Got Hit By A Torjan With UAC Bypass

  • Thread starter Thread starter ManahMohamed Zakaria
  • Start date Start date
M

ManahMohamed Zakaria

Guest
Hello , my name is zak

and i've been hit by torjan planted in a program that was supposed to create keyloggers , upon launch of the program i received a message stating an error which i thought was suspicious because its one of the features of this keylogger to display an error window for a certain period of time , and to make sure it was a real error i kept launching the program i did so more than 10 times but received nothing , i tried checking task manager to see if there's anything unusual working in the background but nothing was there , i checked the start up section and nothing new was there too , but right after i launched it i noticed that i don't get the uac window upon launching task manager which was very weird , so i checked every temp file and they had these log files with dates and weird names created the same time i launched the torjan and as many as the times i did launch it , problem is i couldn't read them and i tried to modify the owner in the properties , security tab but it stated " can't open access control editor , access denied " , the log files were there on both temp files the ones stored on windows and the ones stored under user , i jumped back to the keylogger and read about it's features and it had uac bypass exploit which caught my attention , and hide task which was for 32 bits processors and would you guess it , my pc is 64 bit built but 32 installed , and the uac worked only on windows 7 so i wasn't worried but then i remembered my pc is windows 7 upgraded to windows 10 and i still receive the first windows 7 boot page that displays " click esc for boot...." , i did some googling and tried the common fixes such as booting up to safe mode and creating a new admin account and here's where something else interesting happened so i had the new admin account set and ready and had used it thrice but just as i booted to safe mode then restarted the pc it took so long to restart and then it didn't so i had so shut it down manually which i did but upon launching the admin account had a password , a password that i didn't set up something must have triggered whatever the **** was awaiting for me to do that , i also checked back on the temp files and nothing was there , i checked the installed programs on control panel nothing either , whatever this is it had the ability to detect a safe mode and launch it self right after i signed out , i still can access my main account , at this point i was desperate and i knew i'll have to re-enable windows defender so i did so through registry edit but it didn't launch , i also forgot to mention that i can't modify anything in the user account settings section in control panel , i just click it and nothing pops up at all , i also can't uninstall anything , and i cant modify the owner of any file ; tried installing AVG but just as it finishes and the window closes wsc_proxy.exe keeps running in background but nothing pops up about avg , i run the installer again and it restarts , done it several times with no outcome ; so to summarize things up , i can no longer edit the owner of any file , i can't launch windows defender and i can't install AVG , i've been locked out of a new account that i created with admin privileges and it didn't happened when i signed out 3 or four times it only did when i booted to safe mode c73a048a-aa70-4aad-a97f-25eae18ec03e?upload=true.jpg and apparently the owner of every new file i create ( the one in the provided capture is the whole disk ) is now TrustedInstaller

and i've tried using this to verify that my account still has admin privileges NET USER Administrator ;active:yes , the outcome is "The command completed successfully."

Any Help Would Be Greatly Appreciated!

And Sorry for the grammar mistakes , and the way the ideas are disordered i'm writing this at 5 in the morning and i haven't slept yet

<3

More...
 
Back
Top