Results 1 to 13 of 13
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Westport, WA
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Admin disabled by malware

    So I am going to pick your minds...
    I worked on a computer that all the admins were disabled and any admin on the computer but could not do anything in the system /control panel as it would error they did not have permission...has anyone seen that virus/malware/highjackware behavior before....I ultimately reloaded the recovery partition and started fresh so there were no remnants. what software does everyone use for that type of issues?

    so how do you restore admin? As the built in admin and running in safemode did not make a difference..is there a registry hack to restore admin rights and use all the users and admins were in administrators group

  2. #2
    Silver Lounger
    Join Date
    Mar 2014
    Location
    Forever West
    Posts
    2,072
    Thanks
    0
    Thanked 259 Times in 248 Posts
    You can have Users with administrative rights but that is not exactly the same as the Administrator which by default is hidden. It can be activated but should be deactivated after the need for it has been accomplished.
    http://www.howtogeek.com/howto/windo...windows-vista/

  3. The Following User Says Thank You to Berton For This Useful Post:

    Fascist Nation (2015-05-10)

  4. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Westport, WA
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    yep even that did not have any rights...because the actual admin is blocked to a semi standard user you can not access anything in system without the error you do not have access or privileges and so on....and that was the dilemma

  5. #4
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,729
    Thanks
    95
    Thanked 128 Times in 125 Posts
    Maybe Ultimate Windows Tweaker 2 or 3 [Win8 only] can help. Possibly one user acct can reEnable [the hidden] Administrator account, from there, you might be able to fix the other things.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  6. #5
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,154
    Thanks
    31
    Thanked 306 Times in 266 Posts
    Quote Originally Posted by firewolfrl View Post
    ...I worked on a computer that all the admins were disabled and any admin on the computer but could not do anything in the system /control panel as it would error they did not have permission...
    Have cleaned up many customers' computers that had what sounds like the same problem (access disabled to Task Manager, Control Panel, etc., in fact access to any function that could be used to clean off the infections was disabled).

    The method I used was to take the HDD out of the customer's PC, connect it to one of my workbench PC, then scan the customer's Windows partition for viruses/malware, etc., to remove any infections.

    Alternatively you could try running "offline" scans with AVG's Rescue CD http://www.avg.com/au-en/download.prd-arl and/or Windows Defender Offline http://windows.microsoft.com/en-AU/w...fender-offline, both of which I have used successfully a few times.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  7. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    Westport, WA
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    oh I did all that and removed the virus/malware but the remnants of it disabled even the hidden admin from being able to access the system ... it got into the core maybe as a rootkit and anything that says they are admin are no longer...even a new profile with admin rights...ugh....its something she got when she was on facebook....on the side note she also had a user in her computer that I think was able to access her files remotely.....who ever it was is good at coding and used a VPN as I tried to trace. That is part of why I wiped and reloaded....I even cleaned out the bootsector. I am not good enough to figure out how it was done in the registry to block the users admin...and I am sure that they tagged the trusted user account and that is how they were in her system.

  8. #7
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,618
    Thanks
    147
    Thanked 875 Times in 837 Posts
    I would recommend booting up with a Kaspersky Rescue disk http://support.kaspersky.com/viruses/rescuedisk

    While the scan take as long or more as the whole hog of Windows Updates depending how much is on the computer, you wouldn't lose everything that a factory reset would do if you were unable to back up the personal stuff first.
    Last edited by Sudo15; 2015-05-08 at 11:11.

  9. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Westport, WA
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    lol, I made a working bootable clone of the drive ...then reset as she did not have a lot on it and then copied her data from the clone to the drive. I always work on a computer that is bad with an exact replica clone so if there is a program that damages or wipes the data when you try to remove it I still have everything...I had that happen with some highjack ware that when I ran malwarebytes it proceeded to damage the bootsector and encrypt the pictures and documents.... it was a nasty one....

  10. #9
    Silver Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    2,373
    Thanks
    235
    Thanked 147 Times in 136 Posts
    http://www.howtogeek.com/96805/how-t...an-install-cd/

    The tool described can create a new admin account. It might have been a cure in itself. If you knew that it was a particular Reg entry it can also edit offline registries.


    David

    Just because you don't know where you are going doesn't mean any road will get you there.

  11. #10
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts

  12. #11
    New Lounger
    Join Date
    Feb 2010
    Location
    Melbourne, Victoria, Australia
    Posts
    20
    Thanks
    0
    Thanked 5 Times in 5 Posts
    Once you're absolutely sure that every bit of malware is removed, run http://www.tweaking.com/content/page...ll_in_one.html. It is best to run it from safe mode with networking. It will want to perform a few checks before it runs its repairs... do that, then when you get to the repair section select the second option ("Reset File Permissions") as well as all the default choices.

  13. The Following User Says Thank You to TimM For This Useful Post:

    Jerry Rhino (2015-05-14)

  14. #12
    New Lounger
    Join Date
    Dec 2009
    Location
    Portland, Oregon
    Posts
    21
    Thanks
    1
    Thanked 3 Times in 3 Posts
    TimM is correct about using the Tweaking com utility. You can download it as a portable file so no need to install it. But before I run this for client repair, I use another program to block malware from messing it from running. Go here and get the rkill program, and run it first: http://www.majorgeeks.com/mg/get/rkill,1.html If it shows lots of host files make sure you use tweaking com to fix the hosts file too.

  15. #13
    Star Lounger Wiley's Avatar
    Join Date
    Mar 2013
    Location
    St. Louis, MO
    Posts
    72
    Thanks
    1
    Thanked 8 Times in 8 Posts
    have you tried 'net user administrator /active:yes' @ a command prompt?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •