Domain Pc auto logs in?! - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 10-12-2006, 11:23 PM   #1 (permalink)
Super Techie
 
Join Date: Oct 2005
Posts: 359
Default Super Stealth Virus....?

Ok this is really making me paranoid.. my computer (domain account) automatically logs in , does CTRL+ALT+DEL , enters username, password clicks Ok etc.. and theres a slight delay... unless there is some setting i accidentailly triggered :|

I've gone over all of my startup services.... nothing there

just for the **** of it, I put in a Welcome message before password auth.. it breaks there but if i press ok it continues to enter password and login.. Symantec comes up with nothing, spybot comes up with nothing, Zonealarm shows no signs of anything.. AD_aware shows nothing.. My services and startup seem normal...

my computer also gets lag bursts now =| which is making me extremly annoid.. I'm going to Nuke the partion but still WTF?
__________________

__________________
Sig removed due to size. Please read the rules before adding your compliant sig. SigSanta
kiyotaka is offline  
Old 10-12-2006, 11:32 PM   #2 (permalink)
Master Techie
 
Join Date: Feb 2004
Posts: 2,172
Send a message via AIM to Win2kpatcher
Default

Are you sure its on a domain and not a workgroup? This is Windows XP Pro I am assuming?
__________________

Win2kpatcher is offline  
Old 10-12-2006, 11:56 PM   #3 (permalink)
Super Techie
 
Join Date: Oct 2005
Posts: 359
Default

aye, it's on a domain.. I own a DC and have a domain in my bedroom.. (obscessed IT student)

appearantly whatever it is It played with my Registry settings, autologon, Force Noshift override (and somehow it disabled system file protection)


... And I undid settings, they got re-applied.. I'm reinstalling

Extremly Nasty Stealth virus.... I'm paranoid about what I install/open too.

Now the fun 8 hours of changing ALL my passwords.

I suspect my DC is not compromised as This is the only PC affected.
__________________
Sig removed due to size. Please read the rules before adding your compliant sig. SigSanta
kiyotaka is offline  
Old 10-13-2006, 12:31 AM   #4 (permalink)
Law
Wizard Techie
 
Law's Avatar
 
Join Date: Aug 2005
Location: the data closet
Posts: 4,200
Default

You didn't by any chances do this http://www.techist.com/showthread.php?threadid=117152

Did you? What happens if you pull the client off the domain?
Law is offline  
Old 10-13-2006, 12:43 AM   #5 (permalink)
Super Techie
 
Join Date: Oct 2005
Posts: 359
Default

nope.. but tagged out of interest.. This may work well with a VMWARE server
if i delete the domain accnt or change the PW it just tries to enter it errors and then flakes out.


allready restored off a Ghost image just wondering WTH kind of virus can cause this? it disabled system file protection, disabled shift override on login, and had my PW/login as auto.. it even did the CTRL+ALT+DEL bit.

any time I tried to change the registry entries they popped back.. but Every program running in task man appeared to be legit origin????
__________________
Sig removed due to size. Please read the rules before adding your compliant sig. SigSanta
kiyotaka is offline  
Old 10-13-2006, 02:15 AM   #6 (permalink)
Super Techie
 
Join Date: Oct 2005
Posts: 359
Default

Possible rootkit?
__________________
Sig removed due to size. Please read the rules before adding your compliant sig. SigSanta
kiyotaka is offline  
Old 10-13-2006, 04:52 AM   #7 (permalink)
Master Techie
 
baronvongogo's Avatar
 
Join Date: May 2005
Location: United Kingdom, Warrington
Posts: 2,756
Default

do you actually see it type in a password and then click ok?

could be on auto login go to start>run and type control userpasswords2

it might have an auto login button checked.
__________________
baronvongogo is offline  
Old 10-13-2006, 03:02 PM   #8 (permalink)
Super Techie
 
Join Date: Oct 2005
Posts: 359
Default

I actually saw it type a password then after a 1 sec delay it hit enter =/ if i held any key down it broke it but as soona s i let go to type it hit enter.
There were no entries under control userpasswords2 however there was some entries under winlogon but.. they kept popping back up when removed..
__________________

__________________
Sig removed due to size. Please read the rules before adding your compliant sig. SigSanta
kiyotaka is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 10:17 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.