Music server was infected by virus

mcgrayhou

New Member
It is DIY PC with Windows 10. My sister installed some kind of malicious app on it and now it is complete out of access after reboot. It keeps saying the password is wrong. However, it is the correct one we have set. What is the options out there except for a clean reinstall?
 
The option that worked best for me was to get a turntable and some records. :biggrin:
Have had nothing but bad luck and headaches with my music on the computer. Even lost music.
But I'm not very computer-savvy, and get frustrated fast when things start to go south.
 
It is DIY PC with Windows 10. My sister installed some kind of malicious app on it and now it is complete out of access after reboot. It keeps saying the password is wrong. However, it is the correct one we have set. What is the options out there except for a clean reinstall?

I'd think a malicious app that locks the computer (eg. ransomware) would be asking for a payment or whatever to unlock the computer. Is that what's happening?
 
Without being able to get into the PC to run a scan and quarantine the virus, the only option is to do a clean reinstall after wiping the HD.

I installed a free trial copy of Malwarebytes on my server and run it routinely as it is on the network and has internet access.
 
Hope you had your music files backed up ? I have a gadget that lets me hook up a hard drive to my computer and search folders.
 
Can you relaunch the computer in "safe mode" from the sign in screen (instructions)? That should start your computer with a minimum set of services and you might be able to recover your files if you don't have a backup or remove any suspicious software. If you can get into your computer this way, it might be worth trying a scan with the free Malwarebytes software as suggested above. If you don't already have this, there is a safe mode option that enables internet access so you can download it.

Another option if you have another computer on the same network, reboot your music server without safe mode and try to mount its filesystem from the other machine. You'll need to know the name of the music server or its IP address on your network. From another Windows computer, launch a file browser and type "\\musicserver-name-or-ip\C$" without the quotes in the address field, and use your user/password if prompted. If you can access files this way, you can copy them to a safe spot and then restore your server.
 
Reloading the OS is the best option.

Do you need to recover anything from the HD?

If you do, even if you have zero interest in running Linux, it can be useful for that. You can download a light weight version and make a bootable USB flash drive with the .iso file. It will allow you to boot your computer from the flash drive and access your HD so you can copy the files elsewhere. There may even a way to get into the Windows files and change your password/find out what it was changed to, but I still wouldn't trust an OS that has been compromised, though.
 
One reason why I run dual drives here ... one for OS and software, the other strictly data ... The OS drive is cloned, so it's a simple swap to get back up and running. I seldom install new software, so only tedious part would be waiting for a couple years worth of WindOHs patches and updates to happen. Once that's all done, wipe and re-clone the "bad" drive and put that back in storage.
 
If there is no important data on your computer, it is recommended that you reinstall the system, and you can get some free tools from Google , but I don't recommend that you do that if you don't know much about computer .
 
I would not trust the install. Something was able to corrupt the local password store..or it was able to modify your Windows Live account.

Format. That's the only option. There is nothing on that install that could be trusted.
 
if you can, pull the drive and USB-attach it to another system with good/great antivirus
detection, run several scanners (ccleaner, Malwarebytes, defender, etc) until it's
clean. do note whenever there's something found - ensure it accounts for the
problem(s) and do not stop until something is found, and only after the problems are/is
found and removed, then do a copy of only the music files to another disk,
use that to re-install back in the original machine. safety protections, etc.
 
if you can, pull the drive and USB-attach it to another system with good/great antivirus
detection, run several scanners (ccleaner, Malwarebytes, defender, etc) until it's
clean. do note whenever there's something found - ensure it accounts for the
problem(s) and do not stop until something is found, and only after the problems are/is
found and removed, then do a copy of only the music files to another disk,
use that to re-install back in the original machine. safety protections, etc.

If it's password protected and that's compromised he will still be locked out unless you use a Linux box. BTDT
 
windows 10 passwords are for login and not drive access, unless its encrypted using MSFT's bitlocker
or to use variations of Truecrypt and its descendants.

when you mount a windows drive as a USB then you only have to worry about ownership and permissions
at the root level, and if windows needs more help, computer management/storage and right click the drive
gets you to the place where you can change ownership and permissions and propagate through the folder
hierarchy. less than one minute.

if its the app that needs a password AND/OR the windows login password is corrupted/changed, you can
change the password at the login screen. and once in , you can delete the app, or re-install the app.

next thing, is that it is rather difficult for an app to change windows security credentials, of the many but in this
case the Windows logon/login password. after years of kernel work, I would not be surprised if it is done this
way but it would attribute magical powers to some app developer.

Occam razor's says the password was changed using standard interfaces. you can download a simple
app to change this back or retrieve it, and unnecessary to use another set of tools.

if this is the only way, then you'd need to know a lot more about the drive, there are issues with Fat32
with large drives, NTFS support by many apps, and some requirement for ext3/4/next file systems.
 
Last edited:
I don't know what a "not a" is but many popular flavours of Linux are so easy to install and navigate,indeed if you have an Android phone your already using a modified Linux kernel.
My 79 year old ex bricklayer of a father has no problem with Ubuntu,if only the same could be said of his golf buggy.
 
windows 10 passwords are for login and not drive access, unless its encrypted using MSFT's bitlocker
or to use variations of Truecrypt and its descendants.

when you mount a windows drive as a USB then you only have to worry about ownership and permissions
at the root level, and if windows needs more help, computer management/storage and right click the drive
gets you to the place where you can change ownership and permissions and propagate through the folder
hierarchy. less than one minute.

if its the app that needs a password AND/OR the windows login password is corrupted/changed, you can
change the password at the login screen. and once in , you can delete the app, or re-install the app.

next thing, is that it is rather difficult for an app to change windows security credentials, of the many but in this
case the Windows logon/login password. after years of kernel work, I would not be surprised if it is done this
way but it would attribute magical powers to some app developer.

Occam razor's says the password was changed using standard interfaces. you can download a simple
app to change this back or retrieve it, and unnecessary to use another set of tools.

if this is the only way, then you'd need to know a lot more about the drive, there are issues with Fat32
with large drives, NTFS support by many apps, and some requirement for ext3/4/next file systems.


Linux is nice but if you're not a

I'm not sure I'm completely following you. I have had this happen several times, trying to get files off an old PC, if it is Win7 or newer you hook the drive to the USB thing and then try to navigate it you cannot access anything unless you have the password for the old PC if you are using a Windows machine. Just normal everyday users, not people who understand encryption etc. Linux, of course, laughs at Windows "security".
 
Back
Top Bottom