Wierd login issue

I have a friends computer that began behaving in a way I have never seen. It's further complicated because the friend never created their recovery disk set... I may have to order them if possible from Dell but I'd prefer to find a way to fix the problem.

In short, any log on attempt appears to be loading Windows XP Media Edition and then immediately displays a dialog box titled "FIXED" with the only text in the dialog box being "Fixed" and upon pressing the "OK" button you are returned to the User account screen...

Likely a viral infection of some kind... but has anyone seen this or have more info on whats causing it?

Thanks in advance!

 

Try Safe mode: what you do is that you reboot. And right away you start tapping on the F8 key - from the second you hear the PC waking up again. You want to see white text on a black background. Then use the arrows on your keyboard to get to safe mode with network.

Microsoft articles about "Safe Mode": http://windowshelp.microsoft.com/Windows/en-US/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
http://support.microsoft.com/kb/315222/en-us

Run some full scannings in safe mode. Install, update and run these:

MBAM: http://majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
SAS: http://majorgeeks.com/SUPERAntiSpyware_d5116.html[/QUOTE]

Finally run chkdsk. Article: http://support.microsoft.com/kb/315265/en-us

 

My first attempt was in safe mode... even safe mode (command prompt) behaves the same way. Without safe mode it tries to boot into one users account and then does the same thing and upon clicking ok it just goes to the User accounts screen.

I think it's a rebuild situation in truth... I'd just like to know what little bugger is doing it...

 

Did the machine have Media Edition installed, or did someone try to repair it with a Media disk?

 

If you haven't posted in the Malware section of the forum, please do so. They can come up with a better solution, as they are professionals, and damn good at what they do.

 

Well, then we have some of those BIOS things. We'll have to wait for others to enter the thread because I don't have that stuff under my belt...

Edit: some fine folks just did! :cool Here's the guide to malware removal even though you can't follow it: http://forums.majorgeeks.com/showthread.php?t=35407

 

It Came shipped with Media Edition... Dell Dimension E310 Windows XP Media Edition.

I got into it with a knoppix cd and don't see anything real nasty (and I am used to cleaning up people's messes...) I fear something has infected the login dll's

 

Oh... and I can restore from the hidden partition... but I hate to lose all their data... ouch...

 

Upload all their data, docs, pics etc. to some online store place. Just open an account somewhere. Here's Windows Live SkyDrive: http://skydrive.live.com/

 

After reading Cordialis' posted link thoroughly,

Link 1 Malware bytes:

http://www.majorgeeks.com/download.php?det=5756

Link 2 Super anti spyware:

http://majorgeeks.com/downloads31.html


And what BIOS things?

 

I don't get it. What's that with your second link (SAS)? Your MBAM link is identical to mine above. I'm not capable of advising about changing BIOS settings in regard to booting. That's why I didn't. I just mentioned it. :major

 

Erring on the side o' caution. I figured whynot cover all bases?

 

Have you tried running combofix yet? When I cannot access explorer to use combofix, I see if I can still bring up task manager. If I can, I burn combofix to a CD and copy it to my hard drive. From there I rename the file to something other than combofix, becuase some malware prevents combofix from running. I like to rename it to cf.exe. If you are able to run it that way you might be able to get some results.

 

Way above...