XP requires password when I never installed one

Zyxx · Apr 2, 2008

Don't know whether this goes in Malware removal or Software related forums. Feel free to move this to the right place.

Here comes the problem.

My PC was infected with the famous Vundo trojan.

When VundoFix and other similar programs reported they didn't find any threats I searched the web for solutions. And I found them, so I manually removed the threat.

I turned off System restore.
I managed to delete all the related files from /system32 directory.
I searched for references to these files in the registry, and deleted them as well.

Then I rebooted, and ... instead of going directly into Windows as usual the password screen appeared. I never installed a password.

Back to the web, on another PC. New websearch revealed others with the same problem. Found this site, and decided to create a Petter Nordahl-Hagen's Offline NT Password & Registry Editor disk. With that I reset the password to no password. Reboot. Still the password login screen. I hit Enter, because I set it to no password. A message appears: Unable to log you on because of an account restriction. Again, I use Petter's CD to set the password to something substantial ("123"). Reboot. Back to the password screen, and nothing works, not even the 123. In short, Vundo has locked me out.

I figured it must be some traces left in the registry.
So I built a BartPE bootable CD, with a RegEdit plug-in. Now I can get access to the registry on my infected PC, but I haven't got a clue what I'm looking for.

Anybody?

chaslang · Apr 4, 2008

Welcome to Major Geeks!

If you had a Vundo infection, it would a very good idea for you to run thru the below cleaning procedures even if you believe you are clean. There are many many forms of Vundo out there and it can hide files all over your PC and many tools/scanners will not find them. If you turn up clean, that's great, but better safe than sorry.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

Zyxx said: ↑

Then I rebooted, and ... instead of going directly into Windows as usual the password screen appeared. I never installed a password.
Click to expand...

Well it is a very BAD idea to boot into Windows the way you were anyway. It is much much less secure. And not having a password is like leaving your car running with the door open in an area were hundreds of car theives live. I bet you are auto logging into an account with administrator priviledges too and surfing the internet this way! Very dangerous. You need to read and follow the instructions in this: How to Protect yourself from malware!

Since you were editing in the registry on your own, there is no way for us to know exactly what keys you may have deleted. The Window Welcome Screen can easily be turned on and off via a registry patch or via a system policy but again this is really not recommended. If you really still want to do this even though it is a back idea, try the below and see if it works.

Click Start, Run and enter control userpasswords2 in the run box and click OK. Note there is a space after control but no space before the 2.

In the User Account form that pops up, highlight the user you want to log into automatically

Then uncheck the box that says

Users must enter a username and password to use this computer

Click on Apply and you'll be asked to verify the username and password to log in automatically.

Click OK and the next time you restart your computer, you will automatically be logged in without having the classic prompt or Welcome Screen.

Log in or Sign up

XP requires password when I never installed one

Zyxx Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member