Questions

Dealing with "logging off" problem on Dell PC

+
0 Votes
Locked

Dealing with "logging off" problem on Dell PC

Eddie, GH
I have encountered a problem on a Dell PC that developed a day after the flu burung virus showed up on the PC.

The problem is this:
1. The PC boots up alright to the logon screen. But on clicking the logon screen name, the 'logging on' menu shows in a flicker, followed immediately by 'logging off'. The screen then returns to the logon stage. The PC is now in this repeating cycle stage, and has not gone beyond this since it showed up.

2. I tried to troubleshoot by booting to various forms of safe mode. I always end up at the logon cycle and no further.

Other than reinstalling the OS, does anyone know of any other solution?
  • +
    0 Votes
    tech

    Have you removed the virus?

    +
    0 Votes
    Eddie, GH

    My colleague did not alert me immediately the virus showed up (auto-open text files announcing its presence), but he wrote down the name.

    The next day, the cyclical problem occurred.

    +
    0 Votes
    retro77

    My standard procedure after a virus/worm/trojan has infected and altered an OS is to wipe it clean.

    You could easily have back doors open that have installed something in the startup to immediately logoff. Can you terminal into it from another computer?

    With it at the login screen, from another computer, I would check the startup folder in c:\Documents and Settings\username\Start Menu\Programs. I would also check the registry to see if something is in there:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Also check under HKEY_USERS. Check under all of the S-1-whatevers for the same path as above.

    But, I would really reload the OS. This not only starts you over with a stable machine, but also one that will run faster.

    +
    0 Votes
    TheVirtualOne

    pant! pant!
    you're my hero!
    Will you do my network too?

    seriously.. good answer.
    people who don't format a machine after a simple virus just don't realize the consequences that poor security will cause.

    +
    0 Votes

    Lol

    retro77

    Sorry my CISSP was typing for me...what was all that??? Lol.

    +
    0 Votes
    TheVirtualOne

    I appreciate like mindedness. however we could never work together because one of us would have to die because the other would be useless.

    +
    0 Votes
    Eddie, GH

    Hello!!

    Both of you are now losing me! Let's get on track - please?

    Seriously, I am considering the network approach - though the machine is a stand-alone where it's used. The infection came by flash drive.

    Since it is not configured as part of a peer or domain group, is there a way of linking it up through the windows default settings?

    +
    0 Votes
    retro77

    Buy a thumb drive that has a physical write protect switch...that way your thumb drive wont get infected if your using it to install more AV or other removal tools.

    Viruses/Worms/Malware have a way of installing themselves so that even in the event you think you cleaned it...it has a way to install again. To be safe, reload Windows. you might have to create a plan to get the virus defs updated once a week on it...manually...

    +
    0 Votes
    retro77

    I just came back to this one and that made me laugh. Plus I hate any state that doesnt start with Ca and end in lifornia...lol...just kidding btw.

    +
    0 Votes
    IC-IT

    Use a BootCD or slave the drive to another machine. Run a few Anti-Virus programs. Use Spybot (Not SpywareBot=Malware) and load it from the cmd line with the /allhives switch. This loads all the hives from all users and windows installations.

    Also read this link for a common cleaning of the virus.

    http://www.precisesecurity.com/computer-virus/dzd-jun03.htm

    +
    0 Votes
    ikhlaq

    Tried to repair the o/s no luck, so saved all mydocs and then had to use dell cd to install the os again!...fingers crossed!..

    +
    0 Votes
    TheVirtualOne

    why do you need to NOT reinstall the os?

  • +
    0 Votes
    tech

    Have you removed the virus?

    +
    0 Votes
    Eddie, GH

    My colleague did not alert me immediately the virus showed up (auto-open text files announcing its presence), but he wrote down the name.

    The next day, the cyclical problem occurred.

    +
    0 Votes
    retro77

    My standard procedure after a virus/worm/trojan has infected and altered an OS is to wipe it clean.

    You could easily have back doors open that have installed something in the startup to immediately logoff. Can you terminal into it from another computer?

    With it at the login screen, from another computer, I would check the startup folder in c:\Documents and Settings\username\Start Menu\Programs. I would also check the registry to see if something is in there:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Also check under HKEY_USERS. Check under all of the S-1-whatevers for the same path as above.

    But, I would really reload the OS. This not only starts you over with a stable machine, but also one that will run faster.

    +
    0 Votes
    TheVirtualOne

    pant! pant!
    you're my hero!
    Will you do my network too?

    seriously.. good answer.
    people who don't format a machine after a simple virus just don't realize the consequences that poor security will cause.

    +
    0 Votes

    Lol

    retro77

    Sorry my CISSP was typing for me...what was all that??? Lol.

    +
    0 Votes
    TheVirtualOne

    I appreciate like mindedness. however we could never work together because one of us would have to die because the other would be useless.

    +
    0 Votes
    Eddie, GH

    Hello!!

    Both of you are now losing me! Let's get on track - please?

    Seriously, I am considering the network approach - though the machine is a stand-alone where it's used. The infection came by flash drive.

    Since it is not configured as part of a peer or domain group, is there a way of linking it up through the windows default settings?

    +
    0 Votes
    retro77

    Buy a thumb drive that has a physical write protect switch...that way your thumb drive wont get infected if your using it to install more AV or other removal tools.

    Viruses/Worms/Malware have a way of installing themselves so that even in the event you think you cleaned it...it has a way to install again. To be safe, reload Windows. you might have to create a plan to get the virus defs updated once a week on it...manually...

    +
    0 Votes
    retro77

    I just came back to this one and that made me laugh. Plus I hate any state that doesnt start with Ca and end in lifornia...lol...just kidding btw.

    +
    0 Votes
    IC-IT

    Use a BootCD or slave the drive to another machine. Run a few Anti-Virus programs. Use Spybot (Not SpywareBot=Malware) and load it from the cmd line with the /allhives switch. This loads all the hives from all users and windows installations.

    Also read this link for a common cleaning of the virus.

    http://www.precisesecurity.com/computer-virus/dzd-jun03.htm

    +
    0 Votes
    ikhlaq

    Tried to repair the o/s no luck, so saved all mydocs and then had to use dell cd to install the os again!...fingers crossed!..

    +
    0 Votes
    TheVirtualOne

    why do you need to NOT reinstall the os?