Posted on 09/15/2014 1:11:31 PM PDT by raybbr
I downloaded the trial version of Malwarebytes last week. I ran a complete scan and quarantined then removed all the malware found.
My PC is running W 8.1. I've had no issues till now.
After I restarted the computer I tried logging into my wife's account to check something and it would only allow me to log in as a temporary user. This happened to all the user accounts.
Also, I remember that after restarting my PC and logging into my account, which is an admin account, the desktop was blank and all my tiles were gone. I restarted again and logged in and it seemed okay. This is after running MB. The PC was okay till after I ran the scan and repair.
I have since had to go in and delete the profile registry keys for the users and reload data into the profiles. Luckily I saved data before I took actions. I am about 95% convinced that MB did something to the registry profiles. If not perhaps there is another explanation but I can't find it. If so, then perhaps the logs will show where the action took place. I still have two profiles that are affected and have not been changed yet. It seems that a .bak extension is added to the profile each time it's accessed for the first time post MB cleaning.
I should note that after the scans a "winspeed.dll" malware warning kept coming up. I tried uninstalling but it didn't seem to work. However, the alert has not come up again.
I notice that when I log off there is a program that holds up the process but it has no name. Usually there it tells the name of the process delaying the log off. This one doesn't.
Tech ping
I posted a thread at the Malwarebytes forum: https://forums.malwarebytes.org/index.php?/topic/157171-users-can-only-log-in-as-temporary-users/
Obviously, you have been declared malware. Enjoy eternity in the bit bucket.
disconnect from the network
safe boot
” I am about 95% convinced that MB did something to the registry profiles. “
You said you ran the scan AFTER you had a problem. Perhaps whatever caused the ‘problem’ did something?
You said you ran the scan AFTER you had a problem. Perhaps whatever caused the ‘problem’ did something?
this
check your restore points and try restoring from one a few days or week back
You are still infected. stop screwing with stuff until you are sure you are clean.
What do you use for antivirus?
What site did you download Malwarebytes from?
There are several pirate sites that come up if you do a Google search for Malwarebytes. If you download the program from one of those sites it will come loaded with spyware.
You can safely download it from either of these sites:
https://www.malwarebytes.org/mwb-download/
or
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
The problem is, after a malware attack, there is no good way to be sure you're rid of it. At least not without doing a lot more work than a scratch and reinstall entails.
As for backing up beforehand, a good way is to burn a CD image of Linux, such as a recent release of Ubuntu or Knoppix. Then you can boot from the CD, mount the hard drive read-only, and copy off whatever you need.
Another way is to install the OS afresh into a different system folder or partition. Then boot that system and do your backup.
A third way is to remove the hard drive and install it into a healthy machine. Then use the healthy machine to browse extra drive and take off whatever.
A fourth way is target disk mode, in which your machine starts without booting its OS but, instead, via firmware, makes its disk drive mountable on another machine via Firewire or other high-speed interface. Macs have it. I don't know if any PCs do, however.
MalwareBytes recognizes and treats Win-8.x as malware.
Your data should still be safe in their original login id profile folders but the profile registry hives must have been trashed. That happens from time to time, but unusual for all to go at once, which makes me wonder about OS damage, like a missing OS file.
You could try making new profiles and copying the data from the old profile folders.
Better yet, try to do a system restore BEFORE your ran malwarebyes, though as a safety measure backup all your data files.
Of course, I’m assuming you have access to an admin account; if not, you’ll have to try the system restore from BIOS if possible.
Corrupted Windows profile. Probably happened during the process of cleaning the infected files. I would google “remove temp profile windows 8.1”. It will involve the removal of a registry as well for the temp profile.
Most importantly, one should be VERY careful with any program that promises to ‘rid your system of malware’! Most of them remove valid registry entries.
Boot to USB stick or CD with Malwarebytes or Superantispyware, make sure they are legit copies of MB and SAS and up to date. Scan and clean pc. Then run an up to date antivirus program from bootable USB or CD and scan system.
I did? Didn't think I'd said that. No, the problem came after the scan.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.