How to make a Run Key in Current User

Hello All,

So this thread relates to the issue of the password protected Admin account. Some other people had an idea, presumably to hack the computer. My guess is it won’t work.

If/when we get the password removed or wipe the computer, I will be making a Limited User account. My goal is to make a VBS file using x=msgbox(“”,0+16"") type thing, but I want it to autostart for that account only. Hence it only being in Current User.

Any ideas on the command I need for the reg key and what type? DWORD, String, Value etc. Thanks

You could also try this out, no hacking: https://www.youtube.com/watch?v=HoYv1H6-E98&list=UU_M-iWYpQbgo4rK1YfewI5w

Used is Hirens Boot CD: https://www.youtube.com/watch?annotation_id=annotation_2182215653&feature=iv&src_vid=HoYv1H6-E98&v=dnRjxHKN6p4

I will get the programs when I get home. Any idea on the range to boot? Don’t forget, this is not Windows 8, it’s windows 7 Starter Pack.

Any ideas on the run key?

No clue on that right now.

Maybe theres some tool in the Boot CD.

to make a reg key for a non-existent file? I wish

If/when we get the password removed or wipe the computer, I will be making a Limited User account. My goal is to make a VBS file using x=msgbox("",0+16"") type thing, but I want it to autostart for that account only. Hence it only being in Current User.
Let's see.

What do you mean with admin account?
A user with admin rights or the real admin account?

Create a limited account? You already should have one and use that for daily usage.
If your system gets infected, the malware normally has the same rights as the user that is logged in at the moment of infection.
You really don’t want malware to have admin rights.

You do realize that when you set it to run for that specific limited account all other accounts with more rights can change it?

Why removing a password? That doesn’t make any sense at all.

Ofcourse if you wipe the entire drive the os is one, the password is gone also.
But what use would that be unless it is the only way to solve a problem?

  1. I want the users limited to a Limited User account so they can’t do this again. So the only admin would be me and the teacher.
  2. I didn’t know about this computer originally, or I would’ve said something. I agree, daily usage = Limited User.
  3. Well Aware. That’d be why the Admin account would be limited too 2 people. Me and the teacher. Not the students who like throwing passwords on everything they see so we can’t access it.
  4. currently, the only user account is the admin account. Which was password protected by an unknown student. Therefore, since we don’t know who did it, and what the password is, it needs to be removed so i can set it up so they can’t do that anymore.
  5. Any bright ideas on how to access a Admin user account with no means of getting through the password? other the Hirens Boot CD. Which may or may not work.

I should also mention, after goofing off for a while, I have figured out the way to make the VBS file run on start up. Now I just need to disbale the warning about opening it since it was created by a non-admin account on the domain. (The VBS file & reg key will be recreated on the other computer (Non-Domain) after we have it set up again, if it’s wiped.

Want a easy/fast solution?
Install everything from scratch.
Setup the user account(s) as you wish.
Create a image of the system.
If something happens, just put in the cd/dvd (or whatever) with the image and put it back.
Screw the students ;D

I would,

But some issues lay in that solution.

  1. It’s not mine, therefore reinstalling windows could delete files that they need.
    2)I’d need a very large USB to fit an ISO of Windows 7 on.
  2. I’d need a key for the ISO image. Unless Essex has an ISO image of a active Windows 7…

Essex? By chance? Windows 7 anything will do if you wish to share.

NTPassword should do the trick: http://home.eunet.no/~pnordahl/ntpasswd/

That site is blocked at school. Lol, silly tech’s. good reason though, that way I can’t change the password. (I can still access the registry) Hehe. Oh well,

Anyways, will take a look at that program when I get home. THanks, will it work on an admin account?

If one thinks about it, if not blocked at school, then every student so inclined could change the password…

It works outside of Windows, so, yes.

[EDIT:] (site has been moved, here is new site:) http://pogostick.net/~pnh/ntpasswd/

Merci,

Do I need to get Rufus or something for that? Or just stick it in a boot from it?

You figure it out?

Yes, well kind of.

I’ve booted into Hiren’s BootCD Version 15.3. I"ve changed, removed and modified every single “Admin” account. THe issue that is with me right now, is that the acer56 accounnt (Which the account needing the password removed) is not showing up in anything. I’ve tried Mini-XP and then C:\Users\X nothing, Hiren’s PW changer, nothing. At this point I’m going to bite the bullet, pull the files needed off the computer, and set it to factory defaults. The computer looks like it may or may not have a few trojans and a **** ton of adware installed looking at the desktop alone.

At least it’ll save her $50 bucks so she doens’t have to take it back to the store.

Edit: I’ve also tried this from system32 CMD. net user administrator /active:yes

No luck.

Well, from the sound of it, this is a super-hidden account not meant to be accessible by anyone other than the original creator/user. Parameters are set to prevent normal access, so a factory restore is likely your best option. I’d clone the original drive first just to be safe and see if the account disappears on factory restore on the original drive. If it does, then you can go ahead and format the clone and use it for something else.

[EDIT:] Rootkit?

Any version of Linux run as a Live CD or Live USB should make all user accounts visible, try that.

Next thing I would do is make a full disk image of the reset drive and periodically back it up weekly. Might be helpful for this user in the future.

You’re looking at an advanced user that basically hacked her system for their own purposes. As such, it is compromised.

I’ve tried linux… I cannot get it too work. I’ve tried everything off Hirens. I’ve taken a look into Windows Mini XP (Which works). I took a look inside all the common hiding places. I do suspect malware is active, and such forth I have told her. Only way for me to “Clean” it at this point, is CF, Rootkit Revealer (Basically anything with AV’s) which is already set into Hirens.

When I went through the D/L list, most of the files had the extensions of .TORRENT, .MP3, .EXE, .AVI or .TXT. Tyhe main being .TORRENT. So my guess is, BitTorrent is somewhere on the system.

The solution at this point is, save the important files (Which I already have), and restore to defaults. I’ll look into Rootkits, never crossed my mind that something might be active…

Question is, did your user run torrents?

Getting something for free in this way can be very costly. Advice here is, once the system is restored to factory, do not run or use any torrent programs or clients, if indeed, this was the case. As the source torrent(s) cannot be vetted or be verifiable, coming from multiple sources, any one of which can be infected and/or contain undetectable malware.

Result: An infected or pwnd system.

I am aware of the dangers of torrenting, hence why I do not do it. I actually set a Group Policy on my personal computer to block them (eg: UTorrent, Firewire or maybe it’s primeware) but the major ones out their. My family actually tried to bypass it. My dad who works for a University IT department can’t, so i’m good to go lol.

Basically, this is what’s going to happen now. I will attempt to save the documents needed. EG: school work. After that, I will do a full format of the system… Then I’ll be setting very strict group Policies (eg: Block torrents, block AV/AM/USB protection settings, Limited user account in case. etc)

If they still manage to infect the computer, I’d be shocked…

Before I turned off the computer, last count had 250 Torrented files in it. So were .Torrent,exe,mp3. So some were clean, but I wouldn’t trust it.

I have the Acer Aspire back… GMER Has detected Rootkit stuff sadly. I’m going to reformat it. But Alt+F10 is not working. I have the product ke just incase and I don’t know how to contact Acer directly…