Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pretty certain my sister's Win7 x64 computer is infected...


  • Please log in to reply
3 replies to this topic

#1 PapagenoX

PapagenoX

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 PM

Posted 11 June 2015 - 01:44 AM

...due to the fact that the low-rent *bleep*show she works at is still using Windows XP. #smh

Main symptom: for the second time in as many weeks, she tells me she's locked out of her Windows user account on her machine at home (at home she's running Windows 7 Home x64--last week it was all updated, and she also runs the freeware Avast AV).  I went over last week, cleared the password with Trinity Rescue Kit, and installed MalwareBytes on her machine, updated it and the definitions, ran a full scan, nothing...but of course if her machine is already botted due to some infection she picked up by using a USB drive at work then bringing it home, that's not saying much, right?  She could be rooted.  I saw her reset her user password and write it down on a slip of paper, and put it in a safe place in her house.  So tonight she calls me and tells me it's not accepting THAT password.*

I'm thinking now that the best course of action is just nuking and paving, and reinstalling Windows 7 Home, right?

*Couple of questions, though.  First, does Windows 7 lock a person out permanently after a few tries with a wrong password?  Second, if she entered the numbers in her password with the number pad key, does that make a difference vs the top row numbers?  And depending on the BIOS setting, Numlock may not even start as ON.  She says she's always used the number pad to enter numbers even in her user account password on this machine, and she's not technical enough to even know what a BIOS is, so she wouldn't have changed that setting.

One final question that may have some bearing on things: a while back she decided she didn't want her full first name as her account name, so I presume she changed it in the control panel and that it's fairly straightforward.  I've never done so myself, but could that cause any problems?  I noticed in TRK that her username still shows up as the one I set up for her originally.


Edited by PapagenoX, 11 June 2015 - 10:19 AM.


BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:29 PM

Posted 18 June 2015 - 05:02 PM

Hi PapagenoX :)

Since no one answered you yet, allow me to jump in and answer your questions.

I'm thinking now that the best course of action is just nuking and paving, and reinstalling Windows 7 Home, right?


If her computer is acting up, and you are comfortable with doing a clean reinstallation of Windows 7, I don't see why you shouldn't do one. It's good to do it from time to time (after 2-3 years).

First, does Windows 7 lock a person out permanently after a few tries with a wrong password?


No it doesn't. On Windows 7, you'll be locked out for around 15 minutes (unless that setting was modified by the user). After that, you can try to enter your password again.

Second, if she entered the numbers in her password with the number pad key, does that make a difference vs the top row numbers?


It depends. If the Num Pad isn't enabled, she won't be entering anything, merely using the keys as "moving" arrows and she won't be written down her password correctly.

And depending on the BIOS setting, Numlock may not even start as ON. She says she's always used the number pad to enter numbers even in her user account password on this machine, and she's not technical enough to even know what a BIOS is, so she wouldn't have changed that setting.


From what I know, this setting can be changed in the Registry, on Windows.

One final question that may have some bearing on things: a while back she decided she didn't want her full first name as her account name, so I presume she changed it in the control panel and that it's fairly straightforward. I've never done so myself, but could that cause any problems? I noticed in TRK that her username still shows up as the one I set up for her originally.


This won't affect anything. Her "username" is the name that will be used for her Windows login and authentification, and also the name used by some programs if they grab it. The "userprofile" name (the folder in C:\Users) takes the name of the username when it's created for the first time. If you change the username, the userprofile folder name isn't changed and you have to change it manually. However, it doesn't affect anything.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 PapagenoX

PapagenoX
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 PM

Posted 23 December 2015 - 02:01 AM

And over 6 months later...

 

As it turns out I discovered than in her case the power supply was on the way out--the fan wasn't even running (and it wasn't the semi-fanless operation kind, either--yikes!).  So I cannibalized a known still good power supply from when I refreshed my machine in January, installed a new case fan I had lying around as well, checked out the hard drive thoroughly with SpinRite 6 and finally backed up her documents, pics etc. and reformatted the drive, then installed the OS once more.  I'm thinking somehow the bad PSU had messed up part of Windows and it couldn't remember the password right.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:29 PM

Posted 23 December 2015 - 07:50 AM

Never too late to give an update on an issue :P Well, glad to see that you got everything fixed, and thanks for keeping us updated :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users