spikeMemberOct 24, 2007 at 12:05 pm #128447
Ok, here’s the whole story (maybe someone can help).
Had a vundo virus on a xp laptop. As far as I can remember, never had a password for admin or my user name (both admin). Had gotten rid of the page that asks for them also, always booted to desktop. If it went into standby I would see my user name on the screen and just click it.
My Norton was expired at the time I got the virus, renewed and backed up reg. as I tried to change some items to delete the virus. This worked except for one file, awvvs.dll. Also ran Sym. fix vundo, and another vundo fix. The second one took away some other vundo stuff and computer was fasted but still had a popup.
I tried to delete the last file cwindowssystem32awvvs.dll, it wouldn’t since it says it was being used. It was late, and it was 2 days of trying everything so I searched the registry and found a file that said something like this:
ap authorization: msqo=cwindowssystem32awvvs.dll
so I deleted this and tried to delete the file from the system32 folder, I couldn’t it still said it was being used. I searched the reg. again and the deleted file came back. And (mistake) I deleted it again and rebooted.
Upon reboot Admin and my user name came up looking for passwords. I tried some (even though I was pretty sure I never had a password there) to no avail. So I came to this site and downloaded the bootable cd (nice program, btw) and also through ibm recovery I grabbed a copy of the back up of the registry.
The cd has let me clear the locks and does blank out the passwords (it says *BLANK* when I rerun), but when I get to the sign on screen it now only asks me for my user password (no admin icon) and doesn’t let me in when I leave the box blank and hit the arrow.
The only other odd ? messages I get is: No lanman hash found, as well as no nt md hash found (which I assume is good).
Any help or suggestions would be greatly appreciated. And I am sorry for the long explanation, but I tried to put everything down, incase it was relevant.
You must be logged in to reply to this topic.