Windows XP Pro mysteriously reboots and opens under Administrator

I came home last week and found my comp desktop totally changed. Most my icons were gone.
After research found that it had rebooted and changed from my "XYZ" user that I use all the time to "Administrator" which I never use.
I did a roll back and it still does it for no reason like 3x a day. Just reboots under Administrator log in.
Is this a hack, virus or malware that anybody has heard about.
Never seen anything like this.
Who is Participating?
bbaoConnect With a Mentor IT ConsultantCommented:
> it goes to user Administrator not the user name i use

this can be fixed this way.

regarding your concerns of any hack on the compyter, you may run NETSTAT -a -n -o > s.txt to list all current network sessions into a plain text file named s.txt.

you may review the list yourself or post it here for help. you may mask your personal IP address from the list if there is any privacy concern.
JohnBusiness Consultant (Owner)Commented:
One reason modern systems completely disable "administrator" is because it is so easily hacked.

First, back up your documents, email and anything else you need to another media. Do this now and first.

Second, log in and see if you can (a) see your regular user (Computer, right click, Manage, Users and Groups, Users).

Now try to create a new user and see if you can log in as the new user. What happens?
bbaoIT ConsultantCommented:
> I came home last week and found my comp desktop totally changed

do you mean your computer was always on when you were not at home? is there any possibility that someone else had accessed or touched the computer during that time?

> I did a roll back and it still does it for no reason like 3x a day

was it a successful restore? was the status (such as the disappeared desktop icons) was brought back once the restore was done?

> Is this a hack, virus or malware that anybody has heard about.

do you observe any abnormal disk or network activity when the computer is idle? e.g. the hard disk and/or NiC LEDs are always blinking when the computer is on but not running any particular frontend task?
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

stevemibAuthor Commented:
Yes I see my regular user account and just created new user and can see it.
stevemibAuthor Commented:
Yes comp was on all the time, I just now saw it happen. It just blinks screen and reboots, during reboot
it goes to user Administrator not the user name i use. I then have to switch user to bring back my desktop i use.
Problem is it reboots for no reason and then changes the user during reboot.
JohnBusiness Consultant (Owner)Commented:
You could have gone to a site that used "administrator" to corrupt the profile.

You can probably save what you have by backing up as I suggested, making a new profile and setting it up. When all is working, delete the damaged profile.

Also make sure "administrator" and a very strong password with two special characters, two numerals, two upper case characters and not less than 10 characters total.
stevemibAuthor Commented:
Not sure Im explaining this properly John. Comp reboots for no reason and changes to user Administrator. I then have to log off that user and switch to my normal user "xyz". My profile xyz is fine, all data is in tack.
I am just trying to figure out why it all of the sudden reboots and changes users.

Its just mind boggling why windows would reboot under user Admin as i have never used it before.
It seems like a virus or malware or something. Or somebody has hacked thru my 2 routers and firewall and remote reboots my comp switching users.
JohnBusiness Consultant (Owner)Commented:
Viruses and malware do not "find their way in" . We invite these in by hovering over or clicking on a bogus link.

In modern systems, there is no "administrator" (disabled) and UAC prevents any installations. XP has none of this, so virus writes use "administrator" to gain access to XP underpinnings. The result is what you see.

Try running Malwarebytes to see if it can correct things. More likely, however, especially given XP, you need to back up completely, format and reinstall XP (or move up to a new system).
JohnBusiness Consultant (Owner)Commented:
this can be fixed this way.  <-- As Steve has clarified, he gets the machine running under any userid and it just reboots. So there is more wrong than fixing administrator.
You might or something is setting the admin user for autologn.
You can use users control panel to reset it or navigate with registry to HKLM\software\microsoft\windows nt\currentversion\netlogon and see whether defaultuser,defaultpassword, allowadminlogon are set with the correct data.

Has anything been recently installed. Does the user you commonly use have admin rights? Something new installed, could have been tainted, prompting for admin rights......
web_trackerComputer Service TechnicianCommented:
It truly sounds like your computer has been compromised some how with malware,  permitting someone to hack into your computer and rebooting your system into the administrator user account (hence there are no desktop icons because the user is logged on as administrator and not you). It is highly likely a system restore will not resolve this issue. What I would try to do is unplug your network cable and see if your computer still reboots to the administrator user profile. If it does not then plug it back in, if after reconnecting your network connection it reboots to the administrator account then you know some one is hacking into your computer, it is therefore not safe to go online with this computer.  I would use Roguekiller to see if can resolve this issue. Download it with another computer. I would also download and run rkill. Both applications are portable and do not install the application on the computer they run from the application you download. You can safely download both applications from the bleeping computer website. And as previously mentioned you can download and run malwarebytes.
10023Web site maintenance and designCommented:
Is there any way you can get out of xp...Haven't they stopped updating it!!  Ok that' easy for me to say when someone might be on a tight budget but unfortunately that just the way it is...I am surprised no one has mentioned I wrong about this?
bbaoIT ConsultantCommented:
> I am surprised no one has mentioned I wrong about this?

i am not surprised as i do keep using my XP systems at home, for testing and entertainment only :)
look also if there is a task doing this
and check in event viewer for errors, or problems too
To me it looks like someone is accessing your PC remotely. Immediately remove it from the LAN, then as Thinkpads already mentioned, backup whatever isn't backed up yet, then do a clean re-installation.

I'd also suggest to change any passwords for your email accounts and sites you need a logon for etc., and of course also for your PC's users accounts.
nobusConnect With a Mentor Commented:
it can be wise to change the router password also!
stevemibAuthor Commented:
Looks like bbao solved most of the problem. I have reset all users passwords and was waiting a couple days to see if mysterious reboots happened. One happened last night but this time it rebooted in my normal user. So @bbao you helped solve half of my challenge.
I am also thinking @nobus will solve the other half of the problem as I never reset the password on my broadband router after the tech installed. Actually he never gave it to my wife as i was not home.
It is strange though that even if they have that password with remote access how are they getting past the 2nd router I have. The broadband is connected to a LAN router i am using for my network.
Anyways, I think we are good to go. Thanks guys n gals, your awesome.
stevemibAuthor Commented:
Thanks all. It seems the 2 of you are spot on.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.