Nasty 'Other User' Vista Virus! (Command prompt solutions?)

April 29, 2012 at 14:53:22
Specs: Windows 7
Working on fixing a Windows Vista PC with a boot sector Virus. When the PC boots up instantly the screen displays random images (black line down center of screen, dots) which are obviously being displayed to try and stop the user from entering the PC. When ran through an external monitor you can see the screen, but the windows logo on start is lined and the entire screen is pixelated as if loading up a false version of windows. When it is booted it leads to a screen labeled 'Other User'. I have tried booting into safe mode - for a while it let me and I ran virus scans from there, but the problem returned after 2-3 hours each time. Since then I have been blocked from even Safe Mode. I have the windows recovery environment loaded to a USB stick, which I can access. System Restore does not fix the problem, but I can access the command prompt from here. What can I do? Apart from loading Linux/Ubuntu onto the Laptop, I've tried everything I can think of. The PC is a Dell XPS with a recovery partition, but the virus is blocking access to system recovery.

Cheers for any solutions!


See More: Nasty Other User Vista Virus! (Command prompt solutions?)

Report •


#1
April 29, 2012 at 22:57:49
Kinda sounds like your laptop overheated and now the video processor is damaged. You don't specify your make/model, but I'll assume it doesn't have a replaceable card. Save what you can, and get a new laptop.

How To Ask Questions The Smart Way


Report •

#2
April 30, 2012 at 11:08:37
Hi Razor2.3,

I know this is not the case as after the two times I managed to boot into safe mode and run virus scans, for a period of 2-3 hours the screen was fully functional.

Does anyone else have any ideas?


Report •

#3
April 30, 2012 at 11:18:35
Fair enough, let me put it another way: What profit is there in preventing your display from working?

That you start having problems before Windows starts rules out software, because software hasn't been given the chance to run yet.

How To Ask Questions The Smart Way


Report •

Related Solutions

#4
April 30, 2012 at 13:11:42
I understand what you're saying, but the way the display isn't working is very unique. It boots to a white screen, but black lines fade in and out, then a second screen with muted blue dots fades in and this sequence runs.

What profit is there in most computer viruses that don't steal data? Very little. I agree, the issue must be in the boot sector but I have no idea how I'd fix it.

When viewed through an LCD, a lot of the screen info's coloring is incorrect, with blue dots on black. But that doesn't change the 'other user' screen being a known piece of malware.


Report •

#5
April 30, 2012 at 13:35:06
What profit is there in most computer viruses that don't steal data? Very little.
Plenty, actually. They're interested in using your PC's processing power and using your Internet bandwidth (mostly the bandwidth). Any time you read about a DDoS attack, it was powered by a botnet. Sending spam is also a common task. Basically, whenever you want to anonymize your less-than-legal activities, you use a botnet. I've also heard of botnets being used to store "things" for clients, but I haven't heard of that for a few years. Either the owners of the infected PCs are just that clueless, the unreliable nature of such storage makes it undesirable, or the black markets fueling these botnets frown on it. Low to no visibility is obviously the goal of these viruses.

There's also extortware, those viruses posing as anti-mallware programs, that charge you to use your computer. Low to no visibility after you pay is the goal of these viruses.

I agree, the issue must be in the boot sector but I have no idea how I'd fix it.
Going by your description, it sounds like it's happening before the BIOS runs the boot loader.

But that doesn't change the 'other user' screen being a known piece of malware.
Actually, without more information, it sounds like you're looking at the Fast User Switching screen. It's a built-in but seldom used feature.

How To Ask Questions The Smart Way


Report •

#6
April 30, 2012 at 15:50:16
Hi Razor2.3,

I'm not sure if the debate over botnets is entirely helpful.

I am now led to believe that the Virus must be infecting the BIOS

I'm 100% sure I'm not looking at the 'fast user switching screen'.


Report •

#7
April 30, 2012 at 15:59:40
If you're targeted to such a degree someone wrote a custom BIOS virus for you, your only chance is to nuke everything from orbit and start fresh with fresh hardware and software. Toss the laptop away. All data on the drive is suspect; do not attempt recovery. Destroy any USB thumb drives used with the system. Assume anything that has touched or been touched by the laptop has digital leprosy.

EDIT: Oh, also treat any other computer you use as suspect. If they had the time and resources to write a custom BIOS for the laptop, as well as the physical access required to install it, then I don't see why they'd stop with just one device.

How To Ask Questions The Smart Way


Report •

#8
May 5, 2012 at 10:40:52
what was the name of the boot sector virus? It seems like this might lead to a solution, if it isn't a heat issue.( which on a dell laptop is pretty common) I am assuming that by your note that the safe mode with command prompt loads just fine, with little or no issues?

mike


Report •


Ask Question