Linked by David Adams on Fri 25th Sep 2009 16:17 UTC
Bugs & Viruses A non-OSNews-reader asks: "I've got 5 PCs that I'm trying to use to train disadvantaged young people. The problem is they are riddled with viruses and a firewall blocks me from updating them. The people in charge of maintaining the PCs won't fix them or give me the admin password (Win XP) to let me install a new or updated antivirus. The centre is being shut down in a few months. If they were working, I could still do a lot with them, so I've been looking for a good online virus scan - but they all try to download a little .exe onto your PC first, and the settings on the PCs won't allow that. Suggestions? Solutions? Links?" Read on for our recommendation. Update: It appears that this question is part of an elaborate email scam designed to propagate malware. See here for details.
Order by: Score:
Comment by Bending Unit
by Bending Unit on Fri 25th Sep 2009 16:28 UTC
Bending Unit
Member since:
2005-07-06

Nuke... orbit

Reply Score: 1

RE: Comment by Bending Unit
by bert64 on Fri 25th Sep 2009 18:54 UTC in reply to "Comment by Bending Unit"
bert64 Member since:
2007-04-23

How are the download restrictions enforced? Will it let you download other files but not executables? Are they enforced using policies on the machines themselves, or at the network level?
Can you receive files via email?
You could try to introduce the executables to the systems via some kind of removable media...
You could try embedding executables in a word document or similar..
Also see if you can access a command prompt and download files using ftp..

Can the machine boot from removable media? If you can do that, you could run 0phcrack and get all the admin passwords which will probably be the same on all the boxes. If not, can you remove the HD or connect it to another machine, maybe a laptop and a usb to ide adapter - take a copy of the drive and crack the passwords..
From a boot cd, you could probably remove the malware too, but that would do nothing to prevent the machines getting quickly reinfected.
Or you could equip every box with a linux livecd, which would probably be far more useful and safer.

Reply Score: 1

RE: Comment by Bending Unit
by bert64 on Fri 25th Sep 2009 18:55 UTC in reply to "Comment by Bending Unit"
bert64 Member since:
2007-04-23

How are the download restrictions enforced? Will it let you download other files but not executables? Are they enforced using policies on the machines themselves, or at the network level?
Can you receive files via email?
You could try to introduce the executables to the systems via some kind of removable media...
You could try embedding executables in a word document or similar..
Also see if you can access a command prompt and download files using ftp..
Are the download restrictions based on filenames? many such things are, and you can download files by renaming them on the server and renaming them back once downloaded. Or you could perhaps download a zipfile if that's permitted?

Can the machine boot from removable media? If you can do that, you could run 0phcrack and get all the admin passwords which will probably be the same on all the boxes. If not, can you remove the HD or connect it to another machine, maybe a laptop and a usb to ide adapter - take a copy of the drive and crack the passwords..
From a boot cd, you could probably remove the malware too, but that would do nothing to prevent the machines getting quickly reinfected.
Or you could equip every box with a linux livecd, which would probably be far more useful and safer.

Reply Score: 0

USB Boot?
by red_devel on Fri 25th Sep 2009 16:44 UTC
red_devel
Member since:
2006-03-30

Can these machines boot from USB? If they can, and you can afford a few cheap 2-4GB thumb drives, you have a few options. First, you could install one of many available Linux distro's that can boot off a thumb drive. I like Slax! Then you could boot all the machines up and have a go.

Second, if you really want to get back into the existing Windows install, you MIGHT be able to install ClamAV on the USB drive's Linux, boot into it, then run ClamAV on the hopefully mounted Windows partition and theoretically clean them up...I've never done anything like that, its just an idea and there may be very good reasons why that won't work.

Finally, if you can't boot from USB, you can always use a Linux Live CD and go from there, you just won't have any ability to save anything, unless you boot from CD and also plug in a USB drive from some storage space.

Anyway, it sounds like a great thing you're doing. Sorry to hear your admins are no help. A non-technical suggestion might be to try to go over their heads. Who's _their_ boss? Does he know he's stopping these kids from having useful computers?? Best of luck!

Edited 2009-09-25 16:46 UTC

Reply Score: 5

RE: USB Boot?
by looncraz on Sat 26th Sep 2009 21:05 UTC in reply to "USB Boot?"
looncraz Member since:
2005-07-24

I have successfully done exactly that ;-)

Good advice!

GO ntfs-3g!!

--The loon

Reply Score: 2

Rescuecd
by crazywomble on Fri 25th Sep 2009 16:49 UTC
crazywomble
Member since:
2009-09-25

We use this to rescue our Windows boxes http://www.sysresccd.org You will be able to remove XP passwords and virusscan from a boot disk, will also fit on a usbstick. Good luck

Reply Score: 6

RE: Rescuecd
by flanque on Fri 25th Sep 2009 22:55 UTC in reply to "Rescuecd"
flanque Member since:
2005-12-15

ERD Commander will reset that password for you too.

Reply Score: 2

Clamav
by F_u_X on Fri 25th Sep 2009 16:57 UTC
F_u_X
Member since:
2007-10-15

I'd recommend burning "clamav-livecd 2" and scanning the effected computer with it. It's a linux "live OS" that doesn't install itself on your computer, but that loads and runs from cd.

It's free and - depending on your past exposure to linux - very easy to use.

Once you have loaded the cd,

1 Issue "dhclient3 eth0" as root to bring up networking (I'm assuming you have a running DHCP server on the network, which hands out leases that enables your computers to access internet).

2 Update the virus-definitions by issuing "freshclam" as root.

3 Mount the hard-disk (if it isn't already mounted, check with "mount" first) with the "mount" command Depending on your computer it's something like:
"mkdir ~/tmp"
"mount /dev/sdaX ~/tmp" or "mount /dev/hdaX ~/tmp"

Now you can scan your computer using clamAV . More info on how to scan: http://www.clamav.net/ | http://www.volatileminds.net/projects/clamav/

Download link to clamAV-livecd : http://www.volatileminds.net/projects/clamav/ClamAVLiveCD2.0.iso

You need to boot from cdrom, which means you might have to ask for a bios-password. clamAV most of the times doesn't get "everything" removed from your computer, but it's certainly worth a try.

Quite frankly: They should trust you or enter the password for you. Not trusting the guy you are giving access to your computer to, is just plain dumb (unless they are the network admins...). Hope this helps.

Edit: Somebody "beat" me ;)

Edited 2009-09-25 16:58 UTC

Reply Score: 2

RE: Clamav
by Supp0rtLinux on Fri 25th Sep 2009 17:19 UTC in reply to "Clamav"
Supp0rtLinux Member since:
2009-09-25

This is actually quite simple. Get another system... any system and put a clean copy of Windows on it, update it, and put current AV s/w on it. Then take the hard drives from the other machines and put them into this one as secondary drives or even through an external USB enclosure and scan 'em. In fact, this helps to remove boot resident items that typically require a reboot to remove anyway. If any system files get quarantined or removed, copy them from your clean system to the same path on the other drive. Then put the drives back into their original systems and let 'em go.

If you want to keep them current after the cleansing, install a tool that tracks every change made when installing s/w. Run it while installing the AV s/w on your clean system and get a log of everything changed (new files/dirs, registry changes, etc). Then, after the other systems drives have been cleaned but are still physically attached to your clean system, replicate those changes to them (hint: for the registry, you can export the changes and import them). Now when you put them back they will be clean and have current AV s/w on them. Hopefully the f/w won't stop them from being updated, but if it does, hopefully it will also stop them from getting newer malware.

Reply Score: 1

RE[2]: Clamav
by kenji on Fri 25th Sep 2009 18:07 UTC in reply to "RE: Clamav"
kenji Member since:
2009-04-08

Still it would be much easier to use a bootable solution because dismantling the machines as swapping hard discs is much more laborious.

Alwil produces a good scanner that I believe uses FreeDOS:

http://www.avast.com/eng/avast_bart_cd.html

Of course this assumes that the machines are set to boot from CD or you have access to the BIOS.

Reply Score: 1

"Can't be bothered"
by Leroy on Fri 25th Sep 2009 17:22 UTC
Leroy
Member since:
2006-07-06

is what most non-profit system admins say. My wife works for the local community college. Her classes are on a satellite campus (not orbiting). The computers there are naturally infected, wireless access doesn't work, and the internet is basically banned. Can't even get to Gmail.

I feel for you. I've been there. You have to work in-spite of people around you. Please take the suggestions of the previous posts.

Reply Score: 1

Quality Osnews news-bit
by Googol on Fri 25th Sep 2009 17:23 UTC
Googol
Member since:
2006-11-24

OK. So why did you make a news item out of something that is really a help forum request? - I don't mind if you take a current issue to write an article that has actually something to say, i.e. offer solutions. But bigging up a random user issue to a news-entry is terrible.

Reply Score: 2

RE: Quality Osnews news-bit
by sukru on Fri 25th Sep 2009 17:29 UTC in reply to "Quality Osnews news-bit"
sukru Member since:
2006-11-19

This question was asked in an email list of our university before. I know, since I am part of that list ;)

He did not get enough replies there. But still I don't think it's front page of OSNews kind of thing.

Reply Score: 2

RE: Quality Osnews news-bit
by David on Fri 25th Sep 2009 18:04 UTC in reply to "Quality Osnews news-bit"
David Member since:
1997-10-01

I wrote this article because this was actually something that was emailed to me personally, and after I wrote a response, I thought, "I bet other people have had a similar issue, and instead of just letting my answer float out into the ether, maybe I could get my advice, mixed with the good advice of a bunch of smart people, and immortalize it at OSNews."

The reason for this article is that I advise him to not be afraid to nuke those machines and install Linux on them (or reinstall Windows). Helping to spread the word about how people have OS options is what this site is all about, and although this reader isn't in OSNews' target audience, OSNews readers are just the the kind of folks who are best qualified to give all the people out there in this guy's position some words of wisdom.

Edited 2009-09-25 18:07 UTC

Reply Score: 2

Live Linux CDs or USB Linux distros
by Evan on Fri 25th Sep 2009 17:24 UTC
Evan
Member since:
2006-01-18

It will take hours, per machine, to clean out infected systems. If you can re-install that would be fastest for getting your windows machines running windows.

If you can't, run Live Linux CDs (Ubuntu, probably), and teach using that. Any computer made since 2002 should be able to run it quickly enough.

If you can re-install, Avira Antivir is a great free AV app, and ClamAV works pretty well for scheduled system scans.

Reply Score: 1

BitDefender Rescue CD
by Arawn on Fri 25th Sep 2009 17:32 UTC
Arawn
Member since:
2005-07-13

As much as I like ClamAV or its derivatives (ClamWin), IMHO the best course is the BitDefender Rescue CD, that allows you to boot from a Live CD (it's based on Knoppix), update the signatures definitions and scan the Windows partition offline.

You can get BD Rescue CD from here:

http://download.bitdefender.com/rescue_cd/

Only problems I foresee are the Windows partition(s) being marked as 'dirty' (in need of a chkdsk, won't be automatically mounted) or not being able to update the signatures definitions (some sites have proxies and such, and/or other impediments).

Or, in line with more daring suggestions already made, getting a password changer somewhere and remove the local administrator password.

Edit: typo.

Edited 2009-09-25 17:39 UTC

Reply Score: 2

Admins
by Novan_Leon on Fri 25th Sep 2009 17:33 UTC
Novan_Leon
Member since:
2005-12-07

If the lab is being dismantled in a few weeks anyways, why wouldn't they give you local admin rights?

Ridiculous.

Assuming you need to use the current Windows OS and can't reinstall or use a Linux LiveCD, I would follow the comment above about taking the hard drives of the infected PC's, placing them in an external HD enclosure, and running anti-virus on the external HD from your laptop or good PC. You'd obviously need to be careful that your good PC is properly protected first though, and there is some risk involved.

You could always hack the Windows admin password but that might be asking for trouble, and probably isn't the preferred method. Personally, I would just reinstall Windows.

Reply Score: 1

possibly misunderstanding the question
by alcibiades on Fri 25th Sep 2009 17:47 UTC
alcibiades
Member since:
2005-10-12

Possibly misunderstanding the question, my own first assessment of the facts would be: this situation is impossible to rescue and to know for sure one has rescued it, by running any anti virus packages that exist at present.

The only secure method is to boot from optical read only media and reformat all the hard drives, then do a reinstall.

Is this maybe not understanding the question? I am always totally baffled by people who advise questioners like this that they can do this and that and 'clean' the system. They cannot. I have seen the task defeat real experts, and even after they thought they had succeeded, you ask them, are you sure?

The answer is usually a definite maybe. If anything hangs on it, total disk wipe and reformatting is the only sensible thing.

If the administration cannot be brought to see this, find another job. These guys are going to get themselves and their troops killed, its just a question of time, you don't want to be around when it happens.

But maybe I am missing the point?

Reply Score: 2

easy way to reset XP password
by broch on Fri 25th Sep 2009 18:03 UTC
broch
Member since:
2006-05-04

1) boot from installation CD
2) when asked press "R" (repair
3) let "repair" windows
4) restart, but DO NOT REMOVE CD
5) when system starts (from CD) and you will see Installing devices progress bar
press Shift + F10
6) in CLI enter:
NUSRMGR.CPL
7) now you will see a window with user accounts
8) alternatively when in CLI enter:
control userpasswords2 and select logon without password
9) once admin password is modified close all windows and continue with repair. If you stop system repair, everything will go back to the original state (before changing password)
10) now you can boot to windows and install AV

This worked pretty well long time ago. Obviously this is security hole so it is possible that MS fixed this and if you have latest/updated XP install disk above operation will not work.

Reply Score: 1

RE: easy way to reset XP password
by merkoth on Fri 25th Sep 2009 20:36 UTC in reply to "easy way to reset XP password"
merkoth Member since:
2006-09-22

It's been a long time since I tried something similar, but doesn't the repair procedure ask for the administrator password of the machine you want to repair? I think I remember something like that...

Reply Score: 2

broch Member since:
2006-05-04

no password is not required for XP repair from CD. as I said this could be considered as security issue, however in some circumstances asking for password would defy whole point of XP repair CD

Reply Score: 1

phoenix Member since:
2005-07-11

no password is not required for XP repair from CD. as I said this could be considered as security issue, however in some circumstances asking for password would defy whole point of XP repair CD


If the Administrator account on XP has a password set, then you will be asked for that password when you enter the Repair Console from the XP install CD. This Repair Console is the one that you access by hitting "r" from the first menu in the XP install.

You don't need the a password if you want to do a "Repair Install", which is different from accessing the Repair Console. A repair install is accessed by hitting "enter" at the first menu in the install (to Install XP), and then selecting the existing installation, and hitting "r" for a repair install.

However, if you can boot off a CD, there are better options than trying to use the built-in Windows tools. Unix LiveCDs are much better for this.

Edited 2009-09-26 20:25 UTC

Reply Score: 2

RE: easy way to reset XP password
by AnyoneEB on Fri 25th Sep 2009 22:47 UTC in reply to "easy way to reset XP password"
AnyoneEB Member since:
2008-10-26

There is actually a utility for resetting passwords on Windows NT/2k/XP/Vista: http://home.eunet.no/pnordahl/ntpasswd/ . It runs off a boot disk (CD or floppy).

Reply Score: 2

rgathright
Member since:
2009-09-24

I used to manage a computer lab for McNeese State University. The students would come in and corrupt the computers on a daily basis.

To solve ANY PROBLEM, I kept a set of three hard drives with duplicate images for the 25 computers in the lab.

If a system failed due to viruses, I would pull out an IDE ribbon cable and power plug, boot from the secondary drive directly into Ghost and just drive copy over the old OS. Process took less than 15 minutes (small footprint version of Windows XP).

Simple, repeat as often as necessary.

Now if you have an integrated PC or laptop lab like the ASUS 1005HA http://bit.ly/44CHFm life is going to much harder for you. In a society where PC's are thrown away on a daily basis, you should consider getting a batch of identical older computers and moving to a scenario I described above.

Edited 2009-09-25 18:10 UTC

Reply Score: 1

Another Option
by birdmun on Fri 25th Sep 2009 18:34 UTC
birdmun
Member since:
2009-06-11

I would offer the thought of using a version of puppy linux that runs from a usb drive as an executable during a running windows session. It is called QEMU-Puppy. It would seem that some assembly is required.

Reply Score: 1

GPL it
by Zyyx on Fri 25th Sep 2009 18:57 UTC
Zyyx
Member since:
2008-10-23

Set up a remote server (even at home). Throw Fedora 11 on it. Then setup FreeNX on it. Then have all the people using the XP infectobrigade simply point their browsers to the NX plugin you put into apaches directory and presto. They all have a linux desktop in a window on their XP desktop. Wont solve all the problems etc but with the restrictions even in default F11 and those you can impose even if someone can see the desktop and type in it the user is going to be clobbered. Then you can train them on a clean linux install and ignore all the MS crap. FreeNX will make the desktops perferm exceedingly well over even a very modest line. Its designed for near native speeds even over the likes of 33.6. It will even allow you to print to a local printer and listen to sound etc.

Reply Score: 1

RE: GPL it
by Zyyx on Fri 25th Sep 2009 20:13 UTC in reply to "GPL it"
Zyyx Member since:
2008-10-23

BTW its important to point out here (as so many are mistakenly making it sound) is if they allow these machines to browse the net and run simple java applets my suggestion isnt violating anything. It does NOT install linux. Linux runs on the remote machine. All that "installs" is the java program it runs allows display of the remote linux desktop in the window. Each login has its own desktop. They are not shared. That is, each user would have their own unique user and desktop. Its all encrypted via ssh (and no you dont need ssh and no you dont need port 22 access at your local computer etc).

Reply Score: 1

RE: GPL it
by nt_jerkface on Fri 25th Sep 2009 20:26 UTC in reply to "GPL it"
nt_jerkface Member since:
2009-08-26

Your solution is to setup a FreeNX server? Are you kidding me?

If the goal is to get an external browser going then why not use firefox portable on a usb drive?

What if the malware is causing popups or system degredation?

Good lord every computing solution does not have to involve Linux.

Anyways as others have said use a boot cd with an anti-virus or remove the drives and scan them with a clean computer. You don't have to worry about the drives infecting the clean computer. That is only a risk if you run programs from the drives.

Reply Score: 3

Politics trump technology here
by eco2geek on Fri 25th Sep 2009 19:42 UTC
eco2geek
Member since:
2009-09-23

If "the people in charge of maintaining the PCs won't fix [the computers] or give [him] the admin password (Win XP) to let [him] install a new or updated antivirus" then it's not "[his] computer lab" in the first place.

Before anyone can offer him a technical solution, I think we need more information about what exactly he's allowed and not allowed to do, and what kind of trouble, if any, he'd get into if he did something radical like wiping Windows and installing Linux.

Red_devel's suggestion above, to go to the site admins' boss, is the first thing I'd do. (Also the idea of running Linux off a USB key or live CD is a good suggestion, if he's allowed to.)

Reply Score: 1

ubcd4win
by wanker90210 on Fri 25th Sep 2009 19:47 UTC
wanker90210
Member since:
2007-10-26

The only way I've successfully battled with infested computers (and not been able to physically put the sick harddrive in an external bay and scan it) was to use ubcd4win. It's a boot cd that you create yourself using a noninfected system as a template. This way you get all msft:s file system drivers etc and a proper environment for windows programs to run. When you boot from it, the bad programs have not been started and cannot therefore fight back.

The nice thing with ubcd4win is that you can download programs and install on the ramdisk. Thus you'll always be able to use the very latest versions which is essential.

Reply Score: 1

Argh.
by NathanHill on Fri 25th Sep 2009 19:49 UTC
NathanHill
Member since:
2006-10-06

Most of the suggestions in this thread seem to come from la-la land.

Don't pull out any hard drives and put them in enclosures.

Don't install any version of Linux.

Don't waste your time wiping the machines.

If you can't download any other anti-virus or spyware removal software, then don't bother running a LiveCD (though it might be the least painful of all other options).

And even though it was my first thought, don't get the admin password, cause if you get caught, you are setting a terrible example of responsible computing.

If the organization is going to scrap the computers and doesn't want to waste time fixing them up, don't go after a lost cause. Spend your time doing something more constructive - like helping them have a plan to recycle the old equipment, brainstorming with them about future computer lab plans and equipment needs, or just using the extra time you will have in your day to read a good book, watch a movie, or make new friends.

Even if you spend a bunch of time doing all this crazy stuff, you are only going to delay the problem since nothing is really changing. They'll just get infected again until the computers are dumped. It's a lost cause. Fight other battles.

Reply Score: 3

RE: Argh.
by nt_jerkface on Fri 25th Sep 2009 20:30 UTC in reply to "Argh."
nt_jerkface Member since:
2009-08-26

Don't do anything.

What a great solution, I'm sure he never thought of that.

Reply Score: 1

RE[2]: Argh.
by NathanHill on Fri 25th Sep 2009 22:26 UTC in reply to "RE: Argh."
NathanHill Member since:
2006-10-06

Don't do anything.

What a great solution, I'm sure he never thought of that.


Right.

It's what the people in charge of the lab want him to do. And even if he fixes the problem, the computers get shut down in a few months. I mean, seriously, this isn't some heroic moment to show your computer skills. There are just much better battles to fight. Spend your positive energy in a place where people are going to appreciate it.

Reply Score: 2

RE[3]: Argh.
by Jokel on Sat 26th Sep 2009 06:17 UTC in reply to "RE[2]: Argh."
Jokel Member since:
2006-06-01

I think you hit the nail on the head. Let me illustrate this with a with a little story:

A friend of my was working in a IT department from a large institution. There was a small training room filled with computers. They where all badly infested with malware and viruses. Needless to say they where not connected to the corporation network, but had their own "line" to the outside world. The IT department did not want to put in any effort to clean up the mess.

My friend got the idea he could make some promotion by showing off his skills. And this looked the ideal opportunity. Yeah - he would be ranking high by taking this "personal" effort. Anyway - his idea was to impress upper management by getting the computers back working smoothly and malware/virus free. He did this little project in his spare time, and managed to get everything in full working order.

You should think they would be grateful - yes?

Sadly they where not happy at all. You see - they want to replace the "old" computer stuff with brand new equipment. They just have to "persuade" the upper echelon by claiming the computers where slow, crashing and not longer useful. Imagine their horror when they demonstrated the "useless" computers to this higher echelon and they where purring like a kitty?

Needless to say these computers where not replaced. When my friend proudly declared later on (without knowing what has happened) what he had done, he was "rewarded" with a promotion to a one-man "special cases" department. He even got his own (very tiny) room. He spend a few months cleaning up dirty mouses, keyboards etc. before he resigned and and left the institution.

Moral of the story?

Never ever take action on your own in a large institution before checking this out with someone higher in the chain. An never, never, never, ever do something that can piss off the IT administrator group...

Reply Score: 3

RE[4]: Argh.
by nt_jerkface on Sat 26th Sep 2009 16:07 UTC in reply to "RE[3]: Argh."
nt_jerkface Member since:
2009-08-26

Here's a story that reinforces my philosophy of doing nothing: blah blah some guy I heard about blah blah got in trouble for trying too hard blah blah blah.

Yea, we understand that you would be the guy sitting on his ass reading a magazine saying that it is out of your hands.

If I was working at a non-profit where kids go to learn about computers I wouldn't let a couple worthless IT admins screw the place up. I'd laugh if they filed a formal complaint over me fixing the computers.

Even if they got me booted, so what? It probably isn't worth my time to be at such a retarded organization.

Reply Score: 2

RE[5]: Argh.
by darknexus on Sat 26th Sep 2009 16:23 UTC in reply to "RE[4]: Argh."
darknexus Member since:
2008-07-15

To be fair, things like that really do happen especially in larger corporations, if you don't clear things with those ahead of you it's possible, even likely, that you'll step on someone's little pet project and that someone just might be high enough to cause you grief. That being said, for every person that is a control freak and would stamp out personal initiative, there are usually two more who would thank you for making the effort and taking time to get things working properly. Still, I don't think people can be blamed for being careful.

Reply Score: 2

RE[6]: Argh.
by Jokel on Sun 27th Sep 2009 06:47 UTC in reply to "RE[5]: Argh."
Jokel Member since:
2006-06-01

I forgot to say it was around the year 2000. The time the y2k fear was on the highest level and IT departments where entity's that where growing and splitting up beyond control. All under the willfully eye op the "management" group that grew in importance with every split. Hence the "special department" that was created just for this friend.

Needless to say things are bit different now...

Reply Score: 1

RE[4]: Argh.
by DrillSgt on Sat 26th Sep 2009 16:26 UTC in reply to "RE[3]: Argh."
DrillSgt Member since:
2005-12-02

Moral of the story?

Never ever take action on your own in a large institution before checking this out with someone higher in the chain. An never, never, never, ever do something that can piss off the IT administrator group...


Maybe I have just worked at companies that are too small, the largest having about 600 employees. I am having a problem grasping that someone with the access to these computers to do such a task was not in the IT Administrators Group. Where else could he have worked and had access to the computers and the proper software to perform such a task? If he was in Sales or something, then I can believe it. Maybe he pissed off upper management, but I am sure he didn't piss off the people in his own group that are not bean counters.

Reply Score: 2

RE[5]: Argh.
by Jokel on Sun 27th Sep 2009 06:42 UTC in reply to "RE[4]: Argh."
Jokel Member since:
2006-06-01

It was a large organization with more then 5000 workers. The IT structure was organized in separate departments. The workers in each department had just enough rights to do their job. Software was installed by using Tivoli. The department where he was working was a hardware install- and maintainance group. He has local administrator rights, and rights to install a basic software suite. The more specialised software was installed using Tivoli by the software group. You also had a network group and a server- and administrator group. Also there was a security group that controlled accounts and rights.

If you have ever worked in a big organisation you know all these groups are in competition with each other. Layered between those group is a management group that coordinates the whole bunch. Needless to say the management group flourish when the competition between groups is high.

The guy I was talking about was brand new and did not understand a bit of the the politics that was playing between groups, and groups and management. I agree it was stupid to ignore this, and he never made that mistake again. But hey... It was hist first job in this field hmm?

By the way - this was around the year 2000. The y2k fear was on the highest level, and they would hire anyone who knows a computer has a qwerty keyboard (and give anyone who know somebody to hire a fat bonus if he would get him "on board").

Things have very much changed after this time....

Reply Score: 1

RE[3]: Argh.
by ekcol on Sat 26th Sep 2009 10:32 UTC in reply to "RE[2]: Argh."
ekcol Member since:
2009-09-26

Yeah, I'm sure the disadvantaged kids are really going to appreciate that he sat on his ass reading a book. Shutting down a charity project with several months of funding left over, because you can't be bothered to argue with the IT department, what a fantastic use of positive energy. I mean, it's only a few months. Disadvantaged kids get so many opportunities anyway no one will even notice.

I'm sorry if those of you working in big companies have become jaded husks of human beings, but "give up because it saves hassle" isn't the solution to everything. This isn't a big company. No one is going to get in trouble for reinstalling the OS on the broken computers they let the poor kids use. IT aren't refusing to fix this project's computers for some corporate reason which fixing them would interfere with. It's because they don't want to, they know they won't get into trouble for ignoring the charity project, and like a few commenters here, they're soulless office drudges who don't care about helping others.

Reply Score: 2

Try konboot
by knightrider on Fri 25th Sep 2009 19:59 UTC
knightrider
Member since:
2006-12-11

Build a konboot cd and boot from that if possible...You should be able to access the desktop with admin rights.

Reply Score: 1

Polish Antivirus Online Scanner
by RshPL on Fri 25th Sep 2009 19:59 UTC
RshPL
Member since:
2009-03-13

IE only, depends on ActiveX.
http://www.mks.com.pl/skaner/
Saved my ass once or twice.

Reply Score: 1

Run a powerful magnet on the disk drives
by goffster on Fri 25th Sep 2009 20:17 UTC
goffster
Member since:
2007-11-24

They will be forced to re-install the O/S

Reply Score: 2

sysclean from trendmicro
by poundsmack on Fri 25th Sep 2009 20:34 UTC
poundsmack
Member since:
2005-07-13

http://www.trendmicro.com/download/sysclean.asp

this is what i use when things go really wrong. just make sure to read the read me ( http://www.trendmicro.com/ftp/products/tsc/readme.txt )

you don't need ot install anything or need admin privilages to run. good luck

Reply Score: 2

RE: sysclean from trendmicro
by nt_jerkface on Fri 25th Sep 2009 22:12 UTC in reply to "sysclean from trendmicro"
nt_jerkface Member since:
2009-08-26

You can run it but you need admin access to repair system files.

Reply Score: 1

ophcrack live cd!
by ple_mono on Fri 25th Sep 2009 21:08 UTC
ple_mono
Member since:
2005-07-26

Ophcrack lice cd can deliver the admin passwords you are looking for. I've used it myself a few times, and it works very well.
http://ophcrack.sourceforge.net/

EDIT: may not be perfectlyu legal in your situation though, but hey, you asked for a solution...

Edited 2009-09-25 21:10 UTC

Reply Score: 2

Make a BartPE LiveCD + Password Renew
by GMFlash on Fri 25th Sep 2009 21:28 UTC
GMFlash
Member since:
2006-06-30

BartPE: http://www.nu2.nu/pebuilder/
Password Renew: http://www.kood.org/windows-password-renew/

With Password Renew, you can create a new user with administrator rights while leaving all of the other users intact. Do what you have to do then remove the temporary admin user.

Reply Score: 1

If I was doing it...
by kpropell on Fri 25th Sep 2009 22:18 UTC
kpropell
Member since:
2006-11-20

Just reset the admin password using Trinity Rescue Kit and install your new antivirus ;)

Reply Score: 2

jabbotts
Member since:
2007-09-06

Avira Antivirus makes a liveCD. It'll boot the system, mount the drives and scan for viruses. It can be set to try and clean or remove infected files though I usually use it for identification then manually remove found issues. It doesn't care about Windows permissions, user accounts or passwords since it's not working through Windows at all.

http://www.avira.com/en/support/support_downloads.html

Download the .ISO listed there, burn it to CD and start with the rebooting.

This may allow you to clean the systems while retaining the installed OS; assuming you pay attention to what it finds infected or wants to delete.

The alternatives are the other comments mentioning full reinstalls from clean media or running from liveCD. I've found Mandriva 2008.1 an excellent liveCD to work from. It's light on resource needs and provides a very complete selection of software along with great hardware detection and support.

Reply Score: 2

Follow the instructions here
by bsnipes on Fri 25th Sep 2009 23:17 UTC
bsnipes
Member since:
2005-07-06

http://www.techmixer.com/kaspersky-rescue-disk-load-kaspersky-antiv...

Make the CD, boot the computer with it, let it clean the viruses. It won't catch everything but might be enough to get you by for a while.

Reply Score: 2

two steps
by unclefester on Sat 26th Sep 2009 05:05 UTC
unclefester
Member since:
2007-01-13

1. insert Ubuntu cd
2. reboot

Reply Score: 1

The original email was spam
by kbloodstone on Sat 26th Sep 2009 05:07 UTC
kbloodstone
Member since:
2009-06-03

I received the exact same email through a mailing list I subscribe to. This list is fairly small, and the sender was a new member.

Several people replied with suggestions.

Suddenly, out of the blue, another new member popped up, and suggested some unknown online scanner.
Since I run Linux, I checked it out without worries.
That "online scanner" showed right away an animation of a scan running on my machine, within seconds, and showed me several infections in my C;, D;, and Windows system folder.
Since I run Linux, that's just absolutely impossible, of course.

Then it suggested I download a file "OnlineScan345346.exe", and very helpfully proceeded to open the download request for me.

It's a trojan, and a very new and nasty one at that. I have downloaded already 2 variants of it from the same place on 2 different computers. I have submitted them to Avira (which is what I use on Windows), and hopefully it will become better known soon.

That said, advice on cleaning viruses is always welcome, so the discussions on this article are useful for a lot of people anyway. So no harm done, unless you clicked on the second fake mailing list member's advice.

My advice for this is to use the Avira Rescue CD:
http://www.free-av.com/en/products/12/avira_antivir_rescue_system.h...
F-Secure also makes a really good rescue CD:
http://www.f-secure.com/linux-weblog/

Reply Score: 2

RE: The original email was spam
by Bobthearch on Sat 26th Sep 2009 23:41 UTC in reply to "The original email was spam"
Bobthearch Member since:
2006-01-27

Yep. Spam. And OS News fell for it.

Google for the first few sentences of the message in quotes. You'll see this has been posted word-for-word dozens of times on online forums.

"I've got 5 PCs that I'm trying to use to train disadvantaged young people. The problem is they are riddled with viruses and a firewall blocks me from updating them. The people in charge of maintaining the PCs won't fix them or give me the admin password (Win XP) to let me install a new or updated antivirus. "

Reply Score: 2

RE: The original email was spam
by David on Mon 28th Sep 2009 17:44 UTC in reply to "The original email was spam"
David Member since:
1997-10-01

It actually kind of makes my day to find out that I fell for an elaborate spam scheme. I still think that this made a pretty good Ask OSNews topic, though, because I can't tell you how many people I know have computers that barely work because of malware, and operating systems are such a mystery to them that they don't feel empowered to do anything about it. I thought that the advice that the readers gave was knowledgeable, creative, and helpful.

The reason I'm so happy to have been taken in by this scam is that it's been a very long time since I've seen an email-based scam that wasn't totally transparent to me. Posting an earnest-sounding query to an online forum intending to go back and suggest a malware-infected download to trick other people is really a quite brilliant idea. I guess it just goes to show you, just because someone on the internet says to do something, that doesn't mean it's a good idea.

Reply Score: 1

Why make things so complicated ?
by funny_irony on Sat 26th Sep 2009 05:52 UTC
funny_irony
Member since:
2007-03-07

Why make things so complicated ?

Download FREE Norman Malware Cleaner using another PC to an USB pen drive.
Then take the USB pen drive to the infected PC.
Boot up the infected PC in safe mode by pressing F8 during start up
Plug in USB drive and run Norman Malware Cleaner to scan.

Norman Malware Cleaner can detect and remove more than 2,000,000 viruses.
here is the web site
http://majorgeeks.com/Norman_Malware_Cleaner__d5450.html

Reply Score: 1

No password - no problem
by Zolookas on Sat 26th Sep 2009 08:27 UTC
Zolookas
Member since:
2006-03-01

You can burn kon-boot CD to bypass admin password: http://www.piotrbania.com/all/kon-boot/
Also you can do many things other people recommended here to change it.

Reply Score: 1

The definitive solution
by shiva on Sat 26th Sep 2009 21:35 UTC
shiva
Member since:
2007-01-24

The definitive solution

http://www.mandriva.com/en/download/free

Reply Score: 1

adricnet
Member since:
2005-07-01

There is a lot of great technical information on this thread and in David's reply, and some neat Linux advocacy.

Unfortunately this is not a technical problem but a political one. Before doing anything to those computers please verify your status with the organization and make certain you have authorization to make changes. If you are a volunteer or not some kind of employee I would recommend getting a signed letter from someone in the host organization before touching a thing.

It is a mad (crazy) world and people have been fired and even jailed for trying to be helpful in this manner. Please make sure you won't get into trouble before doing anything to those computers!

Reply Score: 1

Rescue Virus Infected PCs - My 2 cents
by TaiChiBabbo on Sat 26th Sep 2009 23:42 UTC
TaiChiBabbo
Member since:
2008-01-07

Good advice in postings so far.
I have to agree with having permission to make changes from someone (actually) in a position of authority,

That being said:
1.) If you can boot from the CDrom drives, there are two ways I would go.

First, and easiest go to http://www.freedrweb.com/livecd/ and download the bootable LiveCD free version of Dr.CureIT. This is a bootable, standalone CD with a virus/malware engine running on top of a Linux OS. So you boot up outside of any windows environment, before any windows login can be loaded and you run the anti-virus/malware on "full scan mode" (read the documentation) after downloading the database updates online. You can do this since you are up in Linux and can connect either with ethernet or wireless.

This LiveCD will let you bypass windows, the need for passwords and will find 99% of your problems. If nothing else it is quick and dirty and might get you up and running quickly.

Second way: Go to http://home.eunet.no/pnordahl/ntpasswd/ and download the "Offline NT/XP/Vista Password & Registry Editor" disk (it is also self booting from a CD). Read the documentation several times (it is very easy to shoot yourself in the foot). This program works at a very low level so you must understand basically what is going on. For the most part you can just accept the programs defaults, but there are a few places were it is easy to go VERY wrong. But after you use this program once or twice you will wonder how you ever lived without it!

This program will allow you to go into the registry (the hive actually) and (the easiest way) "blank" out any password that is set, even the administrator. You really are only interested in gaining control of the administrator. Once you have that you have it all, right? So after you have "blank" out the admin password, (there is no password now). You reboot into windows (safe mode with network is best to start) and go to the website www.malwarebytes.org and download the "free" version of Malwarebytes' Anti-Malware program. Install it, check for updates and run a full scan. A full scan will take some time (especially in safe mode) but will get rid of nasties like AV2008, AV2009, etc. When it finishes read the report and take appropriate actions suggested. Then reboot windows into normal and run Anti-Malware again in "quick scan" mode and check for alerts. If there are none "good" if you still have some or are in any doubt, run it again in "full scan" mode. Malwarebytes is very, very good at stamping out "nasties". It is one of the best Anti-malware programs I have used to date, and I have been through many, many programs over the last 30+ years. Again just my 2 cents, I'm sure there will be others. Good hunting!

Reply Score: 1

Simpler solution
by djitanium on Sun 27th Sep 2009 13:31 UTC
djitanium
Member since:
2009-09-25

Home Depot sells a tool called a FUBAR. It has a blunt striking surface as well as a pry bar. Give each PC about six or eight heavy blows with the blunt edge. Then use the prying tool on the FUBAR to finish the disassembly.

You won't have to worry about spyware, viruses, or trojans any longer. The machines will be completely inoperable.

Reply Score: 1

SPAM
by biffuz on Sun 27th Sep 2009 14:23 UTC
biffuz
Member since:
2006-03-27

Dude, this is spam. This thing appeared on almost four mailing lists and forums I'm subscribed to, shortly followed by an antivirus advertisement (a trojan of course).
How could you fell in the trap? Delete this thing now before people will start laugh at this site.

(P.S. it's funny to see how many readers here fell in the trap too and quicly replied to someone who openly asked how to break into a computer)

Edited 2009-09-27 14:26 UTC

Reply Score: 1