[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Windows XP Pro mysteriously reboots and opens under Administrator

Posted on 2015-02-07
18
Medium Priority
?
79 Views
Last Modified: 2015-02-09
I came home last week and found my comp desktop totally changed. Most my icons were gone.
After research found that it had rebooted and changed from my "XYZ" user that I use all the time to "Administrator" which I never use.
I did a roll back and it still does it for no reason like 3x a day. Just reboots under Administrator log in.
Is this a hack, virus or malware that anybody has heard about.
Never seen anything like this.
0
Comment
Question by:stevemib
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +5
18 Comments
 
LVL 98

Expert Comment

by:John Hurst
ID: 40596374
One reason modern systems completely disable "administrator" is because it is so easily hacked.

First, back up your documents, email and anything else you need to another media. Do this now and first.

Second, log in and see if you can (a) see your regular user (Computer, right click, Manage, Users and Groups, Users).

Now try to create a new user and see if you can log in as the new user. What happens?
0
 
LVL 37

Expert Comment

by:bbao
ID: 40596384
> I came home last week and found my comp desktop totally changed

do you mean your computer was always on when you were not at home? is there any possibility that someone else had accessed or touched the computer during that time?

> I did a roll back and it still does it for no reason like 3x a day

was it a successful restore? was the status (such as the disappeared desktop icons) was brought back once the restore was done?

> Is this a hack, virus or malware that anybody has heard about.

do you observe any abnormal disk or network activity when the computer is idle? e.g. the hard disk and/or NiC LEDs are always blinking when the computer is on but not running any particular frontend task?
0
 

Author Comment

by:stevemib
ID: 40596393
Yes I see my regular user account and just created new user and can see it.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:stevemib
ID: 40596400
Yes comp was on all the time, I just now saw it happen. It just blinks screen and reboots, during reboot
it goes to user Administrator not the user name i use. I then have to switch user to bring back my desktop i use.
Problem is it reboots for no reason and then changes the user during reboot.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 40596401
You could have gone to a site that used "administrator" to corrupt the profile.

You can probably save what you have by backing up as I suggested, making a new profile and setting it up. When all is working, delete the damaged profile.

Also make sure "administrator" and a very strong password with two special characters, two numerals, two upper case characters and not less than 10 characters total.
0
 

Author Comment

by:stevemib
ID: 40596406
Not sure Im explaining this properly John. Comp reboots for no reason and changes to user Administrator. I then have to log off that user and switch to my normal user "xyz". My profile xyz is fine, all data is in tack.
I am just trying to figure out why it all of the sudden reboots and changes users.

Its just mind boggling why windows would reboot under user Admin as i have never used it before.
It seems like a virus or malware or something. Or somebody has hacked thru my 2 routers and firewall and remote reboots my comp switching users.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 40596409
Viruses and malware do not "find their way in" . We invite these in by hovering over or clicking on a bogus link.

In modern systems, there is no "administrator" (disabled) and UAC prevents any installations. XP has none of this, so virus writes use "administrator" to gain access to XP underpinnings. The result is what you see.

Try running Malwarebytes to see if it can correct things. More likely, however, especially given XP, you need to back up completely, format and reinstall XP (or move up to a new system).
0
 
LVL 37

Accepted Solution

by:
bbao earned 750 total points
ID: 40596412
> it goes to user Administrator not the user name i use

this can be fixed this way.

http://windowsxp.mvps.org/Autologon.htm

regarding your concerns of any hack on the compyter, you may run NETSTAT -a -n -o > s.txt to list all current network sessions into a plain text file named s.txt.

you may review the list yourself or post it here for help. you may mask your personal IP address from the list if there is any privacy concern.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 40596414
this can be fixed this way.  <-- As Steve has clarified, he gets the machine running under any userid and it just reboots. So there is more wrong than fixing administrator.
0
 
LVL 80

Expert Comment

by:arnold
ID: 40596421
You might or something is setting the admin user for autologn.
You can use users control panel to reset it or navigate with registry to HKLM\software\microsoft\windows nt\currentversion\netlogon and see whether defaultuser,defaultpassword, allowadminlogon are set with the correct data.

Has anything been recently installed. Does the user you commonly use have admin rights? Something new installed, could have been tainted, prompting for admin rights......
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 40596440
It truly sounds like your computer has been compromised some how with malware,  permitting someone to hack into your computer and rebooting your system into the administrator user account (hence there are no desktop icons because the user is logged on as administrator and not you). It is highly likely a system restore will not resolve this issue. What I would try to do is unplug your network cable and see if your computer still reboots to the administrator user profile. If it does not then plug it back in, if after reconnecting your network connection it reboots to the administrator account then you know some one is hacking into your computer, it is therefore not safe to go online with this computer.  I would use Roguekiller to see if can resolve this issue. Download it with another computer. I would also download and run rkill. Both applications are portable and do not install the application on the computer they run from the application you download. You can safely download both applications from the bleeping computer website. And as previously mentioned you can download and run malwarebytes.
0
 
LVL 10

Expert Comment

by:10023
ID: 40596465
Is there any way you can get out of xp...Haven't they stopped updating it!!  Ok that' easy for me to say when someone might be on a tight budget but unfortunately that just the way it is...I am surprised no one has mentioned this...am I wrong about this?
0
 
LVL 37

Expert Comment

by:bbao
ID: 40596487
> I am surprised no one has mentioned this...am I wrong about this?

i am not surprised as i do keep using my XP systems at home, for testing and entertainment only :)
0
 
LVL 93

Expert Comment

by:nobus
ID: 40596542
look also if there is a task doing this
and check in event viewer for errors, or problems too
0
 
LVL 88

Expert Comment

by:rindi
ID: 40596706
To me it looks like someone is accessing your PC remotely. Immediately remove it from the LAN, then as Thinkpads already mentioned, backup whatever isn't backed up yet, then do a clean re-installation.

I'd also suggest to change any passwords for your email accounts and sites you need a logon for etc., and of course also for your PC's users accounts.
0
 
LVL 93

Assisted Solution

by:nobus
nobus earned 750 total points
ID: 40596769
it can be wise to change the router password also!
0
 

Author Comment

by:stevemib
ID: 40599743
Looks like bbao solved most of the problem. I have reset all users passwords and was waiting a couple days to see if mysterious reboots happened. One happened last night but this time it rebooted in my normal user. So @bbao you helped solve half of my challenge.
I am also thinking @nobus will solve the other half of the problem as I never reset the password on my broadband router after the tech installed. Actually he never gave it to my wife as i was not home.
It is strange though that even if they have that password with remote access how are they getting past the 2nd router I have. The broadband is connected to a LAN router i am using for my network.
Anyways, I think we are good to go. Thanks guys n gals, your awesome.
0
 

Author Closing Comment

by:stevemib
ID: 40599749
Thanks all. It seems the 2 of you are spot on.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My purpose is to describe the basic concepts of virtual memory as implemented in a modern Windows-based operating system. I will also describe the problems inherent in older systems and how virtual memory solves them. The dark ages - before virtu…
by Nathan Brom/Bromy2004 Introduction There are numerous websites out there for any different type of program you can imagine.  Of those, you'll need to decide which ones are legitimate and aren't trying to steal your money or infect your comput…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question