Virus preventing users from logging in?

Over the weekend our anti-virus began sending out alerts about blocked web traffic, This morning when I came in I looked at the computer, when I got to his desk the user was trying and failing to login. Having locked out his account with so many failed attempts I used my credentials to login and was told my username and password was incorrect (I verified multiple times I hadn't miss typed anything). I went back to my desk and used RDP to connect and login. Ran multiple virus scans and cleaned around 50 viruses. I am still unable to login using correct credentials. Are the login issues related to the amount of viruses or are they just coincidentally. 
This topic first appeared in the Spiceworks Community

I have a userwho recently got a new windows 7PC and was wondering if its possible to transfer the saved password off their old windows 7PC.I having searching and used easy transfer a few reg edits as well as the following:http://backsettings.com/internet-explorer-backup.htmlhttp://www.nirsoft.net/utils/internet_explorer_password.htmlhttp://mozbackup.jasnapaka.com/http://www.nirsoft.net/utils/pspv.htmlI have nosuccess. Although I am aware that usersneed to know their passwords and notbe relying on Internet Explorer to remember it for them. This user is the owner of the company and I told him I would explore every option.

Similar Messages

  • Having problem with svchost.exe/ntdll.dll errors causing GPSVC (Group Policy Client) to crash preventing users from logging into the server.

    Recently (within the past 2 weeks) I have noticed a few of our servers will have problems with the svchost.exe application causing the GPSVC (Group Policy Client) to crash. The only fix at that point is to reboot the server since the GPSVC service is tied
    to svchost.exe and therefore is protected from being manually restarted.
    I noticed the following errors when this occurs:
    Log Name:      Application
    Source:        Application Error
    Date:          7/23/2013 4:35:26 AM
    Event ID:      1000
    Task Category: (100)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      Server1.xxx.xxx.net
    Description:
    Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
    Exception code: 0xc0000024
    Fault offset: 0x00000000000cd7d8
    Faulting process id: 0x46c
    Faulting application start time: 0x01ce877f9476ac07
    Faulting application path: C:\Windows\system32\svchost.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: d252d26d-f372-11e2-8ad4-005056ac00e8
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Application Error" />
        <EventID Qualifiers="0">1000</EventID>
        <Level>2</Level>
        <Task>100</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-23T08:35:26.000000000Z" />
        <EventRecordID>158950</EventRecordID>
        <Channel>Application</Channel>
        <Computer>AAW19XM2.agency.nwie.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data>svchost.exe</Data>
        <Data>6.1.7600.16385</Data>
        <Data>4a5bc3c1</Data>
        <Data>ntdll.dll</Data>
        <Data>6.1.7601.17725</Data>
        <Data>4ec4aa8e</Data>
        <Data>c0000024</Data>
        <Data>00000000000cd7d8</Data>
        <Data>46c</Data>
        <Data>01ce877f9476ac07</Data>
        <Data>C:\Windows\system32\svchost.exe</Data>
        <Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
        <Data>d252d26d-f372-11e2-8ad4-005056ac00e8</Data>
      </EventData>
    </Event>
    All of our servers are running Server 2008 R2 Enterprise where we use Citrix to deliver desktop sessions to our users, but some are virtual and some are physical. This seemingly impacts our virtual machines more, and our VMs are hosted through VMWare, however,
    about 5 months ago a similar error fired on a non-virtual machine:
    Log Name:      Application
    Source:        Application Error
    Date:          2/27/2013 6:57:58 AM
    Event ID:      1000
    Task Category: (100)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      AAW29033
    Description:
    Faulting application name: svchost.exe_gpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
    Exception code: 0xc0000024
    Fault offset: 0x00000000000cd7d8
    Faulting process id: 0x6c0
    Faulting application start time: 0x01ce14e1af313fd9
    Faulting application path: C:\Windows\system32\svchost.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: ed3d01c4-80d4-11e2-9128-b499baa9e5e8
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Application Error" />
        <EventID Qualifiers="0">1000</EventID>
        <Level>2</Level>
        <Task>100</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-02-27T11:57:58.000000000Z" />
        <EventRecordID>286291</EventRecordID>
        <Channel>Application</Channel>
        <Computer>AAW29033</Computer>
        <Security />
      </System>
      <EventData>
        <Data>svchost.exe_gpsvc</Data>
        <Data>6.1.7600.16385</Data>
        <Data>4a5bc3c1</Data>
        <Data>ntdll.dll</Data>
        <Data>6.1.7601.17725</Data>
        <Data>4ec4aa8e</Data>
        <Data>c0000024</Data>
        <Data>00000000000cd7d8</Data>
        <Data>6c0</Data>
        <Data>01ce14e1af313fd9</Data>
        <Data>C:\Windows\system32\svchost.exe</Data>
        <Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
        <Data>ed3d01c4-80d4-11e2-9128-b499baa9e5e8</Data>
      </EventData>
    </Event>
    I've searched and cannot seem to find any information as to what may be causing this, or even really where to start. Would someone be able to help me identify what might be causing this event, specific with the Exception code: 0xc0000024, which causes
    the Group Policy Client service to stop?

    You still out there looking at things? If so I have an update. The issue hasn't stopped, even though it did seemingly die down for awhile, however, it is now back with a vengeance.
    I am able to force it to happen by killing the svchost process that is hosting GPSVC. If I run gpupdate /force, then logout/login it does get GPSVC running again. Furthermore, if I simply start svchost again via the Task Manager GPSVC starts running again.
    When I access the server remotely with KVM it acts just like it does as if I'm logging into it via Citrix/RDP which for Admin IDs gives an error saying "Failed to connect to a windows service. Windows could not connect to the Group Policy Client service...",
    however, normal user accounts just get a message when logging into the server "The Group Policy Client Service Failed the Logon. Access is denied."
    I haven't opened a case with Microsoft yet, but we about ready to because of the increase in these errors.
    If you have any further suggestions that would be great, otherwise I'll provide an update once I get word back from Microsoft.
    **EDIT -- apparently I mistook the the server's SCM's actions as my own. I was able to successfully crash the GPSVC service by killing the hosting svchost process, however, after I crashed it and let it sit crashed for awhile when I attempted
    to restart either by starting a svchost task, or running gpupdate /force it failed. Either that, or there is a timing issue where if we don't restart the svchost process, or run gpupdate /force quickly enough it won't be able to recover without a reboot.

  • How do I prevent users from logging into my machine in single user mode?

    I established an standard accounts for my family.  My son figured out that if he logs into the machine in Single User mode that he logs in as the root user.  He then proceeded to create another user with administrative privileges and change his account to administrator then delete the other account.  Funny thing about this is that as much as OS X is secure from outside threats a simple command-s gets you right into the very heart of the machine......

    You can set a firmware password. The firmware password only allows you to start up in normal mode, so if you try to start in single-mode user or safe mode, your Mac will ask you for a password.
    The process to turn it on depends on the OS X version you have. Open  > About this Mac, check the Mac OS X version and follow the steps depending on your OS X version.
    If you have 10.7 or 10.8:
    1. Hold Command and R keys while your Mac is starting up.
    2. After starting up into OS X Utilities, go to Utilities menu (on the menu bar) > Firmware Password Utility, and enable the firmware password.
    3. Restart the Mac.
    If you have 10.6 or older:
    1. Insert the Mac OS X disc and hold the C key while your Mac is starting up.
    2. Choose your language, go to Utilities menu (on the menu bar) > Firmware Password Utility, and enable the firmware password.
    3. Restart the Mac.
    Also, this will protect your Mac against thieves because they won't be able to erase the hard drive without knowing the firmware password. Don't forget the password, because only Apple can reset it if you don't know this password

  • Mail is preventing me from logging out - Help!

    Hello,
    Mail is preventing me from logging out.  I freqently have to force quit, any ideas on what is wrong and how to fix?

    If you're sharing the computer with your husband and you have separate accounts, you should open the Users & Groups preference pane, click the lock icon to unlock the settings, then click Login Options and check the box marked Show fast user switching menu... That will relieve the need for either of you to log out whenever the other wants to use the computer. Just select your user name from the menu next to the Spotlight (magnifying glass) icon on the right side of the menu bar.
    As for the Mail problem, try the procedure below first.
    Back up all data.
    1. Triple-click the line below to select it:
    ~/Library/Mail/Bundles
    Right-click or control-click the highlighted line and select
    Services ▹ Open
    from the contextual menu. A folder may open, or you may get an error message that the item can't be found. Either result is normal. If the folder does open and has contents, move the contents to the Desktop. Relaunch Mail and test. If there's no change, put the contents of the folder back and quit Mail again.
    2. Repeat with this line:
    /Library/Mail/Bundles
    This time you may be prompted for your login password when you remove the items. Make sure they're removed from the folder and not just copied to the Desktop. If necessary, copy them first and then move the originals to the Trash.

  • Prevent user from closing the applications

    Hello,
    we would like to deploy to our users web application using Internet Explorer which is published over RemoteApps. Because this application takes long time to load we would like to prevent user from closing application. So we would like that session and application
    stays opened when the user clicks on close button on Internet Explorer that is published over RemoteApps.
    In other words, we would like to disconnect client from RemoteApp session, but stay logged in and keep the application running in the background.
    Is this possible to do?
    Thank you!
    Best wishes,
    Marko

    Hello,
    thank you all for your answer. I guess this is not a good news. Any other idea how to solve this problem - to start Internet Explorer web application as soon as possible.
    Last week I have found a VB script on one forum that would close the RemoteApp Windows without closing the appliaction on server but I can't find it today. Does anybody know something about this script?
    Thank you!
    Best wishes,
    Marko

  • How to prevent users from running PRC: Transaction Import from WebADI form?

    Hi,
    We are 12.1.3 and trying to create a workflow to approve Project transactions coming through web ADI before they become effective. To this end, we want to prevent users from running the PRC: Transaction Import from the Web ADI.
    I know that if the checkbox Automatically run transaction import is not checked, the program does not run. But we want to hide this checkbox and not allow the possibility that the program could get triggered.
    To this end, we updated the BNE_INTEGRATORS_B with source='C'. This allows you to edit the integrator from Desktop Integration Manager.
    UPDATE BNE_INTEGRATORS_B SET SOURCE ='C' WHERE  INTEGRATOR_CODE ='PAXTTRXB'
    In the 4th step, where the value for Uploader Parameters is set, we have set boolean value to No. These are the fields on the page:
    Parameter Name: bne:import
    Display Name: Start Transaction Upload
    Data Type: Boolean
    Category: Field
    Default Value: Boolean Flag: No
    Description: start Transaction Import Concurrent Request
    Display Options: Displayed: Unchecked
    Display Options: Enabled: Checked
    Display Options: Required: Checked
    Prompt Left: Automatically submit Transaction import
    Display Type: Check Box
    Maximun Size: 100
    Display Size:100
    Now the checkbox is not appearing for the user to check it, But the program is automatically running when you hit Upload in the WebADI. 

    Hi ,
    Try removing the PRC: Transaction Import Program from the request group for the responsibility used by customers to submit the WebADI and then check if the program launches.
    Regards,
    Raghavan

  • Hi All, We are in to Release 11.5.10.2.There is a specific requirement to Prevent users from creating Manual Sales Orders in oracle and yet users should be able to book the Sales Orders Imported from CRM system into Orcale.Please advise.

    Hi All, We are in to Release 11.5.10.2.There is a specific requirement to Prevent users from creating Manual Sales Orders in Oracle and  yet users should be able to book the Sales Orders Imported from CRM system into Orcale.Please advise.

    Thanks for your advise.
    However, I missed to mention that we have two set of users  One is for Finished Goods and another for Spares.
    Only Spares users need to be prevented from creating Direct/Manual Sales Orders in Oracle.
    As you suggested, if this will be done at Form level, that may Disallow FG users also to create Manula Sales Orders which should not be the case.
    Further, I tried to test one scenario through Processing Constraints but it did not work.
    Application
    OM
    Validation Type
    Entity
    Temp
    Short Name
    TBL
    Validation Semantics
    Created By
    Equal To
    User(Myself)
    Processing Cosntraint
    Application
    OM
    Entity
    Order Header
    Constraint
    Operation
    User Action
    Create
    Not Allowed
    Conditions
    Group
    Scope
    Validation Entity
    Record Set
    Validation Template
    101
    Any
    Order Header
    Order
    Above Created
    Please advise.

  • How do I prevent users from being able to update Firmware

    I have several users (14) with iPad 2 and they rely on an in-house developed App. we have yet to test this App on iOS 5.1 and therefore want to avoid any of the users updating the iPads at all cost!
    this question is in two parts:
    How can I prevent users from upgrading firmware themselves short of just asking nicely?
    How can I stop the iPad from automatically downloading the Upgrade when I deploy a Policy using the iPhone Configuration Utility?
    Any advice would be great!

    We've been looking at the AirWatch mdm and have been told it has this capability.  Not sure if it would be justified from an economic standpoint for you, however. 

  • Is there any way to prevent users from ship confirming on a particular date?

    Hello All,
    We have a requirement to prevent users from ship confirming on a particular date. This is due to they are performing Annual Physical Inventory.
    Is it possible to restrict users performing shipping transactions on this particular date?
    I have tried adding exception to the existing Calendar set at org level and there is no customer specific Calendar defined, however it is still allowing me to perform ship confirm.
    Please let me know if you have any suggestion on this requirement.
    Thanks

    Hi,
    Yes is Possible.
    You can add An Exception in Your Shipping Calender.
    So when Some one tries to ship an Order on that date Oracle will automatically select Next possible date.
    Thanks
    Shameer

  • How to prevent users from saving and emailing intranet documents externally

    Someone in our company needs to upload a pdf to our sharepoint intranet site for internal-only use. How can I prevent users from downloading it and emailing it externally?
    I mean, a user could screenshot it I guess, but I need to give management a due diligence answer.

    You would need to look into a reverse proxy/firewall that had the ability to block access based on content. This isn't something you can accomplish out of the box with SharePoint (even with AD RMS).
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • How can SAP be configured to prevent users from consuming locks?

    How can SAP be configured to prevent users from consuming locks?
    The issue is that we want to prevent users to use upto maximum locks and so that we will not get lock table overflow issue. I know that we can assign parameter "enque/table_size" a good amount of value. But it is not for any specific user.
    Also want to alert in CCMS if any user reaches to its maximum speficified limit of locks.
    Thanks
    Gopesh

    You cannot set a limit of locks per user. There are two ways to reduce/control the number of locks:
    - change fewer records within one transaction
    - cover more records with one lock using wildcards
    Basically it is an application / development issue.
    Best regards, Michael

  • To prevent user from droping any object from a sepacific schema

    Dear User
    I have a database user like "aaa" in oracle 7.3.4.0.1 database.i do not want user "aaa" to drop his own schema objects like table and any other objects that he is owner.Do i have any system privilege to stop this user from doing so.User should be able to create objects and modify object but not to drop any object.For this purpose i have created a database trigger at database level to stop user "aaa" for doing above action.this trigger is giving me error on creation in oracle 7.3.4.0.1 .But when i tried same trigger in oracle 8i and 9i it work well.In oracle 8i and 9i it is preventing user from droping his own objects but i get other errors also along with raised error in trigger which i want to stop .The error which i am raising in trigger is
    ORA-20001 INVALID COMMAND BUT OTHER TWO ERRORS THAT R RAISED AUTOMATICALLY ARE
    ORA-00604 ERROR OCCURED AT RECURSIVE SQL LEVEL 1
    AND
    ORA-06512 AT LINE 8
    I WANT TO STOP THESE TWO ERRORS .
    PLZ HELP ME IN THIS REGARD AS SOON AS POSSBILE .
    Thank u.

    Given that you have not posted your code it is very difficult to know why you are getting these errors.
    Howver, I can take a guess. If I were trying to implement this functionality I would build a database event trigger that fired whenever a DROP command was issued and cause that command to fail. If this is the approach you've taken I think you are out of luck, as I belive DDL triggers were introduced in Oracle 8.
    Mind you, it's been a long time since I worked on Oracle7, so I might be wrong. In which case post your code, don't make me guess again.
    Cheers, APC

  • To prevent user from droping his own object .

    Dear User
    I have a database user like "aaa" in oracle 7.3.4.0.1 database.i do not want user "aaa" to drop his own schema objects like table and any other objects that he is owner.Do i have any system privilege to stop this user from doing so.User should be able to create objects and modify object but not to drop his own objects.For this purpose i have created a database trigger at database level to stop user "aaa" for doing above action.this trigger is giving me error on creation in oracle 7.3.4.0.1 .But when i tried same trigger in oracle 8i and 9i it work well.In oracle 8i and 9i it is preventing user from droping his own objects but i get other errors also along with raised error in trigger which i want to stop .The error which i am raising in trigger is
    ORA-20001 INVALID COMMAND BUT OTHER TWO ERRORS THAT R RAISED AUTOMATICALLY ARE
    ORA-00604 ERROR OCCURED AT RECURSIVE SQL LEVEL 1
    AND
    ORA-06512 AT LINE 8
    I WANT TO STOP THESE TWO ERRORS .
    PLZ HELP ME IN THIS REGARD AS SOON AS POSSBILE .
    plz tell me is there any system privilege to stop user from droping his own object or any other way along with trigger at database level.
    Thank u.

    Hi
    DBAs can use PRODUCT_USER_PROFILE (in system schema) to disable certain SQL and SQL*Plus commands in the SQL*Plus environment on a per-user basis. SQL*Plus, not Oracle, enforces this security. DBAs can even restrict access to the GRANT, REVOKE, and SET ROLE commands in order to control users' ability to change their database privileges.
    The PRODUCT_USER_PROFILE table enables you to list roles which you do not want users to activate with an application. You can also explicitly disable use of various commands, such as SET ROLE. For example, you could create an entry in the PRODUCT_USER_PROFILE table to:
    read more about this at
    http://download-west.oracle.com/docs/cd/B10501_01/server.920/a90842/ch10.htm#1005648

  • CE10 how to prevent user from view hostrical instance

    hi,
    We are currently using CE10. One of our user used search functionality in enterprise to search for reports start with 'employee' and it came  back with all the crystal reports on the server that  started with employees, even the one the user doesn't have access to.  My greatest concern about this is that users can view historical instance and it is sensitive data.  Does anybody know whether or not this is a bug in CE10?  Is there a patch/fix for this?  Is there any configuration change that I can make to
    prevent users from being able search all the reports on the server rather just their own reports?  Any help is greatly appreciated.
    Regards,
    Susan

    hi,
    I have an EVERYONE group with limited access(view object), and EVERYONE group is added to each folder with NO ACCESS.  If I revoke view object(explicitly denied) privilege from EVERYONE group, do I still need to remove EVERYONE group from each folder?  When I'm at folder level in CMC, I see EVERYONE GROUP added, but when I tried to remove the EVERYONE GROUP, the EVERYONE group is not an option for removal.  What am I missing?
    Thanks for your help!
    Regards,
    Susan Johnson

  • How to prevent user from creating jobs

    Hi,
    we need to prevent user from creating jobs on a dev enviorement. It's a 10.2.0.4 database standard on linux 64bits.
    Their schema has only connect and resource roles. Is there a way to prevent them from creating jobs? In 11g it's the CREATE JOB permission, but in 10g i'm not sure how can i do this.
    Thanks for any ideas!

    On 10g it's probably the CREATE JOB as well.
    http://www.oracle.com/pls/db102/homepage
    Alternatively you could:
    alter system set job_queue_processes=0
    http://download.oracle.com/docs/cd/B19306_01/server.102/b14237/initparams089.htm#REFRN10077

Maybe you are looking for