I’ve been using Avast Pro for about a month and last night my XP Pro box was infected. >:( When I looked at the screen this morning I was greeted by the “log in to Windows” window asking for a password, which I never use. I shut this option off a long time ago. I never had a password for my user but it demands one. Nor can I get in as administrator, which also never had a password. I can, however, open the one limited user account (also no password but it let me on) where I ran Avast. It identified these two viruses: Win32: Trojano-1096 and Win32: Delf-VD. But any option to treat it is denied (delete, move to chest, or rename). Is this because I’m running on a limited account or are these viruses in charge here? Any ideas about cleansing this? Thanks very much.
Most Delf Trojans add a Startup entry: Startup Entry Name, SysService - Process Name, SysService.exe
Use Task Manager to End the Process. Also to end the startup entry, Windows Start, Run, type 'msconfig without the quotes, in the new window select the Startup Tab, find the SysService entry and uncheck it.
Though if you can’t get in as an administrator I don’t know how successful this might be.
When the password window appears have you tried just leaving it blank as you mention you never set a password ?
I have tried leaving the password blank, both on my account and administrator. In the limited account I couldn’t run msconfig–it just asked me to log in as an administrator. I also couldn’t schedule a boot-time Avast scan from the limited account. I also tried shutting things off the task manager, but it didn’t seem to help.
In a late night fit of bravado I ran XP setup and recovery from the CD and used the shift-F10 security hole to get into user accounts and fix my password. It worked and now I can run msconfig, avast, adaware, spybot, etc. So we’ll see . . .
That’s good you are able to run an administrator enabled account, hopefully you will be able to track down the problem, but let us know if you need more help.
You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Welcome to the forums.
Would you mind posting the method you used? I’ve found some sites that outline this but I’ve never needed to use it.
Here is the page that explains how to do it.
http://pubs.logicalexpressions.com/pub0009/LPMArticle.asp?ID=305
Works like a charm.
Thanks. This is good to have in case someone else has a similar problem.
thank u for that XP trick…
very useful