Hi, guys need help to reset my admin account

Hi. this is the weird thing i ever faced for admin account. Somehow my admin account has been changed in to guest account. so i cant do anything to change it back. I tried safe mode to get hidden admin account but unfortunately its also has changed in to guest account. This means i dont have any admin account in my computer. Only two guest account.Also i can access my own data right now. My whole desktop has been changed. Will post photos if someone can help please. I never had this problem and never heard so if someone might help me. Thanks
sys cong:
sony vaio fz190
2gb ram
160gb hard drive
nvidia 8400gt
duo core 2.2ghz
windows vista ultimate 32bit

 

Whoa. That sounds alarming. First thing I'd do is disconnect the internet (turn off your wireless router if you have one), in case your computer was remotely compromised. If you can access your own data, back up your important documents, and then try to recover the system to the factory default. I think if you press F10, you can start a re-install.

 

Hello Kasperky,

Sorry to hear you are having some problems. It sounds to me like you are either have a remote desktop compromise or some type of malware problem. Either one, unfortunately, is not a good thing. First, as Lattice said, if you can access your data, make a backup of any important files. From there, before you try a complete system format like Lattice is saying to do, I would try the following.

Windows Vista, similar to XP does have a hidden administrator account that can be accessed fairly simply. The catch is that while XP gives you the option just by hitting F8 when the computer starts and telling Windows to enter the operating system in Safe Mode, Vista requires a little bit more to it. Please follow these steps:

1) Load the computer normally. Once into the guest account, go online to www.malwarebytes.org and download the Malware Bytes program installer to your desktop and then save it to a disc or flash drive. This is a free utility that I have found to be very affective at removing any bad stuff in computers when I am repairing them at Staples.
2) Next, go to Start, (In the Search Bar) Type CMD, (CMD should show at the top of the list) Right Click CMD and Select "Run as Administrator".
3) In the black CMD window that should open, type the following word for word (spaces & Caps included) and then hit enter.

Net user administrator /active:yes

If you entered it correctly, it should show a small sentence below it stating that the operation was completed successfully.
4) Now, reboot your computer
5) When the computer reboots back to the user login screen, you should now see a new "Administrator" user that you should be able to click and log into. Do so.
6) Upon entering this new user, run the Malware Bytes installer from where ever you saved it (disc or Flash memory USB stick) and follow the prompts to install the program.
7) Once the program is done installing, it should automatically launch. If it doesn't, look for a shortcut on the desktop to start the program.
8) Select to scan your system. Be sure that you select to do a "Full System Scan" and not just a basic scan which it is set to by default.
9) Once the scan is complete, hopefully any Malware that caused the problem is found. Use the program to remove the problems and then restart the computer either by a prompt from the program or on your own.
10) Upon restarting, again select the "Administrator" account and run the scanner again in the same fashion. Continue to do so until you receive no errors.

Hopefully, in removing whatever problems you have on the system, it should relinquish your old account. Remember, continue to run the scans in the unlocked Administrator user because this user has access to more or the Windows directories and hidden files/folders in the system. If this fixes the problem, great. Simply log into your account, follow the same steps above to bring up the CMD window again (remember to tell it to run in Administrator mode) and type the exact same thing in as above except changing the yes to a no. Upon reboot, the Administrator user account will no longer show at your log in.

Just for safe measure, I would also recommend running the Malware Bytes scan as well as your Antivirus scanner in Windows Safe Mode one more time by hitting F8 when the computer is loading and selecting Safe Mode only (not Safe Mode with networking or VGA enabled). This will help double check your efforts.

I will caution that just because this may help to get your user name and system back, whatever was there may still have overwritten data and or change some settings, so you should take some time to verify that nothing was changed and that if it was, you reset it back to either default or what your preferences are.

Furthermore, if the scans do pick up something, I would recommend contacting your banking provider and have them put a temporary watch on your account. Because of the complexity of this possible hijack, they may have already gotten some of your information. Please don't fear, just simple notify your bank and credit card holders that you had a small compromise with your home computer and would like to request a temporary watch on your account just to be safe. From there, just monitor your monthly statement and double check everything to make sure nothing fraudulent shows up. If you are concerned, you may look into a credit watching service such as Identity Guard or Life Lock, however, I feel that that is a bit overboard unless you want the better security and 24 hour watch of your Identity. It is your choice depending on if you feel it is worth the monthly fee to do so. To give you an idea, I personally use Identity Guard just for peace of mind as I have had my credit card numbers stolen Online once previously when I was in college.

Now, if the scans come up clean, then the next step would be as Lattice suggested. Upon starting the computer, either insert the recovery media or strike the corresponding key stated on your screen to access the recovery partition. From there follow the prompts.

Hope this helps. Try it out and get back with us on what happens.

BBGus

 

----------------------------------------------------------------

Hi, thanks but i cant even access my own data. when i looked at hard drive it says only 27 gb free out of 140gb. when i go to documents there is nothing. No data nothing. I would format the drive but its gonna blow my all documents. If i want to format my drive there is problem too. If i go to recovery center while booting it asks me for admin and i dont have it because my account and the hidden windows account both are turned in to guest. I guess need o take out hard drive and format in another computer.
Thanks

 

Hi BBGus thanks for reply.
1. Windows Vista, similar to XP does have a hidden administrator account that can be accessed fairly simply. The catch is that while XP gives you the option just by hitting F8 when the computer starts and telling Windows to enter the operating system in Safe Mode, Vista requires a little bit more to.

# I have tried this before but unfortunately hidden admin account and my own admin account have been changed to guest account.
-----------------------------------------------------------------------

2. Load the computer normally. Once into the guest account, go online to malwarebytes and download the Malware Bytes program installer to your desktop and then save it to a disc or flash drive. This is a free utility that I have found to be very affective at removing any bad stuff in computers when I am repairing them at Staples.

# I can download the program but cannot install because i need admin right which i dont have.
--------------------------------------------------------------------------

3.Next, go to Start, (In the Search Bar) Type CMD, (CMD should show at the top of the list) Right Click CMD and Select "Run as Administrator"
In the black CMD window that should open, type the following word for word (spaces & Caps included) and then hit enter.

Net user administrator /active:yes

# As i told u i cannot run it through admin account. Also i already had tried this method before i posted here, without running admin but didnt helped.
----------------------------------------------------------------------
The main problem for me is i dont have an admin account in my computer. All accounts have been changed in to guest account. Also i am using kaspersky internet security but it showed no viruses or malware.
Is there any hope i can change in to admin account back.that's all i want.
Thanks for help

 

When you go to "C:\documents and settings" what folders do you see (including the hidden ones)? If you can see anything other than guest, you still have those accounts.
Did you try to repair windows?

 

Sounds like your best course of action would be to go to your local computer retailer and purchase an exterior hard drive chassis for a notebook 2.5" drive. Take out your hard drive and insert it into the external case and then run it on another computer. This should give you full access to your drive contents, just be careful that you don't copy the virus (if it is one) over to your other computer in the process of pulling your data.

BBGus

 

There are actually four accounts administrator, manoj, manoj.manoj-pc and guest means i still have account. But when i try to access it it it says you dont have currently right to access the folder. And it asks to verify for admin. This is ridiculous. Something locked my admin account (manoj) and new account is created (manoj.manoj-pc) and the administrator account is changed in to guest.

I tried to restore windows but it still asks to verify for admin.

 

Here is two screen shot for that

 

Just a quick question. Is that your windows theme that has the "Broken glass" look to it?

BBGus

 

Also, if you access the drive via an external case on another computer, so long as you have admin rights on the other computer, you will be able to overwrite the ownership status and be able to take control of the folders to recover the data.

BBGus

 

Ye its been a while for that its a broken glass.

 

Ye i think this will be better i will give a shot.
Thanks a lot for ur help

 

Yes you will need to do this method and hopefully recover your stuff. I suggest running all the Anti-virus and spyware programs on your computer to see what caused it.

NBR cannot allow discussion of cracking passwords or bypassing security measures. It is against the forum rules.

 

Antivirus and antispyware programme are still running. No signs of infecyions so far.

 

There will always be a built-in Administrator account that cannot be changed.

Have you tried logging on as the username Administrator? (it should be hidden)

 

Hi bro, I already told in previous post that my hidden admin account has been changed in to guest too. Thats what i dont understand how. No admin account, not at all. Thanks though

 

This is a long shot. Have you tried to clear machine and user passwords in BIOS?

 

I have this same problem, I'm going to READ YOUR MIND!...... yes... I'm seeing a program!.... New.... NewSID! you have used NewSID on your computer and it has made your admin accounts guests! seriously though The only thing you're gonna be able to do most likely is use the other harddrive thing someone else suggested nothing works even resetting the passwords with TRK and making them admins... It's like your computer is incapable of having any account run with admin privaleges... something to do with the fact your SID is supposed to have 500 at the end... because 500 is like some admin thing or something...

 

You might be able to boot up with Ubuntu live disc and then copy stuff over to an external drive.

 

I feel really dumb, cuz i have a similar problem.
Im only 16 and the ppl i live with are complete a** holes.
But i was trying to make my sister an account on my computer.
and i did and it told me that i should first make one an administor.
so i did, but b4 that i was the only administor and hadnt made an account b4 then.
While making my sisters i covered mine and lost all my files.
i just need to kno how to reset it so that i can retreve my files.
Can you help me?