Locked out as admin, suspected hacking

Topic

New Reply

Hello,

I am a lite-weight tech savvy gal or so I thought…. but I’ve somehow been hacked out of my windows admin access. So many new apps and programs have been installed, such as PowerShell, native, Kingsoft games, cyberlink, and so many more.

I’ve been locked out of network controls, cannot install or uninstall programs, and things like the control panel and settings display look like they have been tampered with. (They look like fake versions of the real thing if that makes sense….)

ALSO….. I highly suspect one (or more) of my roommates have tampered with the internet settings and have somehow routed the local internet to my laptop which broadcasts wifi that they use.

I should also mention that ALL my other devices (a jailbroken iPhone 6 that I bought from guess who… one of my roommates!…, a brand new Samsung galaxy tab A Santa brought me this xmas, a brand new Motorola e5 plus smartphone, and an old lg smartphone that’s been in a drawer for 6 months) have ALL the indications of being hacked/tampered with.

Instead of overwhelming myself with trying to fix all these devices at once, I’m trying to fix one at a time.

The specifications of the laptop in question are below:

Device Specs:*
HP Notebook 15 PC with an AMD A6-5200 APU processor with Radeon HD Graphics 2.00 GHz, 4.00 Installed RAM (3.47 GB available)

Windows Specs:*
Windows 10 Home, Version 1803, OS Build 17134.471

 
(*all this info I got straight from the settings program, which I believe was tampered with, but cannot be sure. just FYI)

I am so desperate to have my laptop back all i want to do is a factory reset, so any programs, settings, or other bs that may have been installed without my knowledge is erased. I don’t care about my file, all I want is to be in charge of this computer again.

Another thing is the display screen is broken, so its not so easy to pick up the 21″ tv I’m using as a display to the corner café to do troubleshooting there.
If ANYONE can give me any advice on how to get around this admin bs and reset my laptop to factory settings I would be so grateful. Thank you in advance!

Reply | Quote

Replies

Whoa, that looks like a major problem if everything has indeed been tampered with.

Now, there have been reports of administrator access being disabled during an unattended automatic Windows upgrade, but that’s supposed to be during the 1803->1809 transition and not others.

Basic admin unlock is a small (less than 10 minutes usually) job on an unencrypted system with no boot/setup password, but undoing significant tampering is a whole another barrel of worms. It’ll usually be easier to just wipe everything and reinstall, assuming you have known-good backups of your data or just don’t mind wiping that too.

Given the assumption that the system has been tampered with, and with malicious intent, you by definition cannot trust any internal recovery procedure it may have – so will have to start with a factory restore media (either optical disk or USB; optical disks can be read-only so tamper-resistant, unlike most USB keys…) or go to a repair shop you trust.

Assuming the tamperers might have been actually good at it, it’s the repair shop anyway – that situation could require a full firmware reflash procedure before the reinstall/recovery. This might not be available for models sold with Windows 10 Home, and it’d quite possibly be cheaper to just buy a new computer, anyway.

(Phones are a bit more of a bother. Factory reflash usually is a repair shop procedure right away, but even that might not be enough.)

 

So yeah… unless your roommates confess to it and you trust them to reverse what they’ve done, or something… and you’re convinced that it wasn’t just a random Windows update that happened to change things… (but that doesn’t apply to the phones and such anyway…)

1 user thanked author for this post.

thedudette

Reply | Quote

This also sounds like a corrupted user account that you are seeing.  Have you seen any popups in the lower right corner of the desktop saying that you are using a temporary login?  Is the desktop background black?

If so, you might want to start with system restore or googling how to use the registry to remove the temporary account and restore the backup account, which is yours,  rather than automatically assuming you have been hacked.  Windows automatically installs junk apps in a new account, and this sounds like a new user account, or a corrupted user profile, after an update.

1 user thanked author for this post.

thedudette

Reply | Quote

If you do still want to perform a factory reset, most HP Laptops will boot to different options if you tap the ESC key before the windows boot process when you see a circle of dots.  Read the options.  F9 usually allows me to boot to another device (Windows 10 on a flash drive).  F11 usually is the factory recovery, but that is an older version of Windows which would need to update and update. My preferences is to download Windows 10 using the media creation tool and burn it to USB.  There is an option to select a USB device after the download.  Use a 16 GB flash drive or larger to be safe.

1 user thanked author for this post.

thedudette

Reply | Quote

IMPORTANT: Remember to backup your personal/ work data prior to doing a reset, Either onto a USB flash or external hard-disk. (better safe than sorry)

No problem can be solved from the same level of consciousness that created IT- AE

1 user thanked author for this post.

BobbyB

Reply | Quote

You could start with an online virus scan. This should spot anything obvious even if it can’t fit it.
Use the “Scan Now” link at the bottom of this page. https://www.pandasecurity.com/uk/homeusers/solutions/free-antivirus/

cheers, Paul

Reply | Quote