Vista User Administrator Account was hijacked

Hello Geeks,
My Vista User Administrator Account was hijacked by a new hidden malware admin that turned off and locking out all my permissions. I can not turn off UAC nor change any permissions. Would the above help me any and bypass the hidden malware admin. I have Vista Home Premimun.
Thanks, MidiVox

 

Hi All, Halo
I did a full post in the malware thread. I did follow the steps and so did paid remote techs who tried for almost 8 hours. My malware problem is not one solvable by running software scans. Since as far as I know, no one makes any kind of scanner or tool for correcting hijacked user accounts and malware that changes all your user account settings.
Thanks for your reply. Are you a fan of the Halo Games?
MidiVox

 

Hi MidiVox

Is your troubled computer a laptop or desktop? What manufacturer/model?

 

I'm not sure how common this is or if it would work but...

I've noticed on my vista laptop (and XP desktops for that matter), that there is an extra admin account listed when I boot in safe mode. try doing that and see if there is an account simply named "Administrator" and do some poking around in safe mode. I'm not sure which scanners can run/clean effectively in safe mode, but I'm sure someone can easily answer that.

other than scanning in safe mode, I'm not sure what else you could do

 

Hi MC, All
My problem Vista Desktop is an HP 4600 + . About 3 and a half years old. My main browser is Firefox. On a home wireless network. Other network PCs are all OK, including another HP 4600 + downstairs. Different HW and SW setup on that one. Also have 2 XP Laptops.
I run multiple anti virus and anti spyware programs on all computers and have done so for many years, so have never had any kind of virus or malware before.
Thanks for asking, MidiVox

 

Hi Pillow,
My safe mode User Accounts in Control Panel still only show my one admin user account. But I believe I used to have one also that said Administrator Tims Vista. That one is gone from the UA display, but it and others I never added show up in many program security properties tabs as being users on this PC with different kinds of permission rights.
They were all added by the malware. So when I find them in the properties boxes, I delete all the extra ones. I will check to see if the malware adds them all back on when doing a normal bootup.
Thanks, MidiVox

 

Midivox, you should not make changes to your machine once the logs are created, doing so pretty much makes the logs nul and void as they no longer reflect the current state of the computer. Also, any haphazard changes made could result in bad un-predictable results with malware involved.

From here on out, you should only follow the advice of the Malware Removal Expert(s) guiding you until such time as the "all clear" has been given to you in the "Malware Removal" forum. Doing other wise will only confuse the issue and take longer to solve the problem.

Good Luck

 

Hi Everyone,
Do not worry. I am not making any major hardware or software changes. And now that the software is installed Malwarebytles, Super Anti Spyware etc, I can always do up to date scans in Safe Mode in a few minutes.
I found the name of the head malware created user and deleted that user using the hidden alternative user accounts control built into Vista. Once I deleted the user name, TexMex1, the registry string used by the head malware adminstrator showed up in program property boxes as
Unknown Account S=1=5=21=426783821938219-34771482215-3257816407-1007
Remove that from properties boxes and all the hidden malware created users are removed also.
The malware admin does not appear to be changing its reg string on rebooting.
If I can get the Microsoft Management Console to load in safe mode, then I can remove the hidden malware user group.
I restored my owner status to most files and programs on the PC and removed the malware as owner. Also did that for my missing printer and my external backup hard drive, since the malware made itself the hardware devices owner and denied me access to them.
I have not tried to edit the registry or look inside any boot files or executable files or fix the control panel parts the malware changed or blocked. I figure you all will be much better at doing so when I go into safe mode to get the logs.
Happy Troubleshooting
MidiVox

 

Two things:

1. White space! Hit the enter key once in a while to create paragraphs, your posts are extremely hard to read the way you format them right now.

2. Do you know with 100% certainty that you have removed the malware itself? If not, click the link Halo posted earlier and follow the instructions to the letter. Fixing the symptoms of the malware isn't going to be much help for you in the long run, you need to get the entire infection removed. That's why we have a Malware Forum with specialists that will help you. Follow their instructions exactly, give them the information they are asking for, and do nothing other than what they tell you and they can get rid of all the malware for you. Just do your part to help them help you.

 

Hi All
So far people just keep getting mad at me because following the malware guide did not work on my PC. I do not have any known malware, trojans, or virus infections. I have something new, that no scanning software can ID

So another person repeating what others have said, just go follow the malware guide again, how is that helpful? I did my part explained what happened. Posted whatever scans I could get from whatever software I could get to run in safe mode.

I am just going to have to learn how to edit the registry and fix the problems there. The User accounts in the registry should not be that hard to find. Using some kind of reg search and replace program.

I know the names of the hacker admin and hacker users just replace them with my admin account and or reverse all the permissions someone suggested. Put denys by the hacker users and allow by my admin.

Meanwhile I will buy a second hard drive and run my recovery disks on it and make it the boot drive. While I get a reg expert to help me repair the hacked reg. Malware that hacks your reg I guess is brand new malware.

Happy Weekend
MidiVox

 

If you do decide to attack the Registry directly, be VERY certain of what is being changed.
One wrong choice and you could have a very expensive doorstop.
Be best to backup your Registry to a Thumb drive or other removable device as fallback insurance.

 

No one has been attacking you, we're trying to tell you what you need to do to get the help you keep saying that no one has been offering. If you want to take that as attacks, I guess that is your right, but I assure you that our suggestions are not meant that way.

I saw your thread in the Malware forum -- you did nothing of what they asked you to do, and instead you went through a whole bunch of extra stuff that not only didn't help, but undoubtedly made your situation even worse. When you were asked to stop that and provide the requested scans you were rude to the malware fighter who was assisting you, and you continued to do over and over what you were asked not to do. You did not do your part at all, you kept posting the wrong logs and refusing to run the correct scans. Topping all of that off by insulting an unpaid volunteer who has no obligation to help you is not exactly what I would call "doing your part to help us help you".

When you go to a forum staffed by volunteers, you create an obligation for yourself to provide the information you're being asked to provide. You also create a similar obligation for yourself to read all instructions thoroughly and to ask for clarification if you don't understand them, rather than just improvising madly and ignoring any guides or directions you're given.

If you're not willing or able to do any of that, then it's going to be very difficult for anyone here to help you. Then again, if you're convinced that you don't actually need anyone's help because you can do this on your own, then I guess your attitude isn't really a problem after all.