Windows 10: Windows attack can steal your logged-in username and password

Page 4 of 6 FirstFirst ... 23456 LastLast
  1.    08 Aug 2016 #31

    Thank you dmex its disabled now
      My ComputerSystem Spec

  2.    08 Aug 2016 #32

    AndreTen said: View Post
    Thanks Dmex for this tip. Problem is, that this comes enabled by default. How many user will know about this?
    Very good Point and I am one of them

    just saw this now
      My ComputerSystem Spec

  3.    08 Aug 2016 #33

    A word of warning from my experience. If you change policy settings, create a restore point before doing so.

    After I changed the policy setting to 'Deny All', netbios stopped running in file discovery thus no NAS and network printer showing under 'Network'.

    I also found that changing that setting to 'Allow All' did not fix the above problem. I had to use an earlier restore point to set all back to normal.

    Note, you will also need to restart after changing this policy setting. But I am not changing it again!!

    I haven't tested this with the registry setting method but have lost enthusiasm for this, now, especially as I don't use Edge or IE!
      My ComputerSystem Spec

  4.    08 Aug 2016 #34

    For anyone interested: I tested 2 different systems unchecking "Enable Integrated Windows Authentication" and still got vulnerable. (Yes I rebooted) Only success was the reg entry. Really disturbing with such a simple hack. Reason we turned off NTLM on all servers at last company I worked for.
      My ComputerSystem Spec


  5. Posts : 4
    Windows 10 Pro 64 bits
       08 Aug 2016 #35

    Hi :

    I changed my user account to a Local one and now I'm using Windows Hello authentification. Is this method safer than using a Microsoft account?. I hope it is.

    Thanks in advance
      My ComputerSystem Spec

  6.    08 Aug 2016 #36

    Hello,

    Not sure if this is related to the original issue, but I mistakenly went to a wrong website (cinplex.com rather than cineplex.com) and ended up with this:
    Click image for larger version. 

Name:	YahLover Random.jpg 
Views:	25 
Size:	167.8 KB 
ID:	95034
    I couldn't open any new tabs or close Chrome so I just restarted the computer, and when the tabs came up in Chrome again, I managed to quickly delete the one in question. Searching info about it, it seems this can be quite invasive. I've deleted history and reset settings, checked Control Panel programs list, nothing, nothing seems to be in the registry, Malwarebytes found nothing, but given this can be quite a deceptive virus, I want to make sure that simply restarting didn't in some way install this inadvertently. I read on a TenForums thread about using the Tweaking.com Windows Repair, but after installing, I keep getting this:
    Click image for larger version. 

Name:	Tweaking.com issue.jpg 
Views:	81 
Size:	50.9 KB 
ID:	95035
    Not sure if this not working is related to the first issue in any way. Any insights would be appreciated. Thanks very much.
      My ComputerSystem Spec

  7.    08 Aug 2016 #37

    I don't use IE or Edge and I always sign in with a local account, can't remember the last time I signed into my M$ account.
      My ComputerSystem Spec


  8. Posts : 11,234
    W10Prox64
       08 Aug 2016 #38

    scop8 said: View Post
    Hello,

    Not sure if this is related to the original issue, but I mistakenly went to a wrong website (cinplex.com rather than cineplex.com) and ended up with this:
    Click image for larger version. 

Name:	YahLover Random.jpg 
Views:	25 
Size:	167.8 KB 
ID:	95034
    I couldn't open any new tabs or close Chrome so I just restarted the computer, and when the tabs came up in Chrome again, I managed to quickly delete the one in question. Searching info about it, it seems this can be quite invasive. I've deleted history and reset settings, checked Control Panel programs list, nothing, nothing seems to be in the registry, Malwarebytes found nothing, but given this can be quite a deceptive virus, I want to make sure that simply restarting didn't in some way install this inadvertently. I read on a TenForums thread about using the Tweaking.com Windows Repair, but after installing, I keep getting this:
    Click image for larger version. 

Name:	Tweaking.com issue.jpg 
Views:	81 
Size:	50.9 KB 
ID:	95035
    Not sure if this not working is related to the first issue in any way. Any insights would be appreciated. Thanks very much.
    Hi.
    Was your computer talking to you as well? It usually does with this sort of scareware.
    Tweaking.com is not a tool for this.

    Run RKILL.
    Then run TempFile Cleaner.
    Then run JRT (Junkware Removal Tool).
    Finally, run ADWCleaner.
    You should be good to go after this.
    p.s. When you run Malwarebytes, be sure to check the option for Rootkits, as it's not selected by default.

    EDIT: Site scans clean?
    https://www.virustotal.com/en/url/14...is/1470716879/

    FREE Online Website Malware Scanner | Website Security Monitoring & Malware Removal | Quttera

    https://sitecheck.sucuri.net/results/cinplex.com
      My ComputerSystem Spec


  9. Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       09 Aug 2016 #39

    simrick said: View Post
    Run RKILL.
    Then run TempFile Cleaner.
    Then run JRT (Junkware Removal Tool).
    Finally, run ADWCleaner.
    You should be good to go after this.
    p.s. When you run Malwarebytes, be sure to check the option for Rootkits, as it's not selected by default.
    Did you forget to include Mbam in your list of scans or did I miss a Mbam mention elsewhere?

    Anyway ....

    scop8 shoulkd also run Malwarebytes (download begins when clicked), noting the setting for Rootkits you mention.
      My ComputerSystem Spec

  10.    09 Aug 2016 #40

    simrick said: View Post
    Hi.
    Was your computer talking to you as well? It usually does with this sort of scareware.
    Tweaking.com is not a tool for this.

    Run RKILL.
    Then run TempFile Cleaner.
    Then run JRT (Junkware Removal Tool).
    Finally, run ADWCleaner.
    You should be good to go after this.
    p.s. When you run Malwarebytes, be sure to check the option for Rootkits, as it's not selected by default.

    EDIT: Site scans clean?
    https://www.virustotal.com/en/url/14...is/1470716879/

    FREE Online Website Malware Scanner | Website Security Monitoring & Malware Removal | Quttera

    https://sitecheck.sucuri.net/results/cinplex.com
    Is the bold part a lark? If not, then, no, my computer was not talking to me I followed all your instructions, simrick, and things seem to be clean. RKill just couldn't open and edit the Hosts file because Avira blocks that. Is this a problem or can I assume things are ok without it having been checked? Tempfile deleted what it needed to, no restart needed. JRT had 9 files deleted but these were all from Spyshelter update installations (I'm aware it sometimes reads as a false positive with some cleaners). AdwCleaner deleted a hxxp://www.trovi.com... file in Chrome along with 'Tracing' keys and cleared Winsock settings. I do know about turning on for rootkits in Malwarebytes so that was checked before the scan, thanks.

    Should I be at least creating new passwords or at worst doing another clean re-install or is the latter neck deep in paranoia? This is precisely the kind of thing I'd hoped to avoid, that dreaded feeling of 'maybe something's left over and I shouldn't check anything that requires a password' with a new Win 10 installation. Yet here we are.

    I don't know why all the sites say cinplex.com is clean yet when I hit enter things switched to the address of that red image I posted earlier...

    Thanks again, simrick, for a prompt and thorough response, I really appreciate it.
      My ComputerSystem Spec


 
Page 4 of 6 FirstFirst ... 23456 LastLast

Related Threads
Username and Password textbox not showing in User Accounts and Family Safety
Hi Friends, Today my laptop upgraded to windows 10 automatically after i logged into my account if i take the sharing the username and password field is disabled and it is taking my current username and password when i not able to take the RDP it...
Wifi username and password issue in Network and Sharing
Hi, I have just bought an HP laptop running windows 10. I cannot connect to internet wirelessly as when I select my network connection it requests username and password. (Screen shot attached) I only have a network password for my connection and...
My son loaded some apps using his XBOX id and now whenever I start up or reboot my PC it wants the XBOX login in information and then list my son's XBOX id as user. There is no other user listed when I boot the system. How to I get rid of his XBOX...
I changed my username on Windows 10, and after a while I logged out. Then when I try to log back, it asks for password, but my old password doesnt work. I also tried putting blank password (not writing anything) but that doesn't work either. How...
Username or password incorrect in User Accounts and Family Safety
I've previously run netplwiz from the command prompt to disable the sign in process in Windows 10. 24001 Which worked fine in build 10049 but in 10158 & 10166 I now get this error message 23986 I don't understand how this message can...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 12:55.
Find Us