 | |
| |
| 21 Aug 2010 | #1 |
| | Bug or Virus Preventing Log On My sibling was browsing the internet on my adminstrator account and was kicked off by some sort of bug or virus. When i tried logging back into my account it shows a black screen with security options for firewalls and other things. If i attempt to change any settings nothing happens, and if i exit the screen it just shows the black background, no desktop or icons or anything. I was wondering if there is a way to delete my admin account from my siblings account, as his is unharmed. Or possibly a way to restart the account or wipe it, anything that will make it work again. |
My System Specs | |
| 21 Aug 2010 | #2 |
| | Can you get in safe mode? Safe Mode |
| My System Specs |
| 21 Aug 2010 | #3 |
| | Hi cpazdrummer, Yes, you should try to access your machine through Safe Mode. Let us know if you're able to do so. To access Safe Mode, turn off your computer. Turn it on again, and as the manufacturer's logo is on the screen, tap F8. From the Boot Menu, select Boot In Safe Mode. Let us know if this works. Thanks, Harvey Meale |
| My System Specs |
| . |
| |
| 24 Aug 2010 | #4 |
| | safe mode did actually work, thank you you two. but there are two new folders on my desktop. spam001 and troj000. that doesn't sound good. my inernet doesn't work, it comes up with a windows securty center message when i try opening it. If worse comes to worse, does anyone know how to wipe a computer? it is fairly new and i dont have any valuable files stored in it. |
| My System Specs |
| 24 Aug 2010 | #5 |
| | Welcome to SevenForums. There is an excellent tutorial for you: SSD / HDD : Optimize for Windows Reinstallation |
| My System Specs |
| 24 Aug 2010 | #6 |
| | Now here is an approach which you may want to try first. The idea here is to use MalWareBytes to clean up your system. After MalwareBytes cleans up your system, then I strongly recommend removing your present anti-virus and installing Microsoft Security Essentials. After those clean-ups and please do nothing more until you've checked the User Account Control setting. Ok, how do you do these things: VIRUS and MALWARE REMOVAL / PROTECTION 1. Download MalwareBytes. Malwarebytes Malwarebytes 2. Disconnect from the Internet. 3. Disable your present antivirus software and firewall. 4. Remove your present antivirus software and firewall. 5. Install and run the MalwareBytes Quick Scan (remove any bad guys). 3min 29secs on my laptop. 6. Reconnect to Internet. 7. Update MalwareBytes. 8. Run malwarebytes quick scan again.(remove any bad guys). 3min 38secs on my laptop. 9. Run MalwareBytes full scan. 16min 8secs on my laptop. With large,full disk ~2hours. A. Disable your present antivirus software and firewall B. Remove your present antivirus software C. Download Microsoft Security Essentials. http://www.microsoft.com/security_essentials/ D. Run Microsoft Security Essentials. Quick Scan - ~8 min on my laptop. E. Run Microsoft Security Essentials. Full Scan - ~ 1hr 50 min on my laptop. Now I advise you to uninstall MalwareBytes and only install again when and if you need it. Why?, you ask. Leaving MalwareBytes installed slowed my system. AutoRuns showed MalwareBytes processes running even after exiting from MalwareBytes. ------------------------------------- ---------------------------------------------------- To make sure that User Access control is set correctly: WIN key | type UAC | ENTER key You will see a sliding scale. You want one position down from the very top. OK you way out. WIN key is the one with the wavy flag on it. |
| My System Specs |
| 24 Aug 2010 | #7 |
| | @ cpazdrummer your computer has been compromised .. Warning! Backdoor Trojans These are the most dangerous, and most widespread, type of Trojan. Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more. If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech. More info can be found below: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? How to report ID theft, fraud, drive-by installs, hijacking and malware? Security - dslreports.com When should I re-format? How should I reinstall? When should I re-format? How should I reinstall? Security - dslreports.com If you choose to format and reinstall see this link for instructions: Windows: reformat and reinstall - Cyberwalker.com |
| My System Specs |
| 24 Aug 2010 | #8 |
| | cpazdrummer, If you decide on the clean the disk and reinstall approach, then the link I gave previously covers precisely this case. This is the way that I install myself when I deem such to be necessary. I'll repeat the link: SSD / HDD : Optimize for Windows Reinstallation |
| My System Specs |
| 24 Aug 2010 | #9 |
| | awesome. thank you karl, i will defenitley try those in the next couple days and let you know how it worked out. Thank you again! |
| My System Specs |
| 24 Aug 2010 | #10 |
| | After following Jacee's and karlsnooks advice, I would recommend either running a Anti Virus Live Boot CD, to scan for viruses while your OS is not running. This way, the virus cannot use any of its built in defenses to hide. Otherwise, I would recommend a fresh install. Truth is, safe-mode is no longer a fail safe way to scan for and eliminate viruses. Take a note of this: Code: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal And although there are many great Anti Virus programs, the more popular a program is, the less effective it becomes, as virus writers quickly become aware of a programs popularity, and start writing code to look for these programs, and deal with them accordingly. Note this quote from an article on Virtumonde: Quote: Vundo inserts registry entries to suppress Windows warnings about the disabling of firewall, antivirus, and the Automatic Updates service, disables the Automatic Updates service and quickly re-disables it if manually re-enabled, and attacks Malwarebytes' Anti-Malware, Spybot Search & Destroy, Lavasoft Ad-Aware, HijackThis, and several other malware removal tools. Code: BOOL IsAnubis()
{
if (IsFileInFolder("C:\\InsideTm\\") == 1)
{
detected = 1;
return 1;
}
else if(IsFileNameEqualThis("C:\\sample.exe"))
{
detected = 1;
return 1;
}
else if(IsUsername("user") == 1)
{
detected = 1;
return 1;
}
return 0;
}
BOOL IsTE()
{
if(IsUsername("UserName") == 1)
{
detected = 1;
return 1;
}
return 0;
}
BOOL IsSandbox()
{
if(IsUsername("USER") == 1)
{
detected = 1;
return 1;
}
return 0;
}
BOOL IsJB()
{
if(IsProcessRunning("joeboxserver.exe") == 1 || IsProcessRunning("joeboxcontrol.exe") == 1)
{
detected = 1;
return 1;
}
return 0;
}
BOOL IsNorman()
{
if(IsUsername("currentuser") == 1 || IsUsername("CurrentUser") == 1)
{
detected = 1;
return 1;
}
return 0;
}
BOOL IsWireShark()
{
if(IsProcessRunning("wireshark.exe") == 1)
{
detected = 1;
return 1;
}
return 0;
}
BOOL IsKaspersky()
{
if(IsProcessRunning("avp.exe") == 1)
{
detected = 1;
return 1;
}
return 0;
}
BOOL IsID() //Sunbelt & Sandboxie included
{
if(GetModuleHandle("api_log.dll") || GetModuleHandle("dir_watch.dll"))
{
detected = 1;
return 1;
}
else if(IsProcessRunning("sniff_hit.exe") == 1 || IsProcessRunning("sysAnalyzer.exe") == 1)
{
detected = 1;
return 1;
}
return 0;
}
BOOL IsSunbelt()
{
if(GetModuleHandle("pstorec.dll"))
{
detected = 1;
return 1;
}
else if(IsFolderExist("C:\\analysis") == 1)
{
detected = 1;
return 1;
}
return 0;
}
BOOL IsSandboxie()
{
if(GetModuleHandle("SbieDll.dll"))
{
detected = 1;
return 1;
}
return 0;
}
BOOL IsVPC() //steve10120
{
HMODULE dll = LoadLibrary("C:\\vmcheck.dll");
if(dll == NULL)
{
return 0;
}
BOOL (WINAPI *fnIsRunningInsideVirtualMachine)() = (BOOL (WINAPI *)()) GetProcAddress(dll, "IsRunningInsideVirtualMachine");
BOOL retValue = FALSE;
if(fnIsRunningInsideVirtualMachine != NULL)
{
retValue = fnIsRunningInsideVirtualMachine();
FreeLibrary(dll);
detected = 1;
return 1;
}
FreeLibrary(dll);
return 0;
} The truth is, most user's are not going to be aware when their AV has been attacked, or disabled, or tricked. And it is nothing new to look for a popular Anti Malware program and to hide, disable, or trick that program once it's detected. If you don't have valuable files that you want to save, and if you don't want to spend the time analyzing the behavior of processes and services on your PC, and pouring through network packet captures, it would make more sense just to re-image the PC, so that you know the virus is gone. And I don't say that to bash Malwarebytes, which is an excellent program, and one of my personal favorites. But if it's not a hassle to do a fresh install, then you really should, because at least you know you're 100% safe. Or at least 99.999999999999999% safe  |
| My System Specs |
 |
Bug or Virus Preventing Log On problems?
| Thread Tools | |
| Similar help and support threads for: Bug or Virus Preventing Log On | ||||
| Thread | Forum | |||
| Preventing pop ups | System Security | |||
| IE9 preventing access to web pages | Browsers & Mail | |||
| Preventing an Arp Man in the middle attack | System Security | |||
| Virus preventing login? | System Security | |||
| Preventing VPN from tunneling internet | Network & Sharing | |||
All times are GMT -5. The time now is 02:35 PM.
