My wife has MWB and MS defender running on her laptop, and she’s careful about what she opens and what she clicks, but she called me (I’m away from home) and told me she has an odd virus on her system:
Windows 10 - when she turns on the computer and is at the login screen (i.e. the screen where you type in your password to log on) a female British voice starts up and tells her her computer is infected, files in danger, etc. etc. If she ignores it and logs on, she gets a big porn photo splashed on the screen with a message to call this number to fix the problem, etc.
Trying to help from another state, I asked her if she could get MWB open and running. Surprisingly, yes. She ran that and did a scan, and it didn’t find anything. Ugh. I also had her open Windows explorer, and she can see and open her files, so not a ransomware issue.
If Malwarebtyes doesn’t find something this obvious, what would you recommend? Also - never heard of a virus that starts bugging you with a voiceover at the log in screen, is this new?
Not sure about when a browser would start, but it sounds plausible.
What I would do, though, is start the computer in Safe Mode and run the Malware Bytes and Windows Defender Scan. Then I’d take a good, long, hard look at the Task Manager’s StartUp tab, and see what might be starting right away at boot. Perhaps some app/program (or browser) is starting at boot up and you could disable it here. Could also try running one of the many reputable on-line scans if she can get to the 'Net.
Safe mode tip seconded. I’m amazed that something would do this and not be ransomware, but when I got hit by an early and thankfully it seems not well coded bit of ransomware, a safe mode MWB scan worked.
Thanks for all the tips. I didn’t realize F8 isn’t the sure proof way to get into safe mode with Windows 10 (had to do a search to figure that out.) Got into safe mode, MWB search found nothing. Then did a full scan with Windows Defender and it found the virus and eliminated it.
Irritates me that I have MWB paid on her laptop, running all the real time exploit, malicious web site/link, etc. (hi IT department!) and it not only didn’t stop this one, it didn’t find it on a full scan. Windows Defender apparently didn’t stop it either, but at least found it in a complete scan.
To be honest I haven’t used a “paid” anti-malware/virus software (at home) in over 10 years. The default Windows Defender has always been good (Edit - Good Enough), coupled lately with Chrome + uBlock as well as the usual good practices.
I can’t preach enough the “disaster recovery” USB stick though. Get a copy of your OS burned to a bootable USB stick, and on that stick also put any drivers you need for your system as well as any important files, pictures, password documentation, whatever and keep that stick in a safe place (not plugged into your PC).
Then when something like this happens, shrug, boot up and rebuild and these days be up and running in like an hour. Plus most of my important stuff is saved to the cloud lately anyway.
