Hacker chasing me - I'm no longer recognized as administrator

file3456 · 25 Sep 2018

Microsoft Security Essentials is utter crap and is just a baseline scanner, ditch it, don't use it, and don't trust it. Install something like Bitdefender Free. Now scan you computer with Herdprotect portable and research what it finds. Run Autoruns, go to File and post the ARN file. You'll need to zip it to upload here.

You may also want to scan your computer with a live CD such as Bitdefender Rescue disk.

If you do have malware and it's polymorphic then you more than likely won't find it with a definition-based anti-virus. In this case, backup your stuff, format and reinstall Windows.

Have a gander at Sandboxie for your browser. It's free for the browser, but after around 30 days when you launch Sandboxie it will present you with its license manager making you wait 5 seconds to launch your browser in Sandboxie. Small price to pay for free. I use the free version myself. Sandboxie keeps data in a sandbox environment and doesn't touch your computer unless you recover it. So be mindful at what you allow to be recovered.

Scan all downloads at Virus Total. I can't stress this enough.

Links:

Download Portable herdProtect 1.0.3.9 Beta

Autoruns for Windows - Windows Sysinternals | Microsoft Docs

How to create a Bitdefender Rescue CD

Debby · 29 Jan 2019

Thanks for explaining all of this! I will keep it in mind!

DownhillDruid67 · 24 Feb 2019

Debby said:

Hi! When I try to send the movie maker video I made to a DVD disk - I get this message: "C:\ is not accessible." Similarly, when I clicked on System Restore as if to run it, I got this message, "Windows cannot access C\Windows\system32\rstrui.exe". When I go to user accounts, it does say I am the administrator. Now, I just clicked on Regedit, and I get the error message, "Windows cannot access C:\Windows\regedit..exe. So as you see, no matter what I try to access, it says I can't access it.

Hi there,
The part highlighted in bold is a sign of a possible virus infection. You mention in the first post that you tried running a virus scan but couldn't because you weren't an admin. You also mentioned that you were able to take ownership of your files for a short time. Have you tried to take ownership of the C: drive, and then run a virus scan?

Muted · 04 Mar 2019

Debby said:

But today, I'm not allowed to use it or any other files - with the error message showing of, "you need to get admiinistrator rights in order to use program" - or words to that affect.

Do you by chance have the "User Account Control" setting set to the maximum value (highest)? I'm assuming you're also unable to (as a "non-administrator" on an "administrator" account) to even access it (the control panel bit) right now.

My Computer -> Control Panel -> User Accounts -> Change User Account Control Settings

If you're unable to access UAC via the menu: Try running this registry edit in SAFE MODE.
To enter safe mode: During a reboot of the computer: Repeatedly tap F8 during the boot sequence.

The registry edit (file extension is: *.reg):

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000

Let me know if that fixed the issue (or is there really another person toying around with a RAT...?)!