Questions

Windows login disabled

Tags:
+
0 Votes
Locked

Windows login disabled

d.s.williams
Hello,
My home PC has been put out of action by a virus/worm of some kind, which I have so far not been able to identify. Any advice would be much appreciated!
On Saturday night (after my wife and kids were online all afternoon) the PC would automatically shut down into standby after about a minute, just after reaching the windows login screen. It also appears that Windows password entry is corrupted. Entering one keystroke adds a varying number of dots in the password box - anywhere from zero to 6, but it is then impossible to delete any with backspace. Several attempts to start in safe mode have all failed. I suspect the problem was caused by a mail/script that "automatically clicked" a link to a malicious website.

The OS is WinXP home edition SP2 running AVG anti-virus (last automatic update downloaded on Saturday around midday). Apparently there was no warning that the PC was going to shut down, as would be typical of sasser etc. I have unplugged the network cable and there doesn't seem to be any mysterious hard-disk access.
  • +
    0 Votes
    ctrservices

    have access to another PC which is fully updated with AV and anti-spyware apps you could install it as the slave drive and scan the drive.

    BUT, in this case I would advise you to install it into the above PC, copy important data to its drive, then reinstall the bad drive in the old PC and repartition/reformat/reinstall the OS from the original PC setup CD(s). This often saves time in the long run and you can then be certain that the offending malware has truly been eradicated from the hard drive.

    +
    0 Votes
    d.s.williams

    Thanks. That would be possible to an extent, except that my alternative is the computer at work, which I have access to (and am allowed to use for private purposes such as mail within reason) but I doubt my boss would want me doing that with it.
    Also, the affected PC came with WinXP preinstalled, so I don't have proper setup CDs.
    Would connecting it to a another "healthy" PC as an external drive via USB be as effective as installing it in the PC itself? It should work fine too, shouldn't it?
    Many thanks!
    David
    PS. What AV apps etc. would you recommend, if any in particular?

    +
    0 Votes

    Yes

    ctrservices

    connecting to another PC is fine as long as you don't access any of its programs. Scanning the drive from another PC should be just fine.

    +
    0 Votes
    d.s.williams

    That's great, thank you. Would it also be safe to pull files off it (i.e. my digital camer images) or better not to?

    I'm still puzzled by the nature of the virus though. Last night it was behaving differently, no longer shutting down into standy, but still not letting me enter a password. I booted from Linux "rescue" DVD that came on a magazine and it succesfully downloaded an F-Secure update once I'd reconnected the network cable, but then the keyvoard didn't seem to be responding properly there either, and I couldn't even get into Linux. It was as if the keyboard was "dead". Not in the same way as when attempting t enter a Windows password (as far as I could tell) but not behaving as it should. Even the Num Lock LED went off,as if the keyboard had lost power. Is there a virus/worm that can disable a USB keyboard, or may it simply be a broken/faulty keyboard?

    +
    0 Votes

    Yes

    ctrservices

    it is safe to save your camera image files.

    Concerning the keyboard, yes malware can mimic a keyboard failure. If you have access to a known good keyboard, give it a try.

    +
    0 Votes
    d.s.williams

    Well, this is embarrasing!

    It seems that this really was just a faulty keyboard, although I'm totally baffled as to why the number of letters "entered" in the password dialog was so consistent and even evenly distrubuted around the keyboard (rising from 0 to 6 as you got closer to the middle of the keyboard). In any case, our hunch seems to have been right and now that a new keyboard is fitted everything is working fine!

    No wonder I was drawing a blank on finding a description of any virus, worm or trojan that had the effects I was experiencing! I shall call this "virus" StickyKeys2007!

  • +
    0 Votes
    ctrservices

    have access to another PC which is fully updated with AV and anti-spyware apps you could install it as the slave drive and scan the drive.

    BUT, in this case I would advise you to install it into the above PC, copy important data to its drive, then reinstall the bad drive in the old PC and repartition/reformat/reinstall the OS from the original PC setup CD(s). This often saves time in the long run and you can then be certain that the offending malware has truly been eradicated from the hard drive.

    +
    0 Votes
    d.s.williams

    Thanks. That would be possible to an extent, except that my alternative is the computer at work, which I have access to (and am allowed to use for private purposes such as mail within reason) but I doubt my boss would want me doing that with it.
    Also, the affected PC came with WinXP preinstalled, so I don't have proper setup CDs.
    Would connecting it to a another "healthy" PC as an external drive via USB be as effective as installing it in the PC itself? It should work fine too, shouldn't it?
    Many thanks!
    David
    PS. What AV apps etc. would you recommend, if any in particular?

    +
    0 Votes

    Yes

    ctrservices

    connecting to another PC is fine as long as you don't access any of its programs. Scanning the drive from another PC should be just fine.

    +
    0 Votes
    d.s.williams

    That's great, thank you. Would it also be safe to pull files off it (i.e. my digital camer images) or better not to?

    I'm still puzzled by the nature of the virus though. Last night it was behaving differently, no longer shutting down into standy, but still not letting me enter a password. I booted from Linux "rescue" DVD that came on a magazine and it succesfully downloaded an F-Secure update once I'd reconnected the network cable, but then the keyvoard didn't seem to be responding properly there either, and I couldn't even get into Linux. It was as if the keyboard was "dead". Not in the same way as when attempting t enter a Windows password (as far as I could tell) but not behaving as it should. Even the Num Lock LED went off,as if the keyboard had lost power. Is there a virus/worm that can disable a USB keyboard, or may it simply be a broken/faulty keyboard?

    +
    0 Votes

    Yes

    ctrservices

    it is safe to save your camera image files.

    Concerning the keyboard, yes malware can mimic a keyboard failure. If you have access to a known good keyboard, give it a try.

    +
    0 Votes
    d.s.williams

    Well, this is embarrasing!

    It seems that this really was just a faulty keyboard, although I'm totally baffled as to why the number of letters "entered" in the password dialog was so consistent and even evenly distrubuted around the keyboard (rising from 0 to 6 as you got closer to the middle of the keyboard). In any case, our hunch seems to have been right and now that a new keyboard is fitted everything is working fine!

    No wonder I was drawing a blank on finding a description of any virus, worm or trojan that had the effects I was experiencing! I shall call this "virus" StickyKeys2007!