Best OS troubleshooting sites?

[wasabi]

I know this is not exactly tractor related, but I've really come to appreciate the knowledge base of TBN. Can anyone recommend good "expert admin" sites for troubleshooting problems with Windows 2000 OS.

Advice appreciated. Thx, Sabi

 

[MJB]

Here is one for Win2k along with NT and XP. There is tons of info there but it might take a while to find exactly what you are after. <A target="_blank" HREF=http://www.jsiinc.com/reghack.htm> JSI Online</A>

 

[gws]

what part of the OS you having problems with.

 

[wasabi]

<font color=blue>what part of the OS you having problems with.</font color=blue>

the whole shootin match! It is a bit of a long story, and embarrasing at that, but here is the cliff notes version:

Recently hooked up new DSL service. Running 2000 Pro. Glanced into the office to see an error message proud of the screen saver: "Virtual Memory Low". Tried to shut down and received "no permission" notice, so I pulled the plug. Logged back in only to find that someone had managed to hack through the router and firewall to set up a new administrator! /w3tcompact/icons/shocked.gif /w3tcompact/icons/mad.gif. In my haste to remedy I inadvertantly deleted my own administrative privledges. Now, when I go to log in, it denies all attempts saying my passwords are invalid! Can't get any access! Boy, does this suck.

 

[RanchMan]

<font color=blue>someone had managed to hack through the router and firewall</font color=blue>

If you don't mind me asking, what firewall software and router were you using?

 

[wasabi]

Router / port combo is lynxis (sp?). Software includes Norton Internet Security 2002 and Pest Patrol. I was thinking about adding zonealarm but have not yet.

 

[looch]

You're going to need another machine, like a friend's or something.

First, is the windows partition NTFS or FAT32? If you don't know, get yourself a boot disk (you'll need one anyway) and use it to boot your machine. If you can read the contents of the C:\, then it's FAT32. If not, it's NTFS and you'll need a utility such as NTFSPRO to read it.

Find a utility called SAMDUMP (do a search on Google). This utility extracts the SAM database from your registry (where all the passwords are stored.)Run it on your machine from the command prompt. Copy the resulting file to a floppy.

On your friend's computer, search for a utility called l0phtcrack - it's a password cracking utility. Install this software on your friend's machine. Copy the SAM database from the floppy to your friend's machine. Run the crack software on the file. It may take 10 minutes, or it may take 3 days, but it will crack the administrator's password.

I realize this method is a bit involved, but it will allow you to keep your system intact.

If it isn't that big a deal and you have all of your original cd's - a reinstall of the OS might actually be faster.

 

[wasabi]

Thanks Paul, you're the man!. I knew someone from TBN would come through. I do know the downed system is Fat32. The other parts should be fairly straightforward as I have other computers to use.

I feel stupid about the mistake, but determined to learn from it....first to recover the system and next to tighten down the hatches...guess I've been guilty of blind complacency...not a good thing with fresh bandwidth lying around, eh?

 

[RanchMan]

<font color=blue>someone had managed to hack through the router and firewall to set up a new administrator!</font color=blue>

Hmmm. /w3tcompact/icons/hmm.gif You said you were using a Linksys router, so NAT should have made your IP address unavailable to a random hacker. Add to that you were running Norton - which has its own firewall and Antivirus (which should have had Auto-Protect going to protect you from trojans via e-mail & such), and I'm really interested as to how someone "hacked" in. Something just doesn't smell right here...

Does anyone else have access to your office? Did someone come out and set up your DSL modem? I'm not saying it is impossible for that a hacker got in, I'm just saying that the combination of NAT, a firewall, and an antivirus program - all running concurrently - should have protected you from the average "joe blow" hacker.

Perhaps you should look in to your router config (i.e. make sure no static IP addresses are set up, default passwords are eliminated, etc. ) along with your Windows/IE & NAV configs (i.e. sharing, proxys, etc.) Probably wouldn't hurt to run a scan on your hard drive just to make sure that nothing "crept in under the radar."

 

[gws]

I really doubt someone hacked your machine. Your own actions of pulling the plug had more to do with the issue than anything else.

In either case your best bet is reload the system if its in that bad a shape.