Solved

Windows XP Pro mysteriously reboots and opens under Administrator

Posted on 2015-02-07
18
65 Views
Last Modified: 2015-02-09
I came home last week and found my comp desktop totally changed. Most my icons were gone.
After research found that it had rebooted and changed from my "XYZ" user that I use all the time to "Administrator" which I never use.
I did a roll back and it still does it for no reason like 3x a day. Just reboots under Administrator log in.
Is this a hack, virus or malware that anybody has heard about.
Never seen anything like this.
0
Comment
Question by:stevemib
  • 5
  • 4
  • 3
  • +5
18 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 40596374
One reason modern systems completely disable "administrator" is because it is so easily hacked.

First, back up your documents, email and anything else you need to another media. Do this now and first.

Second, log in and see if you can (a) see your regular user (Computer, right click, Manage, Users and Groups, Users).

Now try to create a new user and see if you can log in as the new user. What happens?
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 40596384
> I came home last week and found my comp desktop totally changed

do you mean your computer was always on when you were not at home? is there any possibility that someone else had accessed or touched the computer during that time?

> I did a roll back and it still does it for no reason like 3x a day

was it a successful restore? was the status (such as the disappeared desktop icons) was brought back once the restore was done?

> Is this a hack, virus or malware that anybody has heard about.

do you observe any abnormal disk or network activity when the computer is idle? e.g. the hard disk and/or NiC LEDs are always blinking when the computer is on but not running any particular frontend task?
0
 

Author Comment

by:stevemib
ID: 40596393
Yes I see my regular user account and just created new user and can see it.
0
 

Author Comment

by:stevemib
ID: 40596400
Yes comp was on all the time, I just now saw it happen. It just blinks screen and reboots, during reboot
it goes to user Administrator not the user name i use. I then have to switch user to bring back my desktop i use.
Problem is it reboots for no reason and then changes the user during reboot.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40596401
You could have gone to a site that used "administrator" to corrupt the profile.

You can probably save what you have by backing up as I suggested, making a new profile and setting it up. When all is working, delete the damaged profile.

Also make sure "administrator" and a very strong password with two special characters, two numerals, two upper case characters and not less than 10 characters total.
0
 

Author Comment

by:stevemib
ID: 40596406
Not sure Im explaining this properly John. Comp reboots for no reason and changes to user Administrator. I then have to log off that user and switch to my normal user "xyz". My profile xyz is fine, all data is in tack.
I am just trying to figure out why it all of the sudden reboots and changes users.

Its just mind boggling why windows would reboot under user Admin as i have never used it before.
It seems like a virus or malware or something. Or somebody has hacked thru my 2 routers and firewall and remote reboots my comp switching users.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40596409
Viruses and malware do not "find their way in" . We invite these in by hovering over or clicking on a bogus link.

In modern systems, there is no "administrator" (disabled) and UAC prevents any installations. XP has none of this, so virus writes use "administrator" to gain access to XP underpinnings. The result is what you see.

Try running Malwarebytes to see if it can correct things. More likely, however, especially given XP, you need to back up completely, format and reinstall XP (or move up to a new system).
0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 250 total points
ID: 40596412
> it goes to user Administrator not the user name i use

this can be fixed this way.

http://windowsxp.mvps.org/Autologon.htm

regarding your concerns of any hack on the compyter, you may run NETSTAT -a -n -o > s.txt to list all current network sessions into a plain text file named s.txt.

you may review the list yourself or post it here for help. you may mask your personal IP address from the list if there is any privacy concern.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40596414
this can be fixed this way.  <-- As Steve has clarified, he gets the machine running under any userid and it just reboots. So there is more wrong than fixing administrator.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 76

Expert Comment

by:arnold
ID: 40596421
You might or something is setting the admin user for autologn.
You can use users control panel to reset it or navigate with registry to HKLM\software\microsoft\windows nt\currentversion\netlogon and see whether defaultuser,defaultpassword, allowadminlogon are set with the correct data.

Has anything been recently installed. Does the user you commonly use have admin rights? Something new installed, could have been tainted, prompting for admin rights......
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 40596440
It truly sounds like your computer has been compromised some how with malware,  permitting someone to hack into your computer and rebooting your system into the administrator user account (hence there are no desktop icons because the user is logged on as administrator and not you). It is highly likely a system restore will not resolve this issue. What I would try to do is unplug your network cable and see if your computer still reboots to the administrator user profile. If it does not then plug it back in, if after reconnecting your network connection it reboots to the administrator account then you know some one is hacking into your computer, it is therefore not safe to go online with this computer.  I would use Roguekiller to see if can resolve this issue. Download it with another computer. I would also download and run rkill. Both applications are portable and do not install the application on the computer they run from the application you download. You can safely download both applications from the bleeping computer website. And as previously mentioned you can download and run malwarebytes.
0
 
LVL 10

Expert Comment

by:10023
ID: 40596465
Is there any way you can get out of xp...Haven't they stopped updating it!!  Ok that' easy for me to say when someone might be on a tight budget but unfortunately that just the way it is...I am surprised no one has mentioned this...am I wrong about this?
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 40596487
> I am surprised no one has mentioned this...am I wrong about this?

i am not surprised as i do keep using my XP systems at home, for testing and entertainment only :)
0
 
LVL 91

Expert Comment

by:nobus
ID: 40596542
look also if there is a task doing this
and check in event viewer for errors, or problems too
0
 
LVL 87

Expert Comment

by:rindi
ID: 40596706
To me it looks like someone is accessing your PC remotely. Immediately remove it from the LAN, then as Thinkpads already mentioned, backup whatever isn't backed up yet, then do a clean re-installation.

I'd also suggest to change any passwords for your email accounts and sites you need a logon for etc., and of course also for your PC's users accounts.
0
 
LVL 91

Assisted Solution

by:nobus
nobus earned 250 total points
ID: 40596769
it can be wise to change the router password also!
0
 

Author Comment

by:stevemib
ID: 40599743
Looks like bbao solved most of the problem. I have reset all users passwords and was waiting a couple days to see if mysterious reboots happened. One happened last night but this time it rebooted in my normal user. So @bbao you helped solve half of my challenge.
I am also thinking @nobus will solve the other half of the problem as I never reset the password on my broadband router after the tech installed. Actually he never gave it to my wife as i was not home.
It is strange though that even if they have that password with remote access how are they getting past the 2nd router I have. The broadband is connected to a LAN router i am using for my network.
Anyways, I think we are good to go. Thanks guys n gals, your awesome.
0
 

Author Closing Comment

by:stevemib
ID: 40599749
Thanks all. It seems the 2 of you are spot on.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now