upper echelon by claiming the computers where slow, crashing and not longer useful. Imagine their horror when they demonstrated the “useless” computers to this higher echelon and they where purring like a kitty?
Needless to say these computers where not replaced. When my friend proudly declared later on (without knowing what has happened) what he had done, he was “rewarded” with a promotion to a one-man “special cases” department. He even got his own (very tiny) room. He spend a few months cleaning up dirty mouses, keyboards etc. before he resigned and and left the institution.
Moral of the story?
Never ever take action on your own in a large institution before checking this out with someone higher in the chain. An never, never, never, ever do something that can piss off the IT administrator group…
Here’s a story that reinforces my philosophy of doing nothing: blah blah some guy I heard about blah blah got in trouble for trying too hard blah blah blah.
Yea, we understand that you would be the guy sitting on his ass reading a magazine saying that it is out of your hands.
If I was working at a non-profit where kids go to learn about computers I wouldn’t let a couple worthless IT admins screw the place up. I’d laugh if they filed a formal complaint over me fixing the computers.
Even if they got me booted, so what? It probably isn’t worth my time to be at such a retarded organization.
To be fair, things like that really do happen especially in larger corporations, if you don’t clear things with those ahead of you it’s possible, even likely, that you’ll step on someone’s little pet project and that someone just might be high enough to cause you grief. That being said, for every person that is a control freak and would stamp out personal initiative, there are usually two more who would thank you for making the effort and taking time to get things working properly. Still, I don’t think people can be blamed for being careful.
I forgot to say it was around the year 2000. The time the y2k fear was on the highest level and IT departments where entity’s that where growing and splitting up beyond control. All under the willfully eye op the “management” group that grew in importance with every split. Hence the “special department” that was created just for this friend.
Needless to say things are bit different now…
Maybe I have just worked at companies that are too small, the largest having about 600 employees. I am having a problem grasping that someone with the access to these computers to do such a task was not in the IT Administrators Group. Where else could he have worked and had access to the computers and the proper software to perform such a task? If he was in Sales or something, then I can believe it. Maybe he pissed off upper management, but I am sure he didn’t piss off the people in his own group that are not bean counters.
It was a large organization with more then 5000 workers. The IT structure was organized in separate departments. The workers in each department had just enough rights to do their job. Software was installed by using Tivoli. The department where he was working was a hardware install- and maintainance group. He has local administrator rights, and rights to install a basic software suite. The more specialised software was installed using Tivoli by the software group. You also had a network group and a server- and administrator group. Also there was a security group that controlled accounts and rights.
If you have ever worked in a big organisation you know all these groups are in competition with each other. Layered between those group is a management group that coordinates the whole bunch. Needless to say the management group flourish when the competition between groups is high.
The guy I was talking about was brand new and did not understand a bit of the the politics that was playing between groups, and groups and management. I agree it was stupid to ignore this, and he never made that mistake again. But hey… It was hist first job in this field hmm?
By the way – this was around the year 2000. The y2k fear was on the highest level, and they would hire anyone who knows a computer has a qwerty keyboard (and give anyone who know somebody to hire a fat bonus if he would get him “on board”).
Things have very much changed after this time….
Yeah, I’m sure the disadvantaged kids are really going to appreciate that he sat on his ass reading a book. Shutting down a charity project with several months of funding left over, because you can’t be bothered to argue with the IT department, what a fantastic use of positive energy. I mean, it’s only a few months. Disadvantaged kids get so many opportunities anyway no one will even notice.
I’m sorry if those of you working in big companies have become jaded husks of human beings, but “give up because it saves hassle” isn’t the solution to everything. This isn’t a big company. No one is going to get in trouble for reinstalling the OS on the broken computers they let the poor kids use. IT aren’t refusing to fix this project’s computers for some corporate reason which fixing them would interfere with. It’s because they don’t want to, they know they won’t get into trouble for ignoring the charity project, and like a few commenters here, they’re soulless office drudges who don’t care about helping others.
Build a konboot cd and boot from that if possible…You should be able to access the desktop with admin rights.
IE only, depends on ActiveX.
http://www.mks.com.pl/skaner/
Saved my ass once or twice.
They will be forced to re-install the O/S
http://www.trendmicro.com/download/sysclean.asp
this is what i use when things go really wrong. just make sure to read the read me ( http://www.trendmicro.com/ftp/products/tsc/readme.txt )
you don’t need ot install anything or need admin privilages to run. good luck
You can run it but you need admin access to repair system files.
Ophcrack lice cd can deliver the admin passwords you are looking for. I’ve used it myself a few times, and it works very well.
http://ophcrack.sourceforge.net/
EDIT: may not be perfectlyu legal in your situation though, but hey, you asked for a solution…
Edited 2009-09-25 21:10 UTC
BartPE: http://www.nu2.nu/pebuilder/
Password Renew: http://www.kood.org/windows-password-renew/
With Password Renew, you can create a new user with administrator rights while leaving all of the other users intact. Do what you have to do then remove the temporary admin user.
Just reset the admin password using Trinity Rescue Kit and install your new antivirus
Avira Antivirus makes a liveCD. It’ll boot the system, mount the drives and scan for viruses. It can be set to try and clean or remove infected files though I usually use it for identification then manually remove found issues. It doesn’t care about Windows permissions, user accounts or passwords since it’s not working through Windows at all.
http://www.avira.com/en/support/support_downloads.html
Download the .ISO listed there, burn it to CD and start with the rebooting.
This may allow you to clean the systems while retaining the installed OS; assuming you pay attention to what it finds infected or wants to delete.
The alternatives are the other comments mentioning full reinstalls from clean media or running from liveCD. I’ve found Mandriva 2008.1 an excellent liveCD to work from. It’s light on resource needs and provides a very complete selection of software along with great hardware detection and support.
http://www.techmixer.com/kaspersky-rescue-disk-load-kaspersky-antiv…
Make the CD, boot the computer with it, let it clean the viruses. It won’t catch everything but might be enough to get you by for a while.
1. insert Ubuntu cd
2. reboot
I received the exact same email through a mailing list I subscribe to. This list is fairly small, and the sender was a new member.
Several people replied with suggestions.
Suddenly, out of the blue, another new member popped up, and suggested some unknown online scanner.
Since I run Linux, I checked it out without worries.
That “online scanner” showed right away an animation of a scan running on my machine, within seconds, and showed me several infections in my C;, D;, and Windows system folder.
Since I run Linux, that’s just absolutely impossible, of course.
Then it suggested I download a file “OnlineScan345346.exe”, and very helpfully proceeded to open the download request for me.
It’s a trojan, and a very new and nasty one at that. I have downloaded already 2 variants of it from the same place on 2 different computers. I have submitted them to Avira (which is what I use on Windows), and hopefully it will become better known soon.
That said, advice on cleaning viruses is always welcome, so the discussions on this article are useful for a lot of people anyway. So no harm done, unless you clicked on the second fake mailing list member’s advice.
My advice for this is to use the Avira Rescue CD:
http://www.free-av.com/en/products/12/avira_antivir_rescue_system.h…
F-Secure also makes a really good rescue CD:
http://www.f-secure.com/linux-weblog/
Yep. Spam. And OS News fell for it.
Google for the first few sentences of the message in quotes. You’ll see this has been posted word-for-word dozens of times on online forums.
“I’ve got 5 PCs that I’m trying to use to train disadvantaged young people. The problem is they are riddled with viruses and a firewall blocks me from updating them. The people in charge of maintaining the PCs won’t fix them or give me the admin password (Win XP) to let me install a new or updated antivirus. “
It actually kind of makes my day to find out that I fell for an elaborate spam scheme. I still think that this made a pretty good Ask OSNews topic, though, because I can’t tell you how many people I know have computers that barely work because of malware, and operating systems are such a mystery to them that they don’t feel empowered to do anything about it. I thought that the advice that the readers gave was knowledgeable, creative, and helpful.
The reason I’m so happy to have been taken in by this scam is that it’s been a very long time since I’ve seen an email-based scam that wasn’t totally transparent to me. Posting an earnest-sounding query to an online forum intending to go back and suggest a malware-infected download to trick other people is really a quite brilliant idea. I guess it just goes to show you, just because someone on the internet says to do something, that doesn’t mean it’s a good idea.
Why make things so complicated ?
Download FREE Norman Malware Cleaner using another PC to an USB pen drive.
Then take the USB pen drive to the infected PC.
Boot up the infected PC in safe mode by pressing F8 during start up
Plug in USB drive and run Norman Malware Cleaner to scan.
Norman Malware Cleaner can detect and remove more than 2,000,000 viruses.
here is the web site
http://majorgeeks.com/Norman_Malware_Cleaner__d5450.html
You can burn kon-boot CD to bypass admin password: http://www.piotrbania.com/all/kon-boot/
Also you can do many things other people recommended here to change it.
The definitive solution
http://www.mandriva.com/en/download/free
There is a lot of great technical information on this thread and in David’s reply, and some neat Linux advocacy.
Unfortunately this is not a technical problem but a political one. Before doing anything to those computers please verify your status with the organization and make certain you have authorization to make changes. If you are a volunteer or not some kind of employee I would recommend getting a signed letter from someone in the host organization before touching a thing.
It is a mad (crazy) world and people have been fired and even jailed for trying to be helpful in this manner. Please make sure you won’t get into trouble before doing anything to those computers!
Good advice in postings so far.
I have to agree with having permission to make changes from someone (actually) in a position of authority,
That being said:
1.) If you can boot from the CDrom drives, there are two ways I would go.
First, and easiest go to http://www.freedrweb.com/livecd/ and download the bootable LiveCD free version of Dr.CureIT. This is a bootable, standalone CD with a virus/malware engine running on top of a Linux OS. So you boot up outside of any windows environment, before any windows login can be loaded and you run the anti-virus/malware on “full scan mode” (read the documentation) after downloading the database updates online. You can do this since you are up in Linux and can connect either with ethernet or wireless.
This LiveCD will let you bypass windows, the need for passwords and will find 99% of your problems. If nothing else it is quick and dirty and might get you up and running quickly.
Second way: Go to http://home.eunet.no/pnordahl/ntpasswd/ and download the “Offline NT/XP/Vista Password & Registry Editor” disk (it is also self booting from a CD). Read the documentation several times (it is very easy to shoot yourself in the foot). This program works at a very low level so you must understand basically what is going on. For the most part you can just accept the programs defaults, but there are a few places were it is easy to go VERY wrong. But after you use this program once or twice you will wonder how you ever lived without it!
This program will allow you to go into the registry (the hive actually) and (the easiest way) “blank” out any password that is set, even the administrator. You really are only interested in gaining control of the administrator. Once you have that you have it all, right? So after you have “blank” out the admin password, (there is no password now). You reboot into windows (safe mode with network is best to start) and go to the website http://www.malwarebytes.org and download the “free” version of Malwarebytes’ Anti-Malware program. Install it, check for updates and run a full scan. A full scan will take some time (especially in safe mode) but will get rid of nasties like AV2008, AV2009, etc. When it finishes read the report and take appropriate actions suggested. Then reboot windows into normal and run Anti-Malware again in “quick scan” mode and check for alerts. If there are none “good” if you still have some or are in any doubt, run it again in “full scan” mode. Malwarebytes is very, very good at stamping out “nasties”. It is one of the best Anti-malware programs I have used to date, and I have been through many, many programs over the last 30+ years. Again just my 2 cents, I’m sure there will be others. Good hunting!
Home Depot sells a tool called a FUBAR. It has a blunt striking surface as well as a pry bar. Give each PC about six or eight heavy blows with the blunt edge. Then use the prying tool on the FUBAR to finish the disassembly.
You won’t have to worry about spyware, viruses, or trojans any longer. The machines will be completely inoperable.
Dude, this is spam. This thing appeared on almost four mailing lists and forums I’m subscribed to, shortly followed by an antivirus advertisement (a trojan of course).
How could you fell in the trap? Delete this thing now before people will start laugh at this site.
(P.S. it’s funny to see how many readers here fell in the trap too and quicly replied to someone who openly asked how to break into a computer)
Edited 2009-09-27 14:26 UTC