Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 409
  • Last Modified:

Different Windows login screen - normal or virus/keylogger?

I have a PC at work that has recently been infected with some malware. I've cleaned up the malware (well scans at least come up clean), but the login screen below seems to persist. I haven't seen this before. Is this a normal Windows login screen (and if so, how do I change it back), or is this related to some virus/malware issue?

login
0
ruhkus
Asked:
ruhkus
2 Solutions
 
Carol ChisholmCommented:
Not normal.
I would recommend a complete rebuild of the machine.
0
 
Sean ScissorsProgram Analyst IICommented:
Before doing anything too drastic I would suggest trying to boot into safe mode. From there run the System File Checker to see if it can figure out what system file seemingly is infected. Let us know the results and we can go from there.

To run the System file checker go to "Run" and type cmd and then right click and "Run As Administrator". In the command prompt simply type "sfc /scannow" without the quotes.

My guess is that your system got infected with a keylogger so I wouldn't type my password in unless in safe mode. Also take note if in safe mode the login screen looks how it should or if it looks the same as the infected screen. My thoughts are it will look normal and some virus/keylogger won't run in safe mode.
0
 
aznetworks_netCommented:
I agree with the other experts. Also, I suggest to remove the system from the network immediately (if not already done) before continuing with any further troubleshooting.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
nobusCommented:
since this is a leftover, try running these - if you want to try to clean it up :
http://www.malwarebytes.org/mbam.php                         MBAM
http://majorgeeks.com/RogueKiller_d6983.html                  Roguekiller

but i agree a fresh install is the ONLY sure way to have a clean system
0
 
MereteCommented:
I'd like to point out that your machine is at work>>I have a PC at work
Check with your systems administrators if any of them have performed any services on your machine. Possibly the account was created by them since you are at work
0
 
ruhkusAuthor Commented:
So it turns out that it's actually not malicious, but related to HP security software that came pre-installed on the machine. A link on another site showed instructions on how to remove the settings in the HP software, and it booted up normally once that change was made.
0
 
ruhkusAuthor Commented:
While the solution was not related to malicious software, Sean Scissors provided good information that I had not previously tried (sfc)
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now