Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Administrator User Account Type affected by malware


  • Please log in to reply
5 replies to this topic

#1 despisemalware

despisemalware

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 20 November 2013 - 09:54 PM

When I go to login to my Dell Inspiron One running Windows 7, my account is listed as administrator. 

 

But when I go to:  \Control Panel\All Control Panel Items\User Accounts\Change Your Account Type\

it shows as a standard user.  If I select Administrator, then [Change Account Type] immediately grays out.

 

Ironically, while on that same screen, it shows my userid as administrator at the top.

 

Also, I went to the  "Computer Management" screen, and where I expect to see an item to manage user accounts, there is none.

 

I need to get my ability to be the administrator back.

 

ALSO - why did I notice this now?  Because my wife was complaining about the machine, so I went to run "Spybot Search and Destroy", and it showed problems, which it will not let me remove since I am "not" the administrator.

 

The Spybot Search and Destroy" found: CouponBar, SweetIM, Win32.2UrFace.bho, Yontoo.Pagerage



BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:02:00 AM

Posted 20 November 2013 - 10:02 PM

Type this command at the command prompt mate.

wmic useraccount get /all /format:list

Post the results or check to make sure it is indeed a administrator account and also check your useraccount settings. A simple right click on SB&destroy and run as Administrator should work.



#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,464 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:00 AM

Posted 21 November 2013 - 01:37 PM

Try running AdwCleaner.

 

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.
 
 
 
How to post the log.
 
Right click on the Start orb startorb_zps06e1f985.png
 
Then click on Open Windows Explorer.
 
Click on the C: drive.
 
adwcleaner1_zpsb88a2269.png
 
Scroll down till you find AdwCleaner [S1] and double click on the log to open it.
 
adwcleaner2_zps924e5e92.png
 
Click the pointer in the middle of the log, then press the Ctrl and the A keys together to highlight the log.
 
Right click on the log and choose Copy.
 
When you make your next post right click in the post and choose Paste.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 despisemalware

despisemalware
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 21 November 2013 - 09:37 PM

Thanks!  In command prompt, I found

 

C:\Users\Adam>wmic useraccount get /all /format:list

 

 

AccountType=512

Caption=Adam-PC\Adam

Description=

Disabled=FALSE

Domain=Adam-PC

FullName=

InstallDate=

LocalAccount=TRUE

Lockout=FALSE

Name=Adam

PasswordChangeable=TRUE

PasswordExpires=FALSE

PasswordRequired=FALSE

SID=S-1-5-21-2810770800-1587290023-2382443006-1000

SIDType=1

Status=OK

 

 

AccountType=512

Caption=Adam-PC\Administrator

Description=Built-in account for administering the computer/domain

Disabled=TRUE

Domain=Adam-PC

FullName=

InstallDate=

LocalAccount=TRUE

Lockout=FALSE

Name=Administrator

PasswordChangeable=TRUE

PasswordExpires=FALSE

PasswordRequired=TRUE

SID=S-1-5-21-2810770800-1587290023-2382443006-500

SIDType=1

Status=Degraded

 

 

AccountType=512

Caption=Adam-PC\kids

Description=

Disabled=FALSE

Domain=Adam-PC

FullName=kids

InstallDate=

LocalAccount=TRUE

Lockout=FALSE

Name=kids

PasswordChangeable=TRUE

PasswordExpires=FALSE

PasswordRequired=TRUE

SID=S-1-5-21-2810770800-1587290023-2382443006-1009

SIDType=1

Status=OK



#5 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:02:00 AM

Posted 21 November 2013 - 11:27 PM

SID=S-1-5-21-2810770800-1587290023-2382443006-500 ending in 500 is always the administrator account.

It appears as though its degraded its showing as disabled=true.

going to run and type in lusrmgr.msc      then make sure you Adam is a member of the Administrators group.

Post back the results mate

 

Running the command the other way gets the name(This can be handy for pulling usernames on terminal servers when working with the registry and many end users on terminal servers such as i do)

wmic useraccount where SID="S-1-5-21-2810770800-1587290023-2382443006-500" get name

Edited by JohnnyJammer, 21 November 2013 - 11:27 PM.


#6 despisemalware

despisemalware
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 21 November 2013 - 11:37 PM

lusrmgr.msc does not appear to work in Windows 7.  I get an error "This snapin may not be used with this version of windows."  On running your command prompt, the result is:

 

Name

Administrator






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users