Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Hack attempt has locked me out of administrator control


  • Please log in to reply
5 replies to this topic

#1 Dustin67

Dustin67

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 PM

Posted 01 March 2015 - 12:50 PM

My father has a HP Desktop (roughly 6 years old, all original components) running Win Vista Home Premium. He went to get on one day and was completly locked out of his Administrative account with a message appearing saying, "The user profile service failed the logon. User profile cannot be loaded." But if he boots up in Safe Mode, he can log on, but there is a message that appears at the bottom saying "You are logged on under a tempoary profile default because the user profile cannot load." Now it's gone from not being able to just log on under the admin profile, to his Anti-virus saying it doesn't recognize his liscense code. I cannot turn on Windows Fire Wall, cannot uninstall any programs, cannot install any programs, I have no administrative control even after putting in the password authorizing such actions. I've attempted to edit and repair registry, but it will not allow me to do so. I cannot even create a new profile to try to back door it either. I ran a boot disk anti virus to see if it would pick up a virus, but it came up clean. I have scoured microsoft fourms looking for answers, and everything I have found has failed so far. A friend of ours who works around computers himself a bit turned me towards this forum. Any help would be appreciated. He also recommended a clean install of another windows program because to him it sounds like a really deep hack. If need be thats what we will do, we are just lloking for something that can help us avoid that if we can. Any help or advice again is appreciated. Thankyou.

 

BC AdBot (Login to Remove)

 


m

#2 JohnC_21

JohnC_21

  • Members
  • 21,655 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 PM

Posted 01 March 2015 - 03:47 PM

Hello, and Welcome

 

Tap F8 and login to Safe Mode. Type CMD in the Search box. Right click > Run as Administrator

 

At the command prompt type

net user administrator /active:yes

This will enable the hidden adminstrator account. Using that you will be able to create a new profile.



#3 Dustin67

Dustin67
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 PM

Posted 02 March 2015 - 06:46 PM

Thank you John for replying. I am giving it a shot now and I'll update you with what happens.



#4 Dustin67

Dustin67
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 PM

Posted 02 March 2015 - 08:54 PM

SO..A little bit of irony. I've got the admin file I was told about through John working. I've setup a new antivirus program did the initial scans and it picked up about 8 different threats. Here's where the irony comes in. I have attempted to take the old antivirus, AVG 2013, off. I'm begining to think, whatever attacked this computer has exploited it somehow because it is refusing to come off. I've attempted to use the AVG Remover Program found on here, FAILED INTERNET CONNECTION. I've attempted to use the one offered through AVG itself. Would not run. So I downloaded IObit Powerful Uninstall and ran it. According to it, it deleted the program off and shredded the files. But acording to the AVG Standard Unistaller, it failed again because the AVG Firewall service could not be stopped. The program is still there but it's saying all files are deleted. Something is rooted in there. Any ideas how to get it out?


Edited by Dustin67, 02 March 2015 - 09:01 PM.


#5 JohnC_21

JohnC_21

  • Members
  • 21,655 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 PM

Posted 02 March 2015 - 09:51 PM

Go here for the AVG uninstall tool. Download the 32bit or 64bit depending on your OS. Run it in normal mode and if you get the error again use Safe Mode as the Firewall service should not be started in Safe Mode. 

 

If that does not work. Download AutoRuns. Run it in an Admin account and look for any drivers or services listed for AVG. You should look under the logon tab also. For any driver or service AVG related remove the checkmark next to the item. This will disable the driver or service. You can also do a search for AVG but make sure the item unchecked is for AVG and not a service required by Windows. You can get a clue by looking under Publisher. If you find that the computer runs fine then you can delete the unchecked items later.


Edited by JohnC_21, 02 March 2015 - 09:51 PM.


#6 Dustin67

Dustin67
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 PM

Posted 02 March 2015 - 11:09 PM

Alright. Thank you sir. I appreciate the help! I'll update if anything happens.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users