Jump to content
Jared_jaz

Keep loosing admin on Windows after multiple re-installs

Recommended Posts

Control - My router settings

How do I know - The password keeps getting changed from what I have set it too. they normally don't lock me out (did once) but revert the settings back to default passwords with Ip ranges change. mainly I notice the logs in the router. and my connectivity is constantly up and down over wifi. (I will go check the logs now)

I was not aware of the ability to change BIOS settings Via powershell until recently because of all this. I couldn't figure out how they were doing it until I did some research and found information on powershell/bios programming (let me get a link)

BIOS default settings - so when I do the onboard option of setting the BIOS back to its default settings they go back to having only network boot as the only option in the boot menu. I even set a bios password for one of my old laptops that was then changed on me remotely.

 

Share this post


Link to post
Share on other sites

The log is not from 7 years ago, its from the first few days of when this started happening. sorry I'm working from home so I was halfway through the last comment when you had replied.

alright thank you for your patience, what would you like me to do next?

Thank you

Share this post


Link to post
Share on other sites

That is not BIOS / UEFI regardless of what these people have to say or post. You can remove the hard drive from the computer or put in a blank hard drive. Try to run that. It won't do squat because the BIOS / UEFI resides in the firmware on the motherboard. Not in WMI (Windows Management Instrumentation)

Now, once the computer is up and running it's possible that a computer vendor might use all kinds of WMI entries to read and / or set certain features but again that is not the actual BIOS / UEFI storing that.

 

As for the router, the one you spoke of - the Technicolor one. Seems it "might" have some type of encrypted tunnel that your ISP might be able to access the router - but that typically would only be if you got it from your ISP and not from a Retail channel

 

Share this post


Link to post
Share on other sites

On the surface without spending a lot of time going over it - the log just seems to show you have or had a lousy connection as it's constantly dropping packets which means it cannot complete the connection properly. In a good, well connected network you'd rarely get any packet drops.

 

Share this post


Link to post
Share on other sites

Not to run this into the ground, but again, so far each thing you're showing has not provided me any proof or concern that you're actually having an issue or under attack from anyone or anything. The only one that so far would not make sense is that if you have set the login password to the router and you've double-checked it by exiting out restarting and able to get back in again using that same password and then say an hour or a day later that same password no longer works - then that would be suspicious but even then I'd still try unplugging the keyboard and plugging it back in to make sure maybe a sticky key or something else was not the cause.

 

Share this post


Link to post
Share on other sites

Ok, I can assure you that I had my router set up with strong passwords, it was only 20 minutes until it was reverted back to the last set up I had it on which was not default but it had weak passwords and default log in credentials

Share this post


Link to post
Share on other sites

That log looks to be from running Windows Update?

Please click on Start or Search and type i WINVER and hit enter. Post a screenshot of what you have please.

 

Share this post


Link to post
Share on other sites

sorry im slow with the replies, work just got crazy, will do the scan soon. thank you for your help so far. I also did a bunch of updates 

image.png

Share this post


Link to post
Share on other sites

image.png.030d8b5d3014982c43a5ea4bb848fd71.pngFRST.txt

 

I have lost full controll, I cannot remove these users, i cannot choose who gets added to the firewall exception rules Addition.txt

 

They are setting me up as a user on a windows server. this is why no malware is showing up.

Share this post


Link to post
Share on other sites
6 hours ago, Jared_jaz said:

image.png.030d8b5d3014982c43a5ea4bb848fd71.png FRST.txt 241.77 kB · 0 downloads

 

I have lost full controll, I cannot remove these users, i cannot choose who gets added to the firewall exception rules Addition.txt

 

They are setting me up as a user on a windows server. this is why no malware is showing up.

That is not how you would change access and not because you don't have admin rights. You're being concerned about issues that are not really issues. It is how Windows works and at the moment you just need to either stop worrying about it or perhaps take a few courses in understanding how Windows works.

Go ahead and follow that other article on how to disable Admin Shares. Then reboot the computer and let me know if there are any other obvious concerns. So far there is nothing wrong with your computer and it shows no signs of an infection.

 

Share this post


Link to post
Share on other sites

image.png.030d8b5d3014982c43a5ea4bb848fd71.pngFRST.txt

 

I have lost full controll, I cannot remove these users, i cannot choose who gets added to the firewall exception rules Addition.txt

 

They are setting me up as a user on a windows server. this is why no malware is showing up.

 

 

 

Share this post


Link to post
Share on other sites

Thank you for this guide, it will surely come in handy.

 

I cannot stop sharing for some reason

 

image.png.e4bb921e1462c0b4dac17fe26a8bd7df.png

Share this post


Link to post
Share on other sites

Here you go @Jared_jaz

Okay, please run the following FRST script. It will disable and delete the Administrative shares on the computer. It will also disable SMB 1 and 2 on the computer as well as update the Windows Defender definitions and run a Quick Scan and gather some other details for me to review.
It will probably take a while to run so please do not interrupt it and let it finish on its own.

WARNING!! - To all other users - DO NOT - run this script. It will remove Administrative Shares and Disable Server Messaging Block 1 & 2 on the system.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Share this post


Link to post
Share on other sites

Thank you, yes I will as soon as it’s done, it’s been running for a few hours now

Share this post


Link to post
Share on other sites

Does the system appear to be running Updates or performing any other tasks still?

If it's still not doing anything obvious go ahead and restart the computer and let me know.

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.