Solved

Different Windows login screen - normal or virus/keylogger?

Posted on 2014-11-21
7
354 Views
Last Modified: 2014-12-07
I have a PC at work that has recently been infected with some malware. I've cleaned up the malware (well scans at least come up clean), but the login screen below seems to persist. I haven't seen this before. Is this a normal Windows login screen (and if so, how do I change it back), or is this related to some virus/malware issue?

login
0
Comment
Question by:ruhkus
7 Comments
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40458189
Not normal.
I would recommend a complete rebuild of the machine.
0
 
LVL 8

Assisted Solution

by:Sean Scissors
Sean Scissors earned 500 total points
ID: 40458231
Before doing anything too drastic I would suggest trying to boot into safe mode. From there run the System File Checker to see if it can figure out what system file seemingly is infected. Let us know the results and we can go from there.

To run the System file checker go to "Run" and type cmd and then right click and "Run As Administrator". In the command prompt simply type "sfc /scannow" without the quotes.

My guess is that your system got infected with a keylogger so I wouldn't type my password in unless in safe mode. Also take note if in safe mode the login screen looks how it should or if it looks the same as the infected screen. My thoughts are it will look normal and some virus/keylogger won't run in safe mode.
0
 

Expert Comment

by:aznetworks_net
ID: 40458337
I agree with the other experts. Also, I suggest to remove the system from the network immediately (if not already done) before continuing with any further troubleshooting.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 92

Expert Comment

by:nobus
ID: 40459070
since this is a leftover, try running these - if you want to try to clean it up :
http://www.malwarebytes.org/mbam.php                         MBAM
http://majorgeeks.com/RogueKiller_d6983.html                  Roguekiller

but i agree a fresh install is the ONLY sure way to have a clean system
0
 
LVL 70

Expert Comment

by:Merete
ID: 40459082
I'd like to point out that your machine is at work>>I have a PC at work
Check with your systems administrators if any of them have performed any services on your machine. Possibly the account was created by them since you are at work
0
 

Accepted Solution

by:
ruhkus earned 0 total points
ID: 40476236
So it turns out that it's actually not malicious, but related to HP security software that came pre-installed on the machine. A link on another site showed instructions on how to remove the settings in the HP software, and it booted up normally once that change was made.
0
 

Author Closing Comment

by:ruhkus
ID: 40485319
While the solution was not related to malicious software, Sean Scissors provided good information that I had not previously tried (sfc)
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question