Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I should have Windows 8


  • Please log in to reply
9 replies to this topic

#1 Kris78332

Kris78332

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 04 March 2014 - 12:31 AM

I now have Windows XP, NT, and sometimes 7 I never know which I'm running because I have several partitions I didnt create and now I see bitlocker on the upper left when I am in windows explorer and I can't get to the user name etc. I have "Everyone" on my computer basically. I didn't want Windows OS, Just Windows 8 that my computer came with. Its a Lenovo 1T IdeaCentre B540.

Also everything keeps having a .inf additional file in each folder that is 1kb. They are popping up everywhere. Is that a rootkit?

For the second time there is a special logon, , SETakeownership, SE tcbprivilege, Sesecurityprivilige, SErestoreprivilege, SEloaddriverPrivilege and many others that all start with SE.I was locked out completely last week but reinstalled a windows 8, and right before there was the same special logon in the security events. This just happened again an hour ago.

I have school (College) tomorrow I am so tired of fighting this computer.

Thank you if you can help!


Edited by Kris78332, 04 March 2014 - 12:38 AM.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 22,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 04 March 2014 - 10:46 AM

Hello, and welcome to bleeping computer. My suggestion would be to do a factory reset back to Windows 8. It may not be possible as you have other OS's loaded on this computer amd this may have deleted the recovery partition.

 

Make sure all of your data is backed up before doing a factory reset as it will be gone after the reset.

 

For Windows XP:

  • Desktop - all items on your Windows XP Desktop (icons, files, folders, etc)
  • Favorites - your Internet Explorer favorites
  • My Documents - contents of your My Documents folder (in All Users, or Shared Documents this is called just "Documents") - your documents, pictures, videos, etc
  • Templates - only if you use Microsoft Office and you have created special templates for documents

For Windows Vista, 7 and 8 (do not copy folders that have an icon of arrow pointing to left - these are compatibility links, not real folders!):

  • Contacts - only necessary if Windows Mail or Windows Live Mail has stored contact data
  • Desktop - all items on your Windows Desktop (icons, files, folders, etc)
  • Documents - contents of your My Documents folder (note that in Windows Vista, 7 and 8 this does not include My Pictures, My Music and My Videos folders - these are just shortcuts for Windows XP backwards compatibility!)
  • Downloads - files downloaded from the Internet
  • Favorites - your Internet Explorer favorites
  • Music - your music files (mp3-s, wma-s, etc)
  • Pictures - your photos and pictures
  • Saved Games - only necessary if you have saved some state in Windows games (e.g. Solitaire)
  • Searches - only necessary if you have saved some search criteria
  • Templates - only necessary if you use Microsoft Office and you have created special templates for documents
  • Videos - your video files

 

For the Lenovo a factory reset you need to tap the F2 button at bootup.

 



#3 Kris78332

Kris78332
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 04 March 2014 - 02:07 PM

Thank you!
I see that I have recovery drives and one partition says healthy restore (or something like that) but I can't get to them. When I tried to restore all of my restore points and backups were gone according to the steps following f2. I went into the cmd prompt and it shows that my path is something strange but included global, I could not find any information on what it should say so that I could change it. Everything I saved said restore.exe or similar and when I hit the option to brows for my backup I am denied because the file option is locked in with a file that must end in .mui. Once I'm locked out there is not anything to restore to, supposedly., I did not add windows server or Xp vista any of the ones that have shown up
How can I remove bitlocker I did not set it up, last night in the logs it once again showed SErecovery, SEadmin etc., and the login before that was impersonator. I did not want to turn off my computer because I didn't want to be locked out again so I went to a restore point I made in the last 3 days while I had one and then instead of logging on I turned it off unplugged it and went to bed. Also I have Bluetooth connections coming in through RFComm according to a scan through windows that told me what programs were unknown etc. My mouse is now tied in to the connection because if I disable other Bluetooth devices that do not say keyboard or mouse mine stop working....its just so many issues! I tried the basic troubleshoot!
Thank you for your help!!
Oh and when I downloaded anything offered on this site it is saved as a binary file before I can even run it, I have never had it do that before so I'm really stumped, every scan says that everything is fine.
Thanks again,
Kris
One quick note, I took the class to get CompTia A+ cert., and Network security and am currently taking network forensics, (you'd never know!) Some days its like I'm in a sandbox with every attack known to man and that's why I'm confused! I shouldn't be in a network or subnet, but the IP addresses are 0.0.0.0 or 127.0.0. Basically the same as the textbooks show, and I can't contain one apparent attack with 4 more going on, and the steps we learn about don't really apply when virus scans run and run then they end up fake, or the windows update show NEVER for updating! Do schools that teach Cisco etcbtest you (more like spy on you) because if so help me pass the real world test please! I don't want to waste your time and I also don't want to lose my computer because I can't tell what's real or if my system is really in jeopardy. Its been almost a year of this and so many hours lost and I want my home computer to be secure and am not willing to share My space with people I do not know. Ya know? I am single for a reason, and don't like my things moved around or touched. Shouldn't I have the option to be in a network or not, or is this life with Windows 8? If so why am I paying for internet, why can't people just say Hey can I use your connection? But a handshake in cyberspace means zero to me I didn't authenticate anyone. How do people trust groups that show up anonymously. Please explain? I didn't take the Linux or other classes I went straight to the security class because I didn't like not knowing and now I am even more lost! Nothing is safe or secure I get that part, but when I can't replace my computer I take it very seriously. Blocking access just seems to make the attacks worse and its my computer so that's just wrong on all levels...

#4 JohnC_21

JohnC_21

  • Members
  • 22,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 04 March 2014 - 02:35 PM

At this point, I would not even trust your recovery partition as that could be infected. I would contact Lenovo,explain the issue and ask for a restore disk. I know Dell is good about providing free disks but not sure about Lenovo. Sorry, I could not help you further. Can you recover any of your important files? http://www.lenovo.com/contact/us/en/

#5 Kris78332

Kris78332
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 04 March 2014 - 02:50 PM

Thank you so much, I had saved several filed on flash drives but I'm sure they are probably infected as well!
Thanks again!

#6 Kris78332

Kris78332
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 06 March 2014 - 12:36 AM

Hi John,
I was able to restore completely even though the blue screen said "order a new disk" just like you suggested!
I went into the bios boot order, moved everything to the top not excluding anything and put CD/DVD first, and before I exited I put the win8 drivers pack CD in, my computer DID come with this, not a restore CD, and clicked yes I want to restart optimize OS.
A big red lettered warning asked was I sure?
Yes. What did I have to lose??
My computer started up brand new and even asked if I wanted to log in with a Microsoft password (no thanks) and it has not asked that since the day I first ran the set up. And I have restored and reset more times than I can count!
This was the first time I ever had
Inaccessible_BOOT_Device on a blank screen and it was basically hopeless.
One last tip on how I now have a resurrected machine, since I am not an expert and why I had to share! I prayed for wisdom first and to know what I couldn't know.
So I had to give God glory! Sorry, but when I go into any battle He's the best backup to have when I want to win. Alone I'm powerless, even with the most sophisticated tools, why try several when He can tell me which one will work!

#7 JohnC_21

JohnC_21

  • Members
  • 22,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 06 March 2014 - 08:22 AM

Thanks for the feedback. Interesting that the drivers pack CD brought it back. One thing I would recommend is to create a User account along with a admin account and use the User account for most of your activity. Also, if you are using a router, make sure it does not have the default password. If it does, change that. If wireless, use WPA2 for encryption with a strong password. And finally just as a precaution, I would scan your system with a antivirus and also Malwarebytes.

#8 Kris78332

Kris78332
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 06 March 2014 - 07:47 PM

Yes I did change the default password, and am definitely still staying alert!!

I was looking over several screen shots etc I had saved and Windows Powershell seems to be the access point or LinusSE which would explain the SE on all of the settings the two times it was taken over by a new admin. Maybe...I did see another member on the forum had something that I was googling. I wondered if I should follow all of the steps that they were told to do. It's IdeaTouch.LocalDataServer.game and one that ends .education. The scans that were posted looked really similar to mine.



#9 JohnC_21

JohnC_21

  • Members
  • 22,966 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 PM

Posted 06 March 2014 - 08:18 PM

You can post in the Am I Infected forum if you are not sure if the computer is infected. Do not follow the steps listed in the other persons thread as your problem if there is one could be entirely different.

#10 Kris78332

Kris78332
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 06 March 2014 - 08:59 PM

Gotcha!
I really appreciate how nice you have been,thank you.
Kris




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users