I get "Scream is behinde you" after bootup

[JP Bless]

I am trying to login to a WIN2000 system. After entering password I get a
black screen "Scream is behinde" written in red with a white mask picture.
After that, nothing else happens... no icons, start menu.

I have tried starting the computer in safe mode still didn't help.

Any one know how to fix this? Thanks for your help in advance.

 

[Newbie Coder]

JP Bless,

Sounds like you have been hit by 'a nasty' meaning a virus or malware

Best thing you can do is run AUTORUNS from here in safe mode:

Page:

http://www.microsoft.com/technet/sysinternals/utilities/autoruns.mspx

Zip:

http://download.sysinternals.com/Files/Autoruns.zip

Look on the LOGON tab & if you can not the ones listed in:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

To start in safe mode:

START COMPUTER
When the white progress bar goes along the bottom, press F8 (function key 8)
& choose SAFE MODE
Login & run the Autorun tool

If you have things like QuickTime Task or RealPlayer Update (TKBell) then
delete them as they aren't needed

List the startup items & send them here

---------------------------------------

You can always download & install Spybot S & D (totally FREE):

http://www.spybot.info

(Scan & delete all RED entries)

HiJackThis (totally FREE):

http://www.spywareinfo.com/~merijn/programs.php#hijackthis

With the latter program you can create a log file when you scan the system.
If you use Outlook Express to view newsgroups then you can attach the log
(like an attachment) to your reply for us to download & check for you. Do
Not paste the entire log in a post as many users will spit the dummy

How to configure Outlook Express as your newsgroup reader:

http://www.microsoft.com/windows/ie/support/newsgroups/howto.mspx

All the best & I'll be waiting for your response,

 

[John John]

He said he can't run in Safe-Mode so that won't help. It seems that I
remember hearing or reading about this "Scream" thing several years ago.
I believe some fellow named "Eric" something wrote it and it made its
way through colleges specifically, universities were less affected
perhaps because they have better IT budgets and better network security.
I can't remember exactly but it was a fairly severe security intrusion
as it compromises the GINA and authentication process. But for all the
searching that I tried I just cannot find anything on it :-(

The OP should use a live cd or a Bart's PE disk or similar tool and try
to run a virus scan on the drive. Some AV vendors have DOS mode
scanners that might be able to detect this thing. Alternatively the
disk could be mounted to another Windows installation or do a parallel
Windows installation on the disk and scan it for Virus. Dave L., our
resident AV expert might know more about this and have more to add.

John

 

[JP Bless]

Thanks for info.. will try that

He said he can't run in Safe-Mode so that won't help. It seems that I
remember hearing or reading about this "Scream" thing several years ago. I
believe some fellow named "Eric" something wrote it and it made its way
through colleges specifically, universities were less affected perhaps
because they have better IT budgets and better network security. I can't
remember exactly but it was a fairly severe security intrusion as it
compromises the GINA and authentication process. But for all the
searching that I tried I just cannot find anything on it :-(

The OP should use a live cd or a Bart's PE disk or similar tool and try to
run a virus scan on the drive. Some AV vendors have DOS mode scanners
that might be able to detect this thing. Alternatively the disk could be
mounted to another Windows installation or do a parallel Windows
installation on the disk and scan it for Virus. Dave L., our resident AV
expert might know more about this and have more to add.

John

 

[JP Bless]

Thanks... but I can't get in to safe mode.

JP Bless,

Sounds like you have been hit by 'a nasty' meaning a virus or malware

Best thing you can do is run AUTORUNS from here in safe mode:

Page:

http://www.microsoft.com/technet/sysinternals/utilities/autoruns.mspx

Zip:

http://download.sysinternals.com/Files/Autoruns.zip

Look on the LOGON tab & if you can not the ones listed in:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

To start in safe mode:

START COMPUTER
When the white progress bar goes along the bottom, press F8 (function key
8)
& choose SAFE MODE
Login & run the Autorun tool

If you have things like QuickTime Task or RealPlayer Update (TKBell) then
delete them as they aren't needed

List the startup items & send them here

---------------------------------------

You can always download & install Spybot S & D (totally FREE):

http://www.spybot.info

(Scan & delete all RED entries)

HiJackThis (totally FREE):

http://www.spywareinfo.com/~merijn/programs.php#hijackthis

With the latter program you can create a log file when you scan the
system.
If you use Outlook Express to view newsgroups then you can attach the log
(like an attachment) to your reply for us to download & check for you. Do
Not paste the entire log in a post as many users will spit the dummy

How to configure Outlook Express as your newsgroup reader:

http://www.microsoft.com/windows/ie/support/newsgroups/howto.mspx

All the best & I'll be waiting for your response,

 

[John John]

Good luck.

John

Thanks for info.. will try that