Daughter's Laptop Username & Password Were Somehow Hacked/Changed

Hi, I must have been typing while you were posting a message, so will try your suggestions now.

Oops, my wife just called me to dinner, so I will need to try your suggestions in an hour or two.

Edited by Torvald, 08 April 2024 - 04:14 PM.

JohnC_21,

I followed your instructions and got to Advanced Options, Command Prompt. However, it then asked me to choose an account to continue, and listed only an account named *damie to choose from, which is not my daughter's username, and when I tried clicking on that account name, it next requested that I enter a password, which I certainly do not know, and it is definitely not accepting her old 4-digit PIN.

I also went to Advanced Options, System Restore, but that failed too, since it also requested that I choose an account to continue, and only gave me the choice of selecting *damie as the account name.

Therefore, if you could, please let me know how to go about creating a bootable CD or a bootable USB flash drive, and what to put on that CD or USB flash drive.

P.S. If I am able to create a bootable device, how should I get the laptop to boot from that instead of booting from the C: drive?

Thanks.

Edited by Torvald, 08 April 2024 - 06:19 PM.

Not sure why you have another account on the computer called damie.

Download Lazesoft Home Suite and install it on another computer. Select the target OS you will be accessing. In the below links are the instructions to create a bootable USB flash drive and how to enable the hidden Administrator Account.

https://lazesoft.com/lazesoft-recovery-suite-free.html

https://lazesoft.com/create-a-bootable-recovery-usb-disk.html

https://lazesoft.com/how-to-recover-administrator-password.html

For recovering administrator password click on the reset/enable button.

What is the make and model of your daughter's computer? Once you get into the computer through the Administrator account you might want to start a thread in the malware removal forum.

Edited by JohnC_21, 08 April 2024 - 07:15 PM.

JohnC_21,

I agree with you that it is strange to have this "damie" user account on my daughter's laptop.  It is supposed to have only her account name of "Jennie", and I have no idea of how her boyfriend supposedly connecting his iphone to her laptop resulted in the username/account name & PIN getting changed. I don't think the boyfriend is telling me the complete truth about what he did when he borrowed her laptop.

My daughter's laptop is an HP Notebook model 15-da0043nr, running Windows 10 64-bit. I upgraded it to contain a 500 GB Crucial P2 SSD, plus a 1 TB Hard Drive, and also added extra RAM.

By the way, I am currently serving on a criminal court jury here in San Antonio. There was a one day court holiday today due to the solar eclipse, but the trial will resume tomorrow morning, so I will need to go get some sleep now.

Have not heard of Lazesoft software before, but really appreciate you suggesting it, so will give that a try tomorrow night unless they keep us late again.

Just to chip in as an aside - is it possible that, as you have two drives, the system is now trying to boot from the wrong one?

Worth a check in the BIOS settings - the usual way in on an HP Notebook is: Turn off the computer, press the power button, and then repeatedly press the esc key until the Startup Menu opens. Press f10 to enter BIOS Setup Utility.

This is also how you could get it to boot from a USB drive you make using the above software.

Also - you should have an underlying Password to go with your daughter's 4-digit PIN, as that is how you get into her account on another device (a PIN only works on one device).

Edited by GeoffK, 09 April 2024 - 03:39 AM.

JohnC_21,

Okay, my jury duty just ended this afternoon, so I am able to work on home computers again.

Using the Lazesoft Recovery Suite Free, I was able to enable the hidden Administrator account on my daughter's laptop, with a blank password, and can now log into the Administrator account upon computer bootup.

This is a definite step forward, but the Administrator account does not provide any access to all of the installed software, such as MS Office 2019, nor access to any of the data files on the laptop.

These are all apparently now part of an account name of "damie", but the free version of Lazesoft Recovery Suite Free will not let me reset the password for the damie account.

Is there a no cost way around this problem, or do I need to purchase a business license from Lazesoft?

Thanks

Did your daughter login with a Microsoft Account or a local user account?  Go to Settings > Accounts > Family and other People. Is your daughter's account listed? I don't have much experience with Microsoft Accounts.

https://pureinfotech.com/see-user-accounts-windows-10/

If you don't see your daughter's account I would recommend you start a thread in the Malware Removal Forum just to make sure you are not infected especially because of that damie account.

Edit: If damie is a Microsoft account then Lazesoft cannot reset it. It can only reset passwords for local accounts.

Edited by JohnC_21, 09 April 2024 - 06:01 PM.

JohnC_21,

My daughter used to sign into her laptop using a local account named Jennie.

I just used the Administrator account and command prompt, and the following account names were listed: Administrator, Guest, Default Account, WDAGUtilityAccount, plus damie - which I do not have the password for.

Noticeably, her original user account of Jennie is no longer listed.

How do I tell if "damie" is a local account or a Microsoft account?

Okay. I'm getting tired. I see you already did the command prompt so I'm pretty sure damie is a local account.

I'm not sure why you were unable to reset the password on the damie account. When you open File Explorer and open the Users directory what user names do you see?

Edited by JohnC_21, 09 April 2024 - 08:39 PM.

When I use File Explorer to open the Users directory on the laptop, I can see the following three names: Administrator, damie, and Public.

When I used the Lazesoft Recovery Suite software to try changing the password for the "damie" account, it would not let me do so, and popped up a message saying I needed to first register the software, which I presume meant I needed to buy a license. It also says the "Damie" account is a liveID account, whatever that means, and to convert it to a local account I would need to use the Professional Edition of Lazesoft Recovery Suite.

By the way, at the Windows login screen, it lets me choose between Administrator and damelthorn@gmail.com

Edited by Torvald, 09 April 2024 - 09:36 PM.

cryptodan,

I was somehow not able to get ultimatebootcd to load from my USB stick, so I instead used Rufus to copy to my USB stick a copy of Hirens boot cd, which did load okay at boot.

I then used Windows Login Unlocker to delete the password for the "dameil" user account.  This finally allowed me to log into Windows 10 using the "damiel" account.

However, this was a false victory, since I still could not see any installed programs, such as MS Office 2019, nor could I see any of my daughter's data files.

This laptop has apparently been really messed with, and I think I should now give up and simply install a brand new, fresh copy of Windows 10 64-bit on it.

Should I go ahead and do that tomorrow, or should I instead first request assistance on the Am I Infected forum?

A live ID account would seem to me to be a Microsoft Account. It looks like your daughter's account has been wiped. You "Might" be able to recover it if you have a System Restore Point.

Type System Restore in the search box of the Admin Account.

If no Restore Point then reinstall Windows 10.

Edit: In fact it's probably best to wipe the drive and reinstall Windows 10 even if doing a System Restore works.

Edited by JohnC_21, 10 April 2024 - 07:28 AM.

It is very unusual for an existing account to just "disappear" like that, and be replaced by a new one, and for all the installed programs to go too - unless the culprit has done a new install of Windows.

I suspect that it is more likely that the other drive in the system actually has your daughter's data on it, and somehow the boot order has changed.

When you are in the "damiel" account, can you see the other drive in File Explorer,  or Disk Management - and if so what is there on it?

Open a command prompt and type

diskpart     Opens the diskpart command window

list disk

Post an image.