Back again. :-(

Well guys and gals - I'm back again. As some of you may remember - back at the beginning of this year I had a hacker attack us and dump viruses and stuff onto my system. I fought with him for about a month, finally won (with everyone here's help) and kicked him off of our systems.

Well - either he is back or someone else is here. What happened was that I was going along - everything was cool - and then stupid me accidentally uninstalled TightVNC's server. No biggie - right? I would up completely uninstalling TightVNC, re-installing TightVNC, and then thought that maybe I'd just use RDP instead. So I set it so I could log in via RDP and POOF! I was suddenly kicked off of the system with the message "This account is not allowed to logon interactively". I was like -say what? So I grabbed the laptop, and tried to log in from the console. No go. So I shut the system down immediately.

Here is what the problem is: TightVNC has a Java interface. That interface I normally have turned off (and the people who make TightVNC should have the default as off. Unfortunately - it is set as true (ie:checkbox has a checkmark in it). So that is how the hacker got in.

My problem right now (and my only problem right now until I get in and can take a look) is that I can not log into the system. The hacker set my account so I can't log in interactively. So I'm wondering if anyone knows what the registry setting is that handles this so I can reset it back to letting me log in. Once I get that I can then go through and remove anything the hacker did via safe mode.

So! My question is - does anyone know how to make it so you can log in again after a hacker gets hold of the system? There has to be a way to do this. I'm looking through what Google is giving. (By the way - anyone notice that Google seems to be becoming less useful? Especially in the maps area? It takes several tries to get it to stop just giving you information about placed in YOUR area. Like say I wanted to go to Las Vegas and wanted to know if there was a Red Robin in Las Vegas. It seems to always revert back to Red Robin restuarants around me. Just an observation.)

Anyway - if anyone has any kind of ideas - I'd appreciate hearing from you. TIA!

Mark

 

Ok - I did some more research and found this:

http://www.tomshardware.com/forum/238797-45-local-policy-permit-logon-interactively#.

So now I'm not thinking it is a hacker but my own fault. (Errrr...it was my own fault either way actually. I mean I did this to myself.) More as I find out more.

 

Ssssssshew! Ok - good news! UBCD4Win had a program called "Registry Restore Wizard" which allowed me to restore the registry back to the March 16th date when I made my last changes to the registry to prevent anyone from hacking in to my system and WOILA! (Or however you spell it!) The system is back up and running. Now all I have to do is to make sure that TightVNC is restored properly properly so it works and I'm back to being good to go!

What can I say? Thought I had been hacked again. But no - just being stupid. :-/

Later everyone!

Oh! For those who might be interested - when last we parted after you all helped me out before the systems have been rock steady. I now use SUPERAntiSpyware, Avira, and Comodo's Firewall. No breakins (except imaginary ones).

How are we doing physically? I'm glad you asked! My wife was in the hospital back in May for pneumonia. She got better (but not over it) and relapsed in August. Hospital again. Then she got Lymphodema (not lymphoma) and is currently back in the hospital. She will probably be there for this next week too.

What can I say?