administrator user unable to login, suspicious user accounts "sky$", "admin$"
- by mks
I have a Windows 2008 R2 Standard (64 bit) running in a virtual machine. Suddenly from yesterday onwards I am not able to login as administrator. Nobody changed the password. Both in the console as well as using remote desktop I am unable to login. Whenever I login as Administrator I am getting this error:
"The user name or password is incorrect"
Nothing has changed in the machine and I have logged in the past successfully both through console and via remote desktop several time on the same machine.
One strange behaviour I noticed is, I am seeing some additional user accounts if I try to login as other user. The suspicious user account are:
sky$
admin$
SUPPORT_388945a0
Is it created by some malware/virus? Or is it some windows hidden account? Microsoft site says that SUPPORT_388945a0 is:
The Support_388945a0 account enables
Help and Support Service
interoperability with signed scripts.
This account is primarily used to
control access to signed scripts that
are accessible from within Help and
Support Services. Administrators can
use this account to delegate the
ability for an ordinary user, who does
not have administrative access over a
computer, to run signed scripts from
links embedded within Help and Support
Services. These scripts can be
programmed to use the Support_388945a0
account credentials instead of the
user’s credentials to perform specific
administrative operations on the local
computer that otherwise would not be
supported by the ordinary user’s
account. When the delegated user
clicks on a link in Help and Support
Services, the script executes under
the security context of the
Support_388945a0 account. This account
has limited access to the computer and
is disabled by default.
However I am not sure from where this "admin$" and "sky$" came. Anyone has similar experience?
