Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Command Window Box With Unintelligible Characters


  • Please log in to reply
1 reply to this topic

#1 drdrd

drdrd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 06 August 2007 - 01:57 PM

This one is hard to describe, but I'll bet someone else has seen it. When I turned on my PC yesterday, Windows seems to start ok. The XP logo came up, but then a command window (square box with a blue top border) popped up with an unintelligible character in the title border, and another unintelligible character inside the box. The Close Window X in the upper right hand cornber would not close it and I could not use CRTL-ALT-DEL to stop it. The only option available is to select an OK button in the box which then seems to allow Windows to load properly.

I noticed immediately that it changed all my desktop icons to .LNK files and they all looked different. I immediately ran a Norton Virus scan but it found nothing. After researching on the web for LNK file problems/viruses I looked in my file associations listing and saw that the EXE file association had been deleted, and that the LNK entry did not have Shortcut associated. I made these changes and the icons now look normal, but when I try to access them to run almost any application I get an Access Denied error.

I called Norton's help line (at $100 cost) and they told me to log out and log back in as Administrator. The system would not allow me to do that and, after an hour of other failures, Norton told me to call the PC mfr (emachines/Gateway) to find out how to obtain the Administrator password. With the PC mfr's help I downloaded a file from www.loginrecovery.com and was able to capture the login passwords, but they look to be in hex.

I used LoginRecovery's web site to convert the first password and it seemed to work. However, when I tried to input and convert the second password, the web site asked me for a password (their site requires an email address, but a password is optional). I had not initially entered one and could no longer convert any more codes.

Therefore, since I did not enter a password on the web site and am locked out of my Admininstrator actions I think this virus is a password hijacker where the virus captures passwords (existing or newly entered) and substitutes it own hidden password.

Here are the password strings from the LoginRecovery program:

Support_388945a0:1002:D2:_09,0F,DB,9F,E8,79,E9,A0,E2,76,A8,04,65,5F,87,90,XX:::
Owner:1003:57:_88,2D,26,37,28,C1,40,88,0E,93,B0,2E,37,17,E0,17,XX:::
HelpAssistant:1004:5D,D8,87,BB,8A,7A,90,87,97,03,CB,49,C1,49,E2,C6,B1:_7E,06,89,E0,44,9A,3A,85,8D,2F,C3,2B,61,85,94,C0,XX:::

Can anyone help me convert these (you can do it on LoginRecovery's web site for free)? Is anyone familiar with this problem?

Thanks!

BC AdBot (Login to Remove)

 


#2 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:02:51 PM

Posted 06 August 2007 - 04:29 PM

Hi drdrd,

Try the fix in Computing.Net.

You will find the file association fixes on Doug Knox.com.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users