Bizarre

Not even sure where to post this one - hopefully somebody will know what I am talking about. A friend of mine called me to day - he was having problems with malware and I suggested downloading and running malwarebytes and superantispyware. he said he downloaded and ran malwarebytes which cleaned about 60 items. He rebooted then downloaded superantispyware. As he was installing it he said he saw a popup regarding a windows ID 'FAMILY' and password. He doesn't remember what he did but the pc rebooted and is now presenting the ID FAMILY and requiring a password - which he does not have. He tried blank which did not work.

I can't believe that this has anything to do with Malwarebytes or Superantispyware but any theories or solutions would be greatly appreciated. Not sure why this would have popped up at the time it did.

I yold him it sounded like 'FAMILY' was probably the name ge gave the PC when he first set it up, but he does not remember.

 

Have been talking with the guys at the local Tech shop about a new(er) virus by the name AVO x. x = a number according to the variant.
Locks people out by requesting a never assigned password.

Maybe the problem. Have found very little info on the net about it.

 

Yeah - Im striking out too - I told him to try booting into safe mode and HOPEFULLY the Administrator psswd is blank and that will allow him access to this 'FAMILY' account. He was prompted for the password during the install of superantispyware which makes no sense to me.

 

Try having him rename the SAS installer to something else.

A lot of malware is getting pretty smart and can\will block the install of many different removal programs.

It is possible that the previous removal of the 60 objects damaged the OS too.

 

He could try this as well.

Or these.

 

Only reason I don't think malwarebytes damaged anything is because he WAS able to reboot the machine at that point. Now he can't get in at all. I will report back tomorrow with the suggestions I have so far - but keep them coming if anyone else can think of anything !

 

He was able to boot into safe mode and he saw icons for both Administrator and Family. he used a blank password for administrator and got the "loading settings" message which was followed by the "saving settings" message which took him right back to the login screen.

same thing when he tried the cntl-alt-del twice.

So I am thinking the blank password is correct but something else is wacked. He swears he never set up a "Family" account. Also, he does not have an os disk - he is running XP media center edition..

 

I would do a system restore as far back as I could, and hopefully get behind the problem.

 

Can that be done without being able to get into windows?

 

Not to my knowledge.

 

Try this and see if it help..

http://www.kellys-korner-xp.com/xp_wel_screen.htm

Good Luck!

 

Nice find & good info.

Hopefully he has anothe PC to slave the drive in or I would think a live CD would work as well.

 

Sounds like a question for the SAS support staff. Let them help you with some suggestions. Afterall, the problem happened while installing their program.

Also, when you suggested MBAM and SAS to your friend, is it possible that he Googled it and then proceeded to download something else? Are there similarly named rogue programs available that he might have grabbed?

 

I thought of that too - he said he typed in the addresses himself - unless he had a host files infection - I don't know if that would have rerouted him or not. I think he as been running with an expired version of Norton for a couple years so anything is possible.

He was bringing his laptop into his IT dept today to let them have a look at it. His problem is actually not all that uncommon - I got a lot of hits when I googled it. I'm trying to find someone with a XP media center CD. I think the windows repair may work.

 

I don't physically have the machine but it is a laptop and I hat messing with those drives. We'll keep this on the back burner though - thanks.

 

ajcstr, sorry to ask the same question, but I'm curious to know if you brought this up with SAS support?
(Here's hoping friend's IT dept has success today!)

I hope he spelled it correctly. Googling various misspelled variations produced some results that had my realtime AV lighting up.

 

I was not there when it happened so I don't feel comfortable going to SAS - I can't imagine it is related. He said he got a popup to set up the user account and he thought it was part of SAS - just seems strange. You think it would be worth a post to their forum? I am actually surprised by all the responses on this forum.

 

Given what you initially stated, yes...

 

They just stated that the software he was trying to install was probably not theirs. I would tend to agree, but I was not there when he did it so I really can't take it any further with them.

 

Did he get the machine runnng again? He can look for the SAS installer that he downloaded to determine if it was theirs or not.

 

He is still waiting for the discs from Dell, his IT dept is helping him out - they backed up all his files. May never know the true answer but thanks to all for the help, suggestions.

 

I tell all my friends all the programs I recommend. If I got the program from MajorGeeks they should too. It's too easy for them to download a rogue program from the web.

 

I've downloaded malware/infected software from MajorGeeks in the past, so one should not just assume it's safe.

 

Good point. But they do test their files. Here is MajorGeeks on that subject...

 

My point is if I tell someone the name of a program if they don't write exactly what I said, including proper spelling & word spacing. It's IME 100x less likely they'll get rougueware/malware similarly named program by going to MajorGeeks than Googling what they thought or misremembered what I said.