Bug or Virus Preventing Log On

Page 1 of 2 12 LastLast

  1. cpazdrummer
    Posts : 3
    Windows 7
       New #1

    Bug or Virus Preventing Log On


    My sibling was browsing the internet on my adminstrator account and was kicked off by some sort of bug or virus. When i tried logging back into my account it shows a black screen with security options for firewalls and other things. If i attempt to change any settings nothing happens, and if i exit the screen it just shows the black background, no desktop or icons or anything. I was wondering if there is a way to delete my admin account from my siblings account, as his is unharmed. Or possibly a way to restart the account or wipe it, anything that will make it work again.
      My Computer
    Quote Quote

  3. richc46
    Posts : 17,796
    Windows 10, Home Clean Install
       New #2

    Can you get in safe mode?
    Safe Mode
      My Computer
    Quote Quote

  4. Harvey Meale
    Posts : 133
    Windows 7 Home Premium 32-bit, BackTrack 4, Ubuntu
       New #3

    Hi cpazdrummer,

    Yes, you should try to access your machine through Safe Mode. Let us know if you're able to do so. To access Safe Mode, turn off your computer. Turn it on again, and as the manufacturer's logo is on the screen, tap F8. From the Boot Menu, select Boot In Safe Mode. Let us know if this works.

    Thanks,
    Harvey Meale
      My Computer
    Quote Quote

  6. cpazdrummer
    Posts : 3
    Windows 7
    Thread Starter
       New #4

    safe mode did actually work, thank you you two. but there are two new folders on my desktop. spam001 and troj000. that doesn't sound good. my inernet doesn't work, it comes up with a windows securty center message when i try opening it. If worse comes to worse, does anyone know how to wipe a computer? it is fairly new and i dont have any valuable files stored in it.
      My Computer
    Quote Quote

  7. karlsnooks
    Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       New #5

    Welcome to SevenForums.

    There is an excellent tutorial for you:
    SSD / HDD : Optimize for Windows Reinstallation
      My Computer
    Quote Quote

  8. karlsnooks
    Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       New #6


    Now here is an approach which you may want to try first.

    The idea here is to use MalWareBytes to clean up your system.

    After MalwareBytes cleans up your system,
    then I strongly recommend removing your present anti-virus and installing Microsoft Security Essentials.

    After those clean-ups and please do nothing more until you've checked the User Account Control setting.

    Ok, how do you do these things:
    VIRUS and MALWARE REMOVAL / PROTECTION
    1. Download MalwareBytes. Malwarebytes Malwarebytes
    2. Disconnect from the Internet.
    3. Disable your present antivirus software and firewall.
    4. Remove your present antivirus software and firewall.
    5. Install and run the MalwareBytes Quick Scan (remove any bad guys). 3min 29secs on my laptop.
    6. Reconnect to Internet.
    7. Update MalwareBytes.
    8. Run malwarebytes quick scan again.(remove any bad guys). 3min 38secs on my laptop.
    9. Run MalwareBytes full scan. 16min 8secs on my laptop. With large,full disk ~2hours.
    A. Disable your present antivirus software and firewall
    B. Remove your present antivirus software
    C. Download Microsoft Security Essentials.
    http://www.microsoft.com/security_essentials/
    D. Run Microsoft Security Essentials. Quick Scan - ~8 min on my laptop.
    E. Run Microsoft Security Essentials. Full Scan - ~ 1hr 50 min on my laptop.
    Now I advise you to uninstall MalwareBytes and only install again when and if you need it.
    Why?, you ask. Leaving MalwareBytes installed slowed my system. AutoRuns showed MalwareBytes processes running even after exiting from MalwareBytes.

    -------------------------------------
    ----------------------------------------------------
    To make sure that User Access control is set correctly:
    WIN key | type UAC | ENTER key

    You will see a sliding scale. You want one position down from the very top.
    OK you way out.

    WIN key is the one with the wavy flag on it.
      My Computer
    Quote Quote

  10. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #7

    @ cpazdrummer your computer has been compromised ..

    Warning! Backdoor Trojans

    These are the most dangerous, and most widespread, type of Trojan.
    Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

    If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
    You should consider them to be compromised.
    They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.

    Banking and credit card institutions should be notified of the possible security breech.
    More info can be found below:
    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    How to report ID theft, fraud, drive-by installs, hijacking and malware? Security - dslreports.com
    When should I re-format? How should I reinstall?
    When should I re-format? How should I reinstall? Security - dslreports.com
    If you choose to format and reinstall see this link for instructions:
    Windows: reformat and reinstall - Cyberwalker.com
      My Computer
    Quote Quote

  11. karlsnooks
    Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       New #8

    cpazdrummer,
    If you decide on the clean the disk and reinstall approach, then
    the link I gave previously covers precisely this case.

    This is the way that I install myself when I deem such to be necessary.

    I'll repeat the link:
    SSD / HDD : Optimize for Windows Reinstallation
      My Computer
    Quote Quote

  12. cpazdrummer
    Posts : 3
    Windows 7
    Thread Starter
       New #9

    awesome. thank you karl, i will defenitley try those in the next couple days and let you know how it worked out. Thank you again!
      My Computer
    Quote Quote

  13. dranfu
    Posts : 121
    Windows 7
       New #10

    After following Jacee's and karlsnooks advice, I would recommend either running a Anti Virus Live Boot CD, to scan for viruses while your OS is not running. This way, the virus cannot use any of its built in defenses to hide.

    Otherwise, I would recommend a fresh install. Truth is, safe-mode is no longer a fail safe way to scan for and eliminate viruses. Take a note of this:

    Code:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
    This is the registry key that contains a listing of services that will boot up when you log into safe mode. It is a trivial matter for a virus to add an entry here, so that it too is running even in safe-mode. Virtumonde was known for doing this, probably one the first, too.

    And although there are many great Anti Virus programs, the more popular a program is, the less effective it becomes, as virus writers quickly become aware of a programs popularity, and start writing code to look for these programs, and deal with them accordingly.

    Note this quote from an article on Virtumonde:

    Vundo inserts registry entries to suppress Windows warnings about the disabling of firewall, antivirus, and the Automatic Updates service, disables the Automatic Updates service and quickly re-disables it if manually re-enabled, and attacks Malwarebytes' Anti-Malware, Spybot Search & Destroy, Lavasoft Ad-Aware, HijackThis, and several other malware removal tools.
    Also, Take a look at this, if you find that hard to believe:

    Code:
     BOOL IsAnubis()
{

    if (IsFileInFolder("C:\\InsideTm\\") == 1)
    {
       detected = 1;
       return 1;
    }
    
    else if(IsFileNameEqualThis("C:\\sample.exe"))
    {
       detected = 1;
       return 1;
    }
    
    else if(IsUsername("user") == 1)
    {
        detected = 1;
        return 1;
    }
    
    return 0;
}

BOOL IsTE()
{
     
    if(IsUsername("UserName") == 1)
    {
        detected = 1;
        return 1;
    }
    
    return 0;
}

BOOL IsSandbox()
{
     
    if(IsUsername("USER") == 1)
    {
        detected = 1;
        return 1;
    }
    
    return 0;
}

BOOL IsJB()
{
    
    if(IsProcessRunning("joeboxserver.exe") == 1 || IsProcessRunning("joeboxcontrol.exe") == 1)
    {
        detected = 1;
        return 1;
    }
    
    return 0;           
}    

BOOL IsNorman()
{
     
    if(IsUsername("currentuser") == 1 || IsUsername("CurrentUser") == 1)
    {
        detected = 1;
        return 1;
    }
    
    return 0;
}

BOOL IsWireShark()
{
     
    if(IsProcessRunning("wireshark.exe") == 1)
    {
       detected = 1;
       return 1;
    }
    
    return 0;
}

BOOL IsKaspersky()
{
     
    if(IsProcessRunning("avp.exe") == 1)
    {
        detected = 1;
        return 1;
    }
    
    return 0;
}


BOOL IsID() //Sunbelt & Sandboxie included
{
         
    if(GetModuleHandle("api_log.dll") || GetModuleHandle("dir_watch.dll"))
    {
        detected = 1;
        return 1;
    }
    
    else if(IsProcessRunning("sniff_hit.exe") == 1 || IsProcessRunning("sysAnalyzer.exe") == 1)
    {
        detected = 1;
        return 1;
    }
    
    return 0;
}  

BOOL IsSunbelt()
{
     
    if(GetModuleHandle("pstorec.dll"))
    {
        detected = 1;
        return 1;
    }
    
    else if(IsFolderExist("C:\\analysis") == 1)
    {
        detected = 1;
        return 1;
    }
    
    return 0;
}

BOOL IsSandboxie()
{
     
    if(GetModuleHandle("SbieDll.dll"))
    {
        detected = 1;
        return 1;
    }
    
    return 0;
}

BOOL IsVPC() //steve10120
{
  HMODULE dll = LoadLibrary("C:\\vmcheck.dll");
  
  if(dll == NULL)
  {
      return 0;
  }

  BOOL (WINAPI *fnIsRunningInsideVirtualMachine)() = (BOOL (WINAPI *)()) GetProcAddress(dll, "IsRunningInsideVirtualMachine");

  BOOL retValue = FALSE;

  if(fnIsRunningInsideVirtualMachine != NULL)
  {                                                                  
      retValue = fnIsRunningInsideVirtualMachine();
      FreeLibrary(dll);
      detected = 1;
      return 1;
  }

  FreeLibrary(dll);
    
  return 0;
}
    This code comes from here: [C++] Anti-Anubis, WireShark, Norman etc. . I suggest using Firefox with no-script enabled if you visit that site. The code has functions that look for various network analysis tools, various anti virus tools, and also sandbox applications. This is virus writing 101.

    The truth is, most user's are not going to be aware when their AV has been attacked, or disabled, or tricked. And it is nothing new to look for a popular Anti Malware program and to hide, disable, or trick that program once it's detected. If you don't have valuable files that you want to save, and if you don't want to spend the time analyzing the behavior of processes and services on your PC, and pouring through network packet captures, it would make more sense just to re-image the PC, so that you know the virus is gone.

    And I don't say that to bash Malwarebytes, which is an excellent program, and one of my personal favorites. But if it's not a hassle to do a fresh install, then you really should, because at least you know you're 100% safe. Or at least 99.999999999999999% safe
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
Preventing The Pc From Sleeping
in General Discussion

Hi there what i need to know is how can i make my pc never to sleep or stop it from going in some kinda mode that makes the pc cancel any running programs ? Not talking about the plan settings (Control Panel\All Control Panel Items\Power Options\Edit Plan Settings) i already have it on never...
I had been experiencing blue screens for months before I posted on this site to hopefully receive some assistance. After taking the actions suggested by a member of the BSOD forums, I eliminated a lot of possible causes for the BSODs but one in specific has given me some trouble....
my windows infected ramnit virus and virut virus,how to clean them?
Preventing pop ups
in System Security

Every time I click links contained in highlighted text I go through instead to an annoying pop up survey. The highlighted text shows as 'text enhanced' http://bonus.playnwin.tv/template_16/step1.aspx Theree doesn't seem to be a way of preventing this. Do you have any advice on how I can stop it?
Virus preventing login?
in System Security

It seems like a virus is preventing me from logging on to my computer. The computer starts just fine but upon turning on, the screen is just blank. I cannot access safe mode either. Just before I discovered this problem I had done a partial scan of my computer with MalwareBytes and removed the...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 14:50.
Find Us