Bizarre

Discussion in 'malware problems & news' started by ajcstr, Mar 4, 2009.

Thread Status:
Not open for further replies.
  1. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    Not even sure where to post this one - hopefully somebody will know what I am talking about. A friend of mine called me to day - he was having problems with malware and I suggested downloading and running malwarebytes and superantispyware. he said he downloaded and ran malwarebytes which cleaned about 60 items. He rebooted then downloaded superantispyware. As he was installing it he said he saw a popup regarding a windows ID 'FAMILY' and password. He doesn't remember what he did but the pc rebooted and is now presenting the ID FAMILY and requiring a password - which he does not have. He tried blank which did not work.

    I can't believe that this has anything to do with Malwarebytes or Superantispyware but any theories or solutions would be greatly appreciated. Not sure why this would have popped up at the time it did.

    I yold him it sounded like 'FAMILY' was probably the name ge gave the PC when he first set it up, but he does not remember.
     
  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Have been talking with the guys at the local Tech shop about a new(er) virus by the name AVO x. x = a number according to the variant.
    Locks people out by requesting a never assigned password.

    Maybe the problem. Have found very little info on the net about it.
     
  3. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    Yeah - Im striking out too - I told him to try booting into safe mode and HOPEFULLY the Administrator psswd is blank and that will allow him access to this 'FAMILY' account. He was prompted for the password during the install of superantispyware which makes no sense to me.
     
  4. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Try having him rename the SAS installer to something else.

    A lot of malware is getting pretty smart and can\will block the install of many different removal programs.

    It is possible that the previous removal of the 60 objects damaged the OS too.
     
  5. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
  6. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    Only reason I don't think malwarebytes damaged anything is because he WAS able to reboot the machine at that point. Now he can't get in at all. I will report back tomorrow with the suggestions I have so far - but keep them coming if anyone else can think of anything !
     
  7. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    He was able to boot into safe mode and he saw icons for both Administrator and Family. he used a blank password for administrator and got the "loading settings" message which was followed by the "saving settings" message which took him right back to the login screen.

    same thing when he tried the cntl-alt-del twice.

    So I am thinking the blank password is correct but something else is wacked. He swears he never set up a "Family" account. Also, he does not have an os disk - he is running XP media center edition..
     
  8. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I would do a system restore as far back as I could, and hopefully get behind the problem. :ninja:
     
  9. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    Can that be done without being able to get into windows?
     
  10. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    Not to my knowledge. o_O
     
  11. kalisun

    kalisun Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    14
  12. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    Nice find & good info.

    Hopefully he has anothe PC to slave the drive in or I would think a live CD would work as well.
     
  13. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Sounds like a question for the SAS support staff. Let them help you with some suggestions. Afterall, the problem happened while installing their program.

    Also, when you suggested MBAM and SAS to your friend, is it possible that he Googled it and then proceeded to download something else? Are there similarly named rogue programs available that he might have grabbed?
     

    Attached Files:

  14. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    I thought of that too - he said he typed in the addresses himself - unless he had a host files infection - I don't know if that would have rerouted him or not. I think he as been running with an expired version of Norton for a couple years so anything is possible.

    He was bringing his laptop into his IT dept today to let them have a look at it. His problem is actually not all that uncommon - I got a lot of hits when I googled it. I'm trying to find someone with a XP media center CD. I think the windows repair may work.
     
  15. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    I don't physically have the machine but it is a laptop and I hat messing with those drives. We'll keep this on the back burner though - thanks.
     
  16. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    ajcstr, sorry to ask the same question, but I'm curious to know if you brought this up with SAS support?
    (Here's hoping friend's IT dept has success today!) :)

    I hope he spelled it correctly. Googling various misspelled variations produced some results that had my realtime AV lighting up.
     
    Last edited: Mar 5, 2009
  17. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    I was not there when it happened so I don't feel comfortable going to SAS - I can't imagine it is related. He said he got a popup to set up the user account and he thought it was part of SAS - just seems strange. You think it would be worth a post to their forum? I am actually surprised by all the responses on this forum.
     
  18. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Given what you initially stated, yes...

     
  19. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    They just stated that the software he was trying to install was probably not theirs. I would tend to agree, but I was not there when he did it so I really can't take it any further with them.
     
  20. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Did he get the machine runnng again? He can look for the SAS installer that he downloaded to determine if it was theirs or not.
     
  21. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    182
    He is still waiting for the discs from Dell, his IT dept is helping him out - they backed up all his files. May never know the true answer but thanks to all for the help, suggestions.
     
  22. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,526
    Location:
    USA - Back in a real State in time for a real Pres
    I tell all my friends all the programs I recommend. If I got the program from MajorGeeks they should too. It's too easy for them to download a rogue program from the web.
     
  23. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I've downloaded malware/infected software from MajorGeeks in the past, so one should not just assume it's safe.
     
  24. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Good point. But they do test their files. Here is MajorGeeks on that subject...

     
  25. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,526
    Location:
    USA - Back in a real State in time for a real Pres
    My point is if I tell someone the name of a program if they don't write exactly what I said, including proper spelling & word spacing. It's IME 100x less likely they'll get rougueware/malware similarly named program by going to MajorGeeks than Googling what they thought or misremembered what I said. :D
     
Thread Status:
Not open for further replies.