Solved

Windows Malware:  Users logged out as soon as they login to the system.

Posted on 2006-10-20
9
146 Views
Last Modified: 2013-12-04
OK, this is a new problem to me.  Apparently another user had the same problem but was unable to resolve it and resorted to loading the operating system from scratch.  So I will restate the problem and pray for a possible resolve.

Starting off.  The importance of this is high.  My client has multiple programs loaded on her pc that she does not have the software nor registration keys for any longer.  So the burden of figuring out this problem has landed on me.

Here is the previous post http://www.experts-exchange.com/Security/Win_Security/Q_21994155.html

Same problem here.

The systems ran for over a year with nortons subscription expired.  We were called out to speed up this over burdened pc and found W32.Beagle@mm running wild on the system.  After an Avast boot time scan, (removing over 2,800 entries of the virus) the system no longer lets users login.  It brings up the desktop, then immediately logs them right back off.  Attempts to run a windows repair has no effect.  I have also used our UBCD4, version 3, cd and manually edited the registry of all suspicious/un necessary services and start up programs to no avail.  Any help in resolving this issue would be much appreciated.

Thanks in Advanced.
0
Comment
Question by:kmac9576
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 16

Assisted Solution

by:InteraX
InteraX earned 100 total points
ID: 17776219
Hi kmac9576,

Can the users log in in safe mode OK? Have you tried creating a new profile?

Good Luck,

Chris
0
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 200 total points
ID: 17776349
A common spyware problem used to alter the following value....

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
 
to something else, like WSAUpdater

It should read (including the comma)

C:\WINDOWS\system32\userinit.exe,
0
 

Author Comment

by:kmac9576
ID: 17776356
Yes, i have tried logging into safe mode, no go.  Same with Directory Restore mode as well.  I havn't tried creating a new user account yet.  I've used a program in the past that is for removing forgotten passwords on user accounds in windows that also lets you create new administrator users.  I will try that now and get back with you.

Thanks
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 27

Assisted Solution

by:David-Howard
David-Howard earned 200 total points
ID: 17776442
If all else fails KMac, perhaps you can slave the current drive to another system that has updated anti-malware and anti-virus suites installed. At least you could access the drive for thorough scans and possible data retrieval.
I would definitely make an attempt at getting her data somewhere safe before things go too far south on you.
Here's a list of some anti-malware suites that you can download if desired.

Spybot:
http://www.safer-networking.org/en/mirrors/index.html
AdAware:
http://www.lavasoftusa.com/products/ad-aware_se_personal.php
Ewido:
http://www.ewido.net/en/
AVG anti-virus and AVG anti-spyware
http://free.grisoft.com/doc/1
0
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 200 total points
ID: 17776509
So I take it Safe mode Command prompt only was a no go also?
0
 

Author Comment

by:kmac9576
ID: 17776583
Yes, I can access safe mode command prompt.  Though I'm not sure (probably out of ignorance) what this would achieve for me.  I currently have the hard drive slaved in one of my tech boxes doing JUST those scans, but also including Kaspersky as well.  I'm looking at about another 30 minutes for the scans to finish before I can get the drive back into the original machine and check both the register (re: John6767's comment) and to try adding another administrator user.

Thanks for the feedback.
0
 
LVL 27

Accepted Solution

by:
David-Howard earned 200 total points
ID: 17776851
Okay Kmac,
Looking forward to your next post.
I think John might have been asking about the Safe Mode command prompt for possible System Restore use.
http://support.microsoft.com/kb/304449
0
 

Author Comment

by:kmac9576
ID: 17776979
ah, well, system restore is definately a no-go.  It was one of the first things wiped with ezpcfix off of the UBCD disc just due to the fact that it would be a haven for the beagle virus.

thanks
0
 

Author Comment

by:kmac9576
ID: 17947789
ok, well time ended up playing out in favor, the customer finally broke down and bought new copies of her software, much thanks for the help. I'm closing this and spreading the points.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question