The Naked Scientists

The Naked Scientists Forum

Author Topic: Administrator access to task manager?  (Read 4323 times)

Offline Airthumbs

  • Hero Member
  • *****
  • Posts: 958
  • Personal Text
    • View Profile
Administrator access to task manager?
« on: 25/04/2012 04:25:36 »
Hi all,

I had to do a little system restore the other day because something very odd happened and it really scared me.

I was logged on as administrator and my computer was not behaving itself.  I did Ctrl Alt Del to access Task Manager and I was informed that the Administrator had blocked my access to this.  I restarted several times and got the same problem.

Following that I went into component services of my win xp and there discovered that it might be possible for a remote user to superceede my administrator rights on my own computer!

Can someone tell me what might have happened and is it possible that a remote uber user can control my PC by gaining access to it by using a built in over ride to the administrator? 


 

Offline graham.d

  • Neilep Level Member
  • ******
  • Posts: 2208
    • View Profile
Re: Administrator access to task manager?
« Reply #1 on: 25/04/2012 12:41:23 »
Hmm, happened to me though not with Task Manager. I downloaded a free program which (I found out later) made lots of changes to my system software and snooped on my activity - effectively serious Malware. It took me several days to get rid of it because it was able to both recreate itself and also to change my status so I did not have permission to delete certain files (even from MS-DOS). It took 100s of Registry edits too which I managed without screwing up anything too much. I suggest you may have something like this. Virus checkers will not find this and I got no warnings because I (stupidly) downloaded it. I will not do that again. On the rare occasions I download software from a site without a cast iron reputation, I will ensure that the software has been verified as OK by several reputable companies or individuals that I can trust.
 

Offline Airthumbs

  • Hero Member
  • *****
  • Posts: 958
  • Personal Text
    • View Profile
Re: Administrator access to task manager?
« Reply #2 on: 25/04/2012 16:16:17 »
Sounds like that is exactly what happened to me also, I downloaded some free software.  Thanks for your help G.D.
 

Offline graham.d

  • Neilep Level Member
  • ******
  • Posts: 2208
    • View Profile
Re: Administrator access to task manager?
« Reply #3 on: 25/04/2012 16:54:30 »
Best to try to find some helpful sites that identify the malware and try to show you how to eradicate it. Don't believe any that say to download their software and it will do it for you because many are trying to con you into parting with money and ultimately don't work. Even the helpful sites did not identify all the items I needed to remove. I looked at many. It would have been quicker for me to save all my data, wipe the hard drive and reload all my software! Oh well, once bitten ...
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8134
  • Thanked: 53 times
    • View Profile
Re: Administrator access to task manager?
« Reply #4 on: 25/04/2012 19:09:30 »
the free* version of malwarebytes is a good second opinion, (in addition to Microsoft's free anti-virus anti-malware)

[*The free version of malwarebytes won't fix any problems it finds]
 

Offline Airthumbs

  • Hero Member
  • *****
  • Posts: 958
  • Personal Text
    • View Profile
Re: Administrator access to task manager?
« Reply #5 on: 25/04/2012 19:45:00 »
I just went into the Adminstrative tools and into the Local Security Settings.  It is here I stumbled accross several other types of users.

These are as follows;

Everyone, Support_388945a0, Guest, ASPNET, Administrators, User, Remote Desktop User, Backup Operator and the one that I find disturbing PowerUsers!!

My security settings allowed for remote access from PowerUsers whatever they are? 

I blocked the lot and it has not had any negative effects, can someone please tell me what a PowerUser is and why this User had permission to access or change everything on my PC?
 

Offline CliffordK

  • Neilep Level Member
  • ******
  • Posts: 6321
  • Thanked: 3 times
  • Site Moderator
    • View Profile
Re: Administrator access to task manager?
« Reply #6 on: 26/04/2012 00:45:32 »
I think you can set the access with the policy editor (poledit) which you should be able to download for XP.

There are a few nasty viruses that will do everything possible to make it difficult to eradicate them.

  • Disabling Killing tasks from taskmanager sounds like a good idea.
  • Redirect downloads from prominent antivirus and antispyware websites.
  • block antivirus updates
  • Run two processes, and monitor if the other process has been killed, and restart it.
  • Detect changes to startup directories
  • make them hidden/system files (which are easy to spot if you are looking for them)

Is this a home PC, or a business PC?  Who is Support_388945a0?

You are confusing groups and users.
There is  an "administrator group"
And an "administrator user".

Disable any users that you don't need.
If you have your own Airthumbs user, then you can disable any additional users users that you don't need, for example guest.

In MS Access, one can give minimal permissions to "administrator", but it is probably best to keep that account intact on your PC, but make sure it has a secure password.

I believe PowerUsers is a group, and not a user, so I wouldn't worry about it.

Are you running "backup" as a service independent of your account?

Do you use the inbound remote desktop functionality?
 

Offline Airthumbs

  • Hero Member
  • *****
  • Posts: 958
  • Personal Text
    • View Profile
Re: Administrator access to task manager?
« Reply #7 on: 26/04/2012 04:56:31 »
Thanks for the advice, I have no idea who the support_ user is! 

I do not use the remote access feature and it is disabled.

It's my home PC that an office was throwing out.

I will have to look at the other thing you mentioned and I will get back to you on that one.

Thanks again.

PS. I have reverted to my laptop as I reckon the PC has been hacked to pieces!
 

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3823
  • Thanked: 19 times
    • View Profile
Re: Administrator access to task manager?
« Reply #8 on: 05/05/2012 15:25:54 »
I have found from experience it it seldom worthwhile to try and fix corrupted systems, I keep all my programs on a seperate drive and if I get a bad problem byte the bullet and reformat and make a fresh start
 

The Naked Scientists Forum

Re: Administrator access to task manager?
« Reply #8 on: 05/05/2012 15:25:54 »

 

SMF 2.0.10 | SMF © 2015, Simple Machines
SMFAds for Free Forums