Solved

Different Windows login screen - normal or virus/keylogger?

Posted on 2014-11-21
7
339 Views
Last Modified: 2014-12-07
I have a PC at work that has recently been infected with some malware. I've cleaned up the malware (well scans at least come up clean), but the login screen below seems to persist. I haven't seen this before. Is this a normal Windows login screen (and if so, how do I change it back), or is this related to some virus/malware issue?

login
0
Comment
Question by:ruhkus
7 Comments
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40458189
Not normal.
I would recommend a complete rebuild of the machine.
0
 
LVL 8

Assisted Solution

by:Sean Scissors
Sean Scissors earned 500 total points
ID: 40458231
Before doing anything too drastic I would suggest trying to boot into safe mode. From there run the System File Checker to see if it can figure out what system file seemingly is infected. Let us know the results and we can go from there.

To run the System file checker go to "Run" and type cmd and then right click and "Run As Administrator". In the command prompt simply type "sfc /scannow" without the quotes.

My guess is that your system got infected with a keylogger so I wouldn't type my password in unless in safe mode. Also take note if in safe mode the login screen looks how it should or if it looks the same as the infected screen. My thoughts are it will look normal and some virus/keylogger won't run in safe mode.
0
 

Expert Comment

by:aznetworks_net
ID: 40458337
I agree with the other experts. Also, I suggest to remove the system from the network immediately (if not already done) before continuing with any further troubleshooting.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 91

Expert Comment

by:nobus
ID: 40459070
since this is a leftover, try running these - if you want to try to clean it up :
http://www.malwarebytes.org/mbam.php                         MBAM
http://majorgeeks.com/RogueKiller_d6983.html                  Roguekiller

but i agree a fresh install is the ONLY sure way to have a clean system
0
 
LVL 70

Expert Comment

by:Merete
ID: 40459082
I'd like to point out that your machine is at work>>I have a PC at work
Check with your systems administrators if any of them have performed any services on your machine. Possibly the account was created by them since you are at work
0
 

Accepted Solution

by:
ruhkus earned 0 total points
ID: 40476236
So it turns out that it's actually not malicious, but related to HP security software that came pre-installed on the machine. A link on another site showed instructions on how to remove the settings in the HP software, and it booted up normally once that change was made.
0
 

Author Closing Comment

by:ruhkus
ID: 40485319
While the solution was not related to malicious software, Sean Scissors provided good information that I had not previously tried (sfc)
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now