Admin disabled by malware

Topic

New Reply

So I am going to pick your minds…
I worked on a computer that all the admins were disabled and any admin on the computer but could not do anything in the system /control panel as it would error they did not have permission…has anyone seen that virus/malware/highjackware behavior before….I ultimately reloaded the recovery partition and started fresh so there were no remnants. what software does everyone use for that type of issues?

so how do you restore admin? As the built in admin and running in safemode did not make a difference..is there a registry hack to restore admin rights and use all the users and admins were in administrators group

Reply | Quote

Replies

You can have Users with administrative rights but that is not exactly the same as the Administrator which by default is hidden. It can be activated but should be deactivated after the need for it has been accomplished.
http://www.howtogeek.com/howto/windows-vista/enable-the-hidden-administrator-account-on-windows-vista/

Before you wonder "Am I doing things right," ask "Am I doing the right things?"

Reply | Quote

yep even that did not have any rights…because the actual admin is blocked to a semi standard user you can not access anything in system without the error you do not have access or privileges and so on….and that was the dilemma

Reply | Quote

Maybe Ultimate Windows Tweaker 2 or 3 [Win8 only] can help. Possibly one user acct can reEnable [the hidden] Administrator account, from there, you might be able to fix the other things.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

…I worked on a computer that all the admins were disabled and any admin on the computer but could not do anything in the system /control panel as it would error they did not have permission…

Have cleaned up many customers’ computers that had what sounds like the same problem (access disabled to Task Manager, Control Panel, etc., in fact access to any function that could be used to clean off the infections was disabled).

The method I used was to take the HDD out of the customer’s PC, connect it to one of my workbench PC, then scan the customer’s Windows partition for viruses/malware, etc., to remove any infections.

Alternatively you could try running “offline” scans with AVG’s Rescue CD http://www.avg.com/au-en/download.prd-arl and/or Windows Defender Offline http://windows.microsoft.com/en-AU/windows/what-is-windows-defender-offline, both of which I have used successfully a few times.

Reply | Quote

oh I did all that and removed the virus/malware but the remnants of it disabled even the hidden admin from being able to access the system … it got into the core maybe as a rootkit and anything that says they are admin are no longer…even a new profile with admin rights…ugh….its something she got when she was on facebook….on the side note she also had a user in her computer that I think was able to access her files remotely…..who ever it was is good at coding and used a VPN as I tried to trace. That is part of why I wiped and reloaded….I even cleaned out the bootsector. I am not good enough to figure out how it was done in the registry to block the users admin…and I am sure that they tagged the trusted user account and that is how they were in her system.

Reply | Quote

I would recommend booting up with a Kaspersky Rescue disk http://support.kaspersky.com/viruses/rescuedisk

While the scan take as long or more as the whole hog of Windows Updates depending how much is on the computer, you wouldn’t lose everything that a factory reset would do if you were unable to back up the personal stuff first.

Reply | Quote

lol, I made a working bootable clone of the drive …then reset as she did not have a lot on it and then copied her data from the clone to the drive. I always work on a computer that is bad with an exact replica clone so if there is a program that damages or wipes the data when you try to remove it I still have everything…I had that happen with some highjack ware that when I ran malwarebytes it proceeded to damage the bootsector and encrypt the pictures and documents…. it was a nasty one….

Reply | Quote

http://www.howtogeek.com/96805/how-to-reset-your-windows-password-without-an-install-cd/

The tool described can create a new admin account. It might have been a cure in itself. If you knew that it was a particular Reg entry it can also edit offline registries.

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

http://www.cnet.com/how-to/restore-a-lost-administrator-account-in-vista/

https://web.archive.org/web/20140918153825/http://www.computerworld.com/article/2546075/security0/how-to-access-the-true-administrator-account-in-windows-vista.html

Reply | Quote

Once you’re absolutely sure that every bit of malware is removed, run http://www.tweaking.com/content/page/windows_repair_all_in_one.html. It is best to run it from safe mode with networking. It will want to perform a few checks before it runs its repairs… do that, then when you get to the repair section select the second option (“Reset File Permissions”) as well as all the default choices.

Reply | Quote

TimM is correct about using the Tweaking com utility. You can download it as a portable file so no need to install it. But before I run this for client repair, I use another program to block malware from messing it from running. Go here and get the rkill program, and run it first: http://www.majorgeeks.com/mg/get/rkill,1.html If it shows lots of host files make sure you use tweaking com to fix the hosts file too.

Reply | Quote

have you tried ‘net user administrator /active:yes’ @ a command prompt?

Reply | Quote