Hacker chasing me - I'm no longer recognized as administrator

[Debby]

Hi! I guess there must be one hacker who has really been chasing me a lot lately. I've had to use my set of restore disks several times this month, already! This last time, I downloaded Microsoft Security Essentials. But today, I'm not allowed to use it or any other files - with the error message showing of, "you need to get admiinistrator rights in order to use program" - or words to that affect. A few days ago, I set permissions to all files to being just myself and nobody else. That seemed to help for a few days. But now, I guess someone is masquerading as being the administrator of this computer, using my name - that's my guess! So my hands are tied! I guess I'll run the restore disks again today! Maybe I should just use that computer for offline work and never go online with it - would that help avoid attacks on the computer? What's your advice? Thanks!

 

[Paul Black]

Hi Debby,

Hi! I guess there must be one hacker who has really been chasing me a lot lately. I've had to use my set of restore disks several times this month, already! This last time, I downloaded Microsoft Security Essentials. But today, I'm not allowed to use it or any other files - with the error message showing of, "you need to get admiinistrator rights in order to use program" - or words to that affect. A few days ago, I set permissions to all files to being just myself and nobody else. That seemed to help for a few days. But now, I guess someone is masquerading as being the administrator of this computer, using my name - that's my guess! So my hands are tied! I guess I'll run the restore disks again today! Maybe I should just use that computer for offline work and never go online with it - would that help avoid attacks on the computer? What's your advice? Thanks!

I also suggest that you run a full virus scan and Malwarebytes [FREE]!
Are the restore disks that you are using made by you or are they the ones that came with the computer?

I hope this helps!

 

[samuria]

What was the exact message from the security it could just be security asking for permission which is normal if you right click and choose run as admin does it work? changing permissions to your self can brick the pc system needs to have control for windows to work

 

[Debby]

Hi! When I try to send the movie maker video I made to a DVD disk - I get this message: "C:\ is not accessible." Similarly, when I clicked on System Restore as if to run it, I got this message, "Windows cannot access C\Windows\system32\rstrui.exe". When I go to user accounts, it does say I am the administrator. Now, I just clicked on Regedit, and I get the error message, "Windows cannot access C:\Windows\regedit..exe. So as you see, no matter what I try to access, it says I can't access it.

 

[Debby]

And when I right click to check security property settings, the names i see in there are: system; my computer name; and my name as admiinistrator. System permissions are set to "allow". The permissions for my computer name and for my administrator name are both set to "allow". Do I have any wrong settings in here? I had set them all to "allow" recently.

 

[Debby]

I can't find my antivirus, Microsoft security Essentials program, though I have an empty looking shortcut for it. I am not able to get online to download it again. I clicked on it in the downloads, but that did no good. Then I clicked on the not installed program of Malawarebytes in there and it said,"ShellExecuteExfiled, code 12003. The network path was either typed incorrectly, does not exist, or the network provider is not currently available. Please try retyping the path or contact your network administrator." When I click on the microsoft Security Essentials installation icon in the downloads, I get this error message, "Windows cannot taccessC:\Users\Debby\Dowloads\MSEInstalle.exe. Check the spelling of the name. Otherwise there might be a problem with our network. To try to identify and resolve network problems, click Diagnose." And when I clicked on Diagnose, I got this error message, "An error occurred while troubleshooting: " A problem is preventing the troubleshooter from starting."

 

[mrjimphelps]

Go to a known clean computer and create a Windows Defender Offline (WDO) CD.

Go to the following web site:
Access Denied

(Not sure why it says "Access Denied".)

Scroll to the bottom of the screen and click the button which matches your version of Windows (32-bit or 64-bit). Create a WDO disk. Then take that disk to the affected computer and boot with it. This will load WDO, but it won't load Windows. At that point, tell WDO to do a full scan of C:. It will take a while - be patient.

I have had good results with WDO when nothing else would work.

 

[samuria]

When you said you have your self rights on everything how did you do that it sounds as if you have screwed up the whole system. Some permission are complex Windows runs as system and if it's removed or doesn't have full control nothing can work

 

[Debby]

Thanks for explaining! So I won't give permissions to only myself on everything after this! I managed to copy the small movie onto a flash drive, so that's good! Now I can run the restore disks tomorrow if I need to. But I'd like to know how to make the Windows defender CD - good to know of other additional ways to fix problems in the future! I don't know how to make a windows defender disk-I just now tried, but it failed to work or install on the computer that was having this problem.

 

[Golden]

But I'd like to know how to make the Windows defender CD

See:

Windows Defender Offline

 

[file3456]

Microsoft Security Essentials is utter crap and is just a baseline scanner, ditch it, don't use it, and don't trust it. Install something like Bitdefender Free. Now scan you computer with Herdprotect portable and research what it finds. Run Autoruns, go to File and post the ARN file. You'll need to zip it to upload here.

You may also want to scan your computer with a live CD such as Bitdefender Rescue disk.

If you do have malware and it's polymorphic then you more than likely won't find it with a definition-based anti-virus. In this case, backup your stuff, format and reinstall Windows.

Have a gander at Sandboxie for your browser. It's free for the browser, but after around 30 days when you launch Sandboxie it will present you with its license manager making you wait 5 seconds to launch your browser in Sandboxie. Small price to pay for free. I use the free version myself. Sandboxie keeps data in a sandbox environment and doesn't touch your computer unless you recover it. So be mindful at what you allow to be recovered.

Scan all downloads at Virus Total. I can't stress this enough.

Links:

Download Portable herdProtect 1.0.3.9 Beta

Autoruns for Windows - Windows Sysinternals | Microsoft Docs

How to create a Bitdefender Rescue CD

 

[Debby]

Thanks for explaining all of this! I will keep it in mind!

 

[DownhillDruid67]

Hi! When I try to send the movie maker video I made to a DVD disk - I get this message: "C:\ is not accessible." Similarly, when I clicked on System Restore as if to run it, I got this message, "Windows cannot access C\Windows\system32\rstrui.exe". When I go to user accounts, it does say I am the administrator. Now, I just clicked on Regedit, and I get the error message, "Windows cannot access C:\Windows\regedit..exe. So as you see, no matter what I try to access, it says I can't access it.

Hi there,
The part highlighted in bold is a sign of a possible virus infection. You mention in the first post that you tried running a virus scan but couldn't because you weren't an admin. You also mentioned that you were able to take ownership of your files for a short time. Have you tried to take ownership of the C: drive, and then run a virus scan?

 

[Muted]

But today, I'm not allowed to use it or any other files - with the error message showing of, "you need to get admiinistrator rights in order to use program" - or words to that affect.

Do you by chance have the "User Account Control" setting set to the maximum value (highest)? I'm assuming you're also unable to (as a "non-administrator" on an "administrator" account) to even access it (the control panel bit) right now.

My Computer -> Control Panel -> User Accounts -> Change User Account Control Settings

If you're unable to access UAC via the menu: Try running this registry edit in SAFE MODE.
To enter safe mode: During a reboot of the computer: Repeatedly tap F8 during the boot sequence.

The registry edit (file extension is: *.reg):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000

Let me know if that fixed the issue (or is there really another person toying around with a RAT...?)!