Windows 10: Computer has been infected by a virus that removed the admin user's permissions to modify...

Hi, I am facing an issue where after installing a program which turned out to be infected, I have lost access to my internal hard drive. The internal drive in question luckily doesn't have the OS installed on it, but still, it is a 2 TB drive that is brink full with data, and I would simply reformat the drive, but I don't want to lose the entire content of the drive. I am fairly sure the virus has made changes at the deepest level, since I am unable to retake ownership of the drive in question through the security tab. I am logged in with an Admin account with full rights, yet when I try chang

:)

 

folder creation and sharing, i want to create an admin user that have only permission to modify folders and file but not have domain admin access.

Hi Mindspaceoutsourcing,

Welcome to Microsoft Community.

I'm Hahn and I'm here to help you with your concern.

To create an admin user with the permission to modify folders and files but not have domain admin access, you can follow these steps:

Step 1: Create a new user account

1. Log in to the computer or server as an administrator.
   
2. Open the "Control Panel" and navigate to "User Accounts".
   
3. Click on "Manage another account" and then "Add a new user account".
   
4. Enter a username and password for the new user account and click "Create Account".
   

Step 2: Add the user account to the local Administrators group

1. Open the "Control Panel" and navigate to "Administrative Tools".
   
2. Click on "Computer Management".
   
3. In the left pane, click on "Local Users and Groups".
   
4. Click on "Groups" and then double-click on "Administrators".
   
5. Click on "Add" and enter the username of the new user account.
   
6. Click "OK" to add the user account to the Administrators group.
   

Step 3: Create a shared folder and grant the new user account full access

1. Create a folder on the computer or server that you want to share.
   
2. Right-click on the folder and select "Properties".
   
3. Click on the "Sharing" tab and then click "Advanced Sharing".
   
4. Check the box next to "Share this folder".
   
5. Click on the "Permissions" button.
   
6. Click "Add" and enter the username of the new user account.
   
7. Select the new user account from the list and click "OK".
   
8. Grant the new user account full control permissions by checking the box next to "Full Control".
   
9. Click "OK" to save the changes.
   

Step 4: Set file and folder permissions

1. Right-click on the folder you want to modify and select "Properties".
   
2. Click on the "Security" tab and then click "Edit".
   
3. Click "Add" and enter the username of the new user account.
   
4. Select the new user account from the list and click "OK".
   
5. Grant the new user account the necessary permissions by checking the appropriate boxes (e.g., "Modify", "Write", "Read & Execute").
   
6. Click "OK" to save the changes.
   

Step 5: Remove the new user account from any other groups with domain admin access

1. Open the "Control Panel" and navigate to "Administrative Tools".
   
2. Click on "Computer Management".
   
3. In the left pane, click on "Local Users and Groups".
   
4. Click on "Users" and then double-click on the new user account.
   
5. Click on the "Member Of" tab.
   
6. Remove the new user account from any groups that give it domain admin access.
   
7. Click "OK" to save the changes.
   

By following these steps, you should now have an admin user with the necessary permissions to modify folders and files but without domain admin access.

I hope this helps. If there is anything not clear, please do not hesitate to let me know.



Your Sincerely

| Microsoft Community Support Specialist

 

Guide: Virus Removal 101

Software and Background​
In this section we will briefly go over the software being used and why we chose this software as opposed to other options. This is more of an academic type of post that will clarify the more important "WHY" when it comes to removal. It is important to understand that in order to effectively remove or have the best chance too remove a virus you must have the proper tools. The software listed below is based on several key points. Those mostly being.

• Free
• Easy to use
• Minimal user interaction
• Update friendly

At no point should you think that the software chosen was chosen because it is better than xyz or the "Best". That doesn't mean the software is "not the best" just that I am trying to break the mindset of "Best" it is important to shake the idea that a one off solution is always going to be the better one.

A Porsche is fast and will get you to work sooner than an 18 wheeler but if your hauling tractors to work the 18 wheeler is better suited. This is no different in the security world applications are built for a specific purpose for the most part and because of the nature of heuristic code engines some software will do better than others even if it is the same area of interest.

Software List​
- Threat Restraint

• Rkill

-Rootkit Removers

• TDSS
• bootkitremover
• MBAR

-Broad Spectrum Scanners

• Roguekiller
• EEK
• MBAM
• Sophos VRT
• HitmanPro

- Malware/Junkware Removers

• ADWCleaner
• JRT

-Targeted Repairs

• Powerliks
• Combofix

-Wrap-up and Repair

• TWEAK
• REVOuninstaller
• Ccleaner

Examples

Above is the list of software this guide will cover and what you will be using to disinfect the machine in question. Now; we will go more into why we separate them into groups in the next section. Here I will explain weakness and strength between software types and programs so you can understand why there are so many.

A common question is why don't we have a 1 all solution paid or otherwise that can handle all of well...all of this. The answer is simple.

You can't.

Every virus removal tool is different in some way. Some are able to detect things others can not. Above are the groups of different software. For example EEK is a broad spectrum scanner. However EEK cannot detect rootkits as well as programs specifically designed to remove rootkits like TDSS. Likewise Programs like TDSS are completely incapable of detecting malware, it simply isn't programmed for it.

Software in the same category also behaves differently. Hitman is very good at detecting browser issues and cookies. However Sophos isn't so great at browser infections but is better at scanning core system folders.

The AV world is full of these kinds of checks and balances which makes proper removal more of a skill than a click of a few buttons. Nothing is 100% and you must rely on the differences the tools have to increase your chances of success.

- Running scans in order

Running scans in the correct order might be something you are unfamiliar with. I will try to break down the basic concept as to why this is important to you. For the most part it boils down to permissions. Be it actual NTFS permissions or actual Privilege. Digging deeper you should ALWAYS attack an infection in this order.

• Threat restraint

Threat restraint is an important step because it will allow you the user to more easily work with your machine which is probably super slow because of infection. Using programs like killemall or Rkill stop known malware processes which free up memory and CPU making it a little easier and faster to deal with your machine.

• Root/Boot Kits

As previously covered Root and Bootkits are low level infections that grant admin (root) access to the machine. This software also for the most part changes permissions of core system files in order to more easily control your machine. It is very important to target and remove these infections first because the modifications they make can stop other higher level removal tools from working correctly.

• Virus Scans

Actual Virus removal comes next. Trojans, worms, spyware all virus class infections cause some kind of issues with system services, built in security protection and have the ability to prevent removal tools from opening. These kinds of infections need to be delt with second so that we can ease the restraints on the system so that our tools have the proper permissions and resources to run.

• Mal/Junkware scans

These are the last class of tools to run. These infections usually adhere to the user level of least privilege. They are really annoying and bothersome but are usually the most simple to remove. Unfortunately the tools that remove them require the use of system resources most of the time and assume they have everything they need to proceed. For this reason malware and junkware removal scans are done last because they totally rely on the previous steps being done and corrected to run correctly.

• Repair

Repair tools like tweak are used last. These programs reset windows to a default usable state. From folder options and icon size to default services and program startup. Most of the virus removal tools correct security related issues that the virus they are removing affected.

However sometimes more things have been touched and damaged and for these we use repair software last to correct the remaining issues after a full removal.

 

remove a virus

1) Do steps 1, 2 and 5 in this multi-step removal guide:
https://malwaretips.com/blogs/remove-potentially-unwanted-program/

2) Do not download anything from the link (pcrisk) which another user previously posted. It's one of those SpyHunter pushing sites. SpyHunter is a commercial program which is absolutely not recommended here in Microsoft Community.

3) Suggestion to read:

• How to easily avoid PC infections
  
• How to Avoid Potentially Unwanted Programs | Malwarebytes Unpacked
  
• Best Practices for Safe Computing - Prevention of Malware Infection