virus (?) has corrupted admin PW & system registry

anonymous_at_discussions.microsoft.com
Date: 12/28/03 

Date: Sun, 28 Dec 2003 00:01:10 -0800

PS -- forgot to add one other conspicuous item. When I
originally checked the windows\system32\config directory,
all the files had dates of "12-26-35" -- the day was
right, but the year was (obviously) way off. Not sure if
this will "ring a bell" for anyone...

Thx again for any and all help,

RF
>-----Original Message-----
>My wife was using my laptop to surf the web (my first
>problem), and she later told me "oh something's wrong
>with the computer, I don't know what I did..."
>
>When I tried to start it up, the system got just past
the
>XP Home splash screen and up popped the strange error
>message: "Unable to start: system is unable to start
>because the following file is missing or corrupted:
>c:\windows\system32\config\system" -- and here it stayed
>until I did a hard reboot.
>
>So, I grabbed my trusty XP boot floppy, booted to the A:
>drive, then checked out the system32\config directory.
>The system file was not there. So I copied the one from
>windows\repair to windows\system32\config, and tried to
>reboot. Again, same error message. When I again booted
>from the XP boot floppy, the entire windows\system32
>\config directory was gone... in it's place was a single
>file called config (!)
>
>Now totally befuddled, I made a temp directory in
>windows\system32 and copied this new config file into
it,
>then deleted the windows\system32\config file. I then
>made a new directory called config in the
>windows\system32 directory, and in it copied all the
>necessary files from the windows\repair directory (sam,
>software, security, default, system).
>
>When I removed the floppy and rebooted, I got another
>error message at about the same point as the other
>one: "lsass.exe -- System Error: when trying to update a
>password, the return status indicates the value provided
>as the current password is not correct." The system
then
>resets itself, and this loop continues indefinitely.
>
>I then tried using my XP install CD to repair the system
>using the Recovery Console, but it will not accept the
>Admin account password that I had previously set. I
>subsequently tried using a utility called chntpw to
reset
>all the user account passwords, but still got the same
>error message upon subsequent reboots.
>
>So, can anyone tell me how to completely reset the admin
>password by editing the registry? Keep in mind that I
>can only boot the machine to command line using my XP
>boot floppy or the chntpw bootable cd... Or has anyone
>heard of a virus that causes such behavior (could not
>find anything on Network Assoc. or McAfee websites)?
>
>Any and all help is most appreciated.
>
>Richard
>
>.
>