Does anyone know how to get around the log on user screen in XP Pro? My
laptop was hacked into the other day and the passwords scrambled. The
laptop is used for work and I need data to write some reports. Can´t
think of any solution except for physically removing the drive and
hooking it up as a slave to another machine.
Gary

You may have to move the drive.

If you were hacked, the only reasonable fix after you retrieve the
data is a Clean Installation, destroying all data.
Unless you know EXACTLY what the hacker did and to what extent.
It may be nearly impossible to know if the computer is safe from what
the hacker did otherwise.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;321305
Or
Reboot to Safe Mode, select Administrator, leave password blank.
Then go to User Accounts in Control Panel.
Select the user and change the password.
If you are using Windows XP Pro and have encrypted data, you may
permanently lose access to the encrypted data.

Here are other options:
http://www.wininternals.com/products/repairandrecovery/index.asp
http://www.sunbelt-software.com/product.cfm?id=265&affid=wxpnews

Another option is to install Windows XP on another partition and take
Ownership of your data.
You could also perform another installation on the same partition,
although this is not a permanent fix and it is recommended to perform
a Clean Installation after retrieving your data.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
Please respond to newsgroup only for everyone's benefit.


" "> wrote in message
...
> Does anyone know how to get around the log on user screen in XP Pro?
My
> laptop was hacked into the other day and the passwords scrambled.
The
> laptop is used for work and I need data to write some reports. Can´t
> think of any solution except for physically removing the drive and
> hooking it up as a slave to another machine.
> Gary

Try the program found at this website - it allows you to=20
boot and blank out the administrator password without=20
knowing the current password. Follow the onscreen prompts.

Worked for me recently when I had to work on an XP PC=20
setup by a former coworker=20

http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html

I would then suggest saving your data & following the=20
other advice of doing a clean install .....


>-----Original Message-----
>You may have to move the drive.
>
>If you were hacked, the only reasonable fix after you=20
retrieve the
>data is a Clean Installation, destroying all data.
>Unless you know EXACTLY what the hacker did and to what=20
extent.
>It may be nearly impossible to know if the computer is=20
safe from what
>the hacker did otherwise.
>
>http://support.microsoft.com/default.aspx?scid=3Dkb;EN-
US;321305
>Or
>Reboot to Safe Mode, select Administrator, leave=20
password blank.
>Then go to User Accounts in Control Panel.
>Select the user and change the password.
>If you are using Windows XP Pro and have encrypted data,=20
you may
>permanently lose access to the encrypted data.
>
>Here are other options:
>http://www.wininternals.com/products/repairandrecovery/in
dex.asp
>http://www.sunbelt-software.com/product.cfm?
id=3D265&affid=3Dwxpnews
>
>Another option is to install Windows XP on another=20
partition and take
>Ownership of your data.
>You could also perform another installation on the same=20
partition,
>although this is not a permanent fix and it is=20
recommended to perform
>a Clean Installation after retrieving your data.
>
>--=20
>Jupiter Jones [MVP]
>An easier way to read newsgroup messages:
>http://www.microsoft.com/windowsxp/pro/using/newsgroups/s
etup.asp
>Please respond to newsgroup only for everyone's benefit.
>
>
" "> wrote in message
...
>> Does anyone know how to get around the log on user=20
screen in XP Pro?
>My
>> laptop was hacked into the other day and the passwords=20
scrambled.
>The
>> laptop is used for work and I need data to write some=20
reports. Can=B4t
>> think of any solution except for physically removing=20
the drive and
>> hooking it up as a slave to another machine.
>> Gary
>
>
>.
>

Jupiter Jones [MVP] wrote:
> You may have to move the drive.
>
> If you were hacked, the only reasonable fix after you retrieve the
> data is a Clean Installation, destroying all data.
> Unless you know EXACTLY what the hacker did and to what extent.
> It may be nearly impossible to know if the computer is safe from what
> the hacker did otherwise.
>
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;321305
> Or
> Reboot to Safe Mode, select Administrator, leave password blank.
> Then go to User Accounts in Control Panel.
> Select the user and change the password.
> If you are using Windows XP Pro and have encrypted data, you may
> permanently lose access to the encrypted data.
>
> Here are other options:
> http://www.wininternals.com/products/repairandrecovery/index.asp
> http://www.sunbelt-software.com/product.cfm?id=265&affid=wxpnews
>
> Another option is to install Windows XP on another partition and take
> Ownership of your data.
> You could also perform another installation on the same partition,
> although this is not a permanent fix and it is recommended to perform
> a Clean Installation after retrieving your data.
>
Thank you all for the responses, and I will be trying each one in order
a.s.a.p. Further information about the hacking is as follows. The laptop
was directly connected to my home PC at the time of the incident so I
could transfer data between the two. Each machine was firewalled with
only one open port available. The PC was connected to the Internet via
ADSL - a non static IP. Both machines run XP Pro, and the home PC dual
boots with a Linux distro. The home PC appears to be unaffected, but a
new file was left on the machine on the XP partition in the form of an
Access db. The hacker sent an email to me from an anonymous Hotmail
account. I´ve examined the logs and the hacker was in and out in about
eight minutes. I assume the hacker was looking for personal records etc
which I don´t keep on machines that connect directly to the Internet for
this very reason. I suppose the password issue on the work laptop was
just a spoiler. The reports I will be writing are related to personell
statistics and of use only internally to the organisation I work for.
Il'l be restoring my home PC from drive images later today as a safety
measure.
Once again thanks for the suggestions and advice.
Gary