Vista Admin User Account Hijacked

Hi Geeks,
One day I was the only Admin on my HP Vista Home Premium Desktop. The next day, by the end of the day, I realized a Hidden Malware Admin had hijacked my Admin account, made itself the admin of my PC and changed or disabled all my HW and SW permissions.

In normal startup mode, I can not download, run, install, delete or print. IE is totally gone or hidden. I can not install any hardware including putting my printer back. Message says only your PCs admin can install hardware or a printer. You do not have permission to do this. Contact your PCs administrator.
I can not delete any Windows programs, including Windows Live Care. I made a Panda Linux Dos Safe CD Boot Disk on a different CD and in a 4 hour scan, Panda could not find any known virus, trojans, or malware. I did install a couple of DOS programs from the Vista DOS windows, but they would not run. Since the malware blocks all runs, and most installs.

Only thing still working on this HP Desktop is Firefox. I can websurf and send and recieve emails.
I went through the steps in Malware Removal Guide. I also used a paid remote Virus and Malware Removal Service. They spent 8 hours doing all the steps in your Malware Removal Guide including Malwarebytes, Combo Fix, PC Tools Pro and many other kinds of scanning software.

I found out yesterday that I can do certain things in Safe Mode with Network Support. Can download, run and install, certain programs. Can uninstall and delete some things, malware still locks a lot of things in Safe Mode. Still can not delete or uninstall Windows Live Care, which could be where the malware is hiding.

Do not know the name of the hidden malware admin. But I do know the names of some of the child users it added to program propteries boxes. Added ones called System, TexMex1, and INTERACTIVE. They all have a hidden parent.
I can not turn off UAC or change programs permissions.

Most of the control panel is disabled. And you get blank screens when calling up Network, Security Center, System Restore gone, no Printers, only User Account showing anywhere is my original Vista Admin which is password protected. And used to allow me Full Control over all HW and SW.
Any ideas. I will put together troubleshooting logs tomorrow and post them. I am not sure how many the Remote Repair Techs made and where they put them. One tech quessed maybe one of the new hijacK IE even when you do not have the browser open somehow hijacked my Vista Admin User Account and made itself a hidden admin. The Remote Techs will try again tonight to find the hidden Admin.

I do not know how to check boot files, or how to do user account reg changes.
Can one simply wipe all user accounts on Vista and wipe all User Account settings in the Registry. Anyone ever made or heard of any kind of Vista User Account Removal Tools?

Thanks for any help. Thought I would research the problem more myself, before I sit in front of the tube and watch what the Remote Repair Techs try. And meanwhile want to give you troubleshooting experts a crack at what appears to be some new kind of malware. Panda said they are trying to figure out how to fix malware user account and permission changes. Since it is the newest malware.

Happy PCs
MidiVox

 

Hi All, Kes
Working on getting the logs together. Although they all just say did not find any inflected files. I can only access the logs in safe mode, since in normal mode the malware admin will not allow any kind of security or anti virus or malware finder or PC Tune Up, etc programs to run.
When I am in safe mode later today, will see if I can attach some logs.
I also am going to try to install a new anti virus today in safe mode. I will see if the Panda Internet Security install disc will run in Safe Mode. Since Safe Mode allows me to install and run anti spyware, malwarebytes, and other troubleshooting programs.
Still no system restore, network displays, printers or any other missing Control Panel stuff in Safe Mode. I tried to install Microsoft Security Essentials last night from a USB Flash Drive in Safe Mode, but got a pop up saying, this software can only be installed in normal bootup mode.
I also checked a book out of the public library on how to do registry edits to fix Vista Problems. Windows Vista Annoyances by David A Karp, so I am reading the sections on how to change UAC, permissions, etc by editing the registry. Delete locked files and other problems that can be caused by virus and malware problems.
Get back with some logs later today.
Thanks, MidiVox

 

Re: Vista Admin User Account Hijacked My Logs

Hi Everyone,
Here are some logs. Malwarebytes and Free Fixer.
More to come.
Thanks
MidiVox

 

Hi Everyone,
Super Anti Spyware will not install and run in Safe Mode. It did however install a lot of junkware and toolbars even when I told it not too. So I deleted what parts of it that downloaded and installed.
Instead I had to use Spyware Terminator. Which did not install or download any extra junk toolbars or add ons.
Here is that report. I can not find the combo fix log.
Thanks MidiVox

 

Re: Vista Admin Hijack. Run Scanner Log File

Hi All,
I got this program off a Linux Dos Rescue DVD. This program Run Scanner installed and ran in Safe Mode. Attached is the log file from just a couple of minutes ago. I am calling it a night now.
Thanks again for the help. Any software you think would be helpful and download and install in Safe Mode, let me know.
MidiVox

 

Hi Everyone,
As I have explained I did whatever parts of the malware removal guide that I could do in Safe Mode and Remote Techs basicly followed your guide also for almost 8 hours. I do not have any known virus, trojans, or malware that scanning software can ID.

So I sent you whatever scans I could get to run in Safe Mode. And am providing any other troubleshooting information I believe would be helpful.
Most free download programs today come with partner freebies they want you to download and install also. The full version of Super Anti Spyware comes with a couple of toolbars which simply locked my PC even in Safe Mode. When I tried to run Super Anti Spyware it would not run. Maybe that is why the remote repair service did not use it, but used Spyware Terminator instead?

Maybe you need to a seperate guite add on for PCs that can only download, run, and install programs in Safe Mode, and have new kinds of malware, that current scanning software can not ID.

Ok, I will try Super Anti Spyware Portable later today and post its scan if I can get it to download, install and run.
Thanks, MidiVox

 

Hi All,
Ok, if you can only help those who can download, install, and run a few specific programs in normal bootup mode, you should state that right at the beginning of your guide. I can go to forums that are willing to help anyone solve their problems. Especially new malware problems.
I tried Super Anti Spyware Portable. Awful buggy program. I did a quick scan, then let it quarantine the cookies it could not ID. Almost entirely Flash Cookies. I unchecked 4 cookies that one of my software programs uses to work. It erased those cookies entirely, and then when I restarted the PC which it asked me to do, the Portable version of Super Anti Spyware erased itself from the PC entirely. Including all the Flash Cookies it said it was quarantining.
This is not a friendly and helpful forum. Its not my fault that your malware removal guide does not work on my PC. Obviously you designed it only for PCs that boot normally and can download, run, and install specific software that can ID already known malware.
Thats fine. Since all the remote repair techs I contacted all do the same thing. Use your guide or some variation of it to scan and ID already known malware, trojans and viruses.
All I can do is report what my Vista Desktop will and will not do. Wishing it would boot in normal mode and then allow downloads, installing and running software is not going to happen just because your forum is only designed for PCs that are working normally.
Back to the remote techs. They are willing and happy to try to solve totally new kinds of malware, since that is how they make a living. They do not pretend to help PC users and then attack them personally for simply posting what their PC problems are.
Happy Weekend
MidiVox

 

Re: Vista Admin User Account Hijacked ComboFix Log

Hello All,
Found the Combo Fix Log.
Happy Weekend
MidiVox

 

Hi Everyone
I had 2 different Remote Repair Techs today. One did Scandisk, Checkdisk, and Checkdisk slash F. He told me he has never failed once to fix a PC with any kind of malware, trojan or virus. That is nice to hear. I believed him.

After I got back from being out of town I had a different tech. He did a bunch of things then downloaded Vista SP1 version and had me burn a Vista Boot disc. He wanted to try to run a repair install, but then the problem was the DVD Drive does not work in Safe Mode and in normal mode the malware admin took away all my install and run software rights.

I told the new tech all I want is help in getting my full permissions and HW and SW rights back. And help in finding and deleting the hidden malware admins and their hidden users group. That is the only problem on my PC and that is what I told them when I gave them my credit card to fix that problem.
So far in 14 hours of remote repair not once have they actually tried to delete the hidden admin and users so I can get all my HW and SW rights back. No one seems to believe that is my problem, because they have never heard of any malware or hacker being able to hack into a PC and take over as top admin and then change all your rights and permissions.

The tech bragged. Restoring your rights and permissions is easy. If that would solve your problems which are all simply change in my permissions. I do not have permission from the hidden admin to print or install a printer, I do not have permission to download run or install software. I do not have permission to do a system restore or view others on my home network.

I told the tech, it is no different than a live Sys Admin at a company changing or assigning you new permissions. If you dont have print rights you can not print, etc.

I do not have any missing windows services or band OS components. No known virus or trojans, Just a new kind of hacker that just hijacks your PC as a hidden admin and then takes away almost all your HW and SW rights and permissions.
If it is so easy to restore my permissions and find the hidden Admins, then how do I do it?
If it is easy to turn off UAC in the Registry and delete the hidden admin from the registry then how do I do it. And if it is so easy to find what boot file the malware admin in hiding in, then how do I find it?

And since I am locked out of normal boot mode. How do I do the above from a boot disk or in safe mode or in a Dos Window from Vista Desktop. or a Command Prompt.

Thanks MidiVox

 

Hi All,
I have not gotten any actual help from anyone here yet. Just attacked because my PC only allows downloading, installing, running in Safe Mode. I never said or even implied that anyone here caused my PCs problems. No one has any idea how the hacker, or some hacker created program got on my PC and hijacked my Vista Admin
I just kept getting attacked for not being able to follow the removal guide exactly because all the steps do not work in safe mode. Then when I post logs of what troubleshooting software I can get to run in safe mode, not one single person even bothered to read the logs and no one has even offered any things to try. Just do the malware removal guite over again. And if you call not follow it exactly, leave and go elsewhere.
I have gone elsewhere everyday. There are a lot of troubleshooting forums. Thousands and thousands.
I simply post my experiences in trying to fix the problem, that way anyone else has the same problem they may be able to solve there's quicker.
Happy Weekend
MidiVox

 

@ midivox

I would like to clarify a few things for you.

First of all, getting help from more than one source is not only frowned upon it is counter productive and makes it difficult/impossible to complete a cleaning process.

Most forums once they realize you are getting help from more than one source will at that time quit offering FREE help.

If you wish to trust strangers and/or pay for remote assistance you're more than welcome to do so. Personally, If I didn't know the person wanting to connect to my computer I wouldn't allow it...no ifs, ands or buts about it. Who they are employed by would also not make a difference. I unfortunately have first hand knowledge of what some of these people do with remote connections because I have fixed what they did. Therefore I don't trust strangers irregardless of who they are affiliated with.

If you want help cleaning your computer you need to focus on 1 forums method. To many hands in the pot spoil the brew.

You have to follow the read and run me. You do all the steps in the order given and do not use software/tools that are not specified. To do so, you may very well be making things worse by using a rogue tool. If other tools not specified in the R&R are needed the malware helper will let you know.

As per the R&R if you can't do something the way it's specified you need to either continue as specified or stop and ask for help.

Read and re-read the steps if you don't understand something. Simply skipping a step b/c you don't want to do it will get you nowhere.

When posting a reply PLEASE use the enter key on your keyboard to separate you paragraphs/sentences. Your posts are beyond difficult and frustrating to read.

You want help? You have to do your part. It IS all spelled out for you.