Ok dok, here's the problem. Pal of mine had a computer hosed with tons upon tons of Spyware and Adware. It was nasty. So, I start off by uninstalling all this BS software, running Spybot, and lastly Ad-aware. There was one thing I couldn't get rid of (before running Ad-aware). There was this little search bar on his start menu toolbar that refused to leave, no matter my effort. It took you to Blazefind once you ran it.
So, as I was moving along my clean up procedure, I got to Ad-aware, and it detected this search bar and proceeded to remove it. However, this particular adware is a bastard. It changes your user login registry keys to point to its software in addition to the usual stuffs. But now, the files no longer exists. So when it tries to login, it gets an error (that it never shows), and immediately logs you off. I know there's an option somewhere to disable automatic logoff when there's an error during login, but that's neither here nor there.
I can't login as his user, as admin, or in safe mode. It always kicks me right back off. After doing some google-ing, I find out what the trouble is. I tried using regedit over the network to connect to his registry remotely, but for some reason that doesn't seem to fly. I can add his computer name in the list, but it won't actually let me touch anything. It detects his computer name, and I enter in his username (he just uses a blank password). It doesn't even list all the registry folders for his machine (just 2 of the initial HKEY_* folders).
At , where I figured out what the damn problem was in the first place, I noticed the other option is using the Recovery console to edit the registry, but I'll be damned if I can get it to let me do that. I can use it move old registry entries around, allowing me to log on the system so he doesn't loose any data, but what would be most preferable would be to just fix the old user login registry key.
Boy what a long-winded post. Anyways, any tips (as always) are greatly appreciated!
So, as I was moving along my clean up procedure, I got to Ad-aware, and it detected this search bar and proceeded to remove it. However, this particular adware is a bastard. It changes your user login registry keys to point to its software in addition to the usual stuffs. But now, the files no longer exists. So when it tries to login, it gets an error (that it never shows), and immediately logs you off. I know there's an option somewhere to disable automatic logoff when there's an error during login, but that's neither here nor there.
I can't login as his user, as admin, or in safe mode. It always kicks me right back off. After doing some google-ing, I find out what the trouble is. I tried using regedit over the network to connect to his registry remotely, but for some reason that doesn't seem to fly. I can add his computer name in the list, but it won't actually let me touch anything. It detects his computer name, and I enter in his username (he just uses a blank password). It doesn't even list all the registry folders for his machine (just 2 of the initial HKEY_* folders).
At , where I figured out what the damn problem was in the first place, I noticed the other option is using the Recovery console to edit the registry, but I'll be damned if I can get it to let me do that. I can use it move old registry entries around, allowing me to log on the system so he doesn't loose any data, but what would be most preferable would be to just fix the old user login registry key.
Boy what a long-winded post. Anyways, any tips (as always) are greatly appreciated!
