Solved

Different Windows login screen - normal or virus/keylogger?

Posted on 2014-11-21
7
367 Views
Last Modified: 2014-12-07
I have a PC at work that has recently been infected with some malware. I've cleaned up the malware (well scans at least come up clean), but the login screen below seems to persist. I haven't seen this before. Is this a normal Windows login screen (and if so, how do I change it back), or is this related to some virus/malware issue?

login
0
Comment
Question by:ruhkus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40458189
Not normal.
I would recommend a complete rebuild of the machine.
0
 
LVL 8

Assisted Solution

by:Sean Scissors
Sean Scissors earned 500 total points
ID: 40458231
Before doing anything too drastic I would suggest trying to boot into safe mode. From there run the System File Checker to see if it can figure out what system file seemingly is infected. Let us know the results and we can go from there.

To run the System file checker go to "Run" and type cmd and then right click and "Run As Administrator". In the command prompt simply type "sfc /scannow" without the quotes.

My guess is that your system got infected with a keylogger so I wouldn't type my password in unless in safe mode. Also take note if in safe mode the login screen looks how it should or if it looks the same as the infected screen. My thoughts are it will look normal and some virus/keylogger won't run in safe mode.
0
 

Expert Comment

by:aznetworks_net
ID: 40458337
I agree with the other experts. Also, I suggest to remove the system from the network immediately (if not already done) before continuing with any further troubleshooting.
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 
LVL 92

Expert Comment

by:nobus
ID: 40459070
since this is a leftover, try running these - if you want to try to clean it up :
http://www.malwarebytes.org/mbam.php                         MBAM
http://majorgeeks.com/RogueKiller_d6983.html                  Roguekiller

but i agree a fresh install is the ONLY sure way to have a clean system
0
 
LVL 70

Expert Comment

by:Merete
ID: 40459082
I'd like to point out that your machine is at work>>I have a PC at work
Check with your systems administrators if any of them have performed any services on your machine. Possibly the account was created by them since you are at work
0
 

Accepted Solution

by:
ruhkus earned 0 total points
ID: 40476236
So it turns out that it's actually not malicious, but related to HP security software that came pre-installed on the machine. A link on another site showed instructions on how to remove the settings in the HP software, and it booted up normally once that change was made.
0
 

Author Closing Comment

by:ruhkus
ID: 40485319
While the solution was not related to malicious software, Sean Scissors provided good information that I had not previously tried (sfc)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question