Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware requires password for startup


  • This topic is locked This topic is locked
22 replies to this topic

#16 jbs08

jbs08
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 04 August 2012 - 01:05 PM

Here is the next screen after I type in the password

Attached Files



BC AdBot (Login to Remove)

 


#17 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,411 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:33 PM

Posted 04 August 2012 - 01:23 PM

Thank you for the pics, that helps a lot! :)

Please click Start > Run, type syskey and press enter.
Click the Update button.
Tick "system generated password" and then "store startup key locally".
Click OK to confirm, you should get a confirmation message.

Restart your computer and let me know if the password box is gone now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#18 jbs08

jbs08
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 04 August 2012 - 01:44 PM

Success - the password box is gone. Am I now clean of this malware?

#19 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,411 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:33 PM

Posted 04 August 2012 - 01:53 PM

This password was part of the Windows OS, more precisely the SAM lock tool. This is set by default to let windows authenticate automatically, however the scammers managed on your computer to set it to a manual password (just the way you changed it back now). They did not install any malware on your computer to create this password screen, but rather used an inbuild tool.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7u4.
  • Look for "JDK 7u4 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#20 jbs08

jbs08
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 05 August 2012 - 01:05 AM

Here is the eset file. Couple things removed, but otherwise looks good.

What do you think?

Attached Files



#21 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,411 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:33 PM

Posted 05 August 2012 - 02:26 AM

indeed, nothing of that was actively malicious. :)

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:

    • Press windows key Posted Image + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.

      Posted Image
    • This will remove Combofix and other tools we used from your computer.
  • You can delete any other tool or log by simply deleting them.
Please read the following advice on how to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:
Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#22 jbs08

jbs08
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 05 August 2012 - 01:26 PM

Everything appears to be operating normally. Thanks so much for you help!!!!!!

#23 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,411 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:33 PM

Posted 05 August 2012 - 02:04 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users