Question Possible Malicious software?

nissan20det

Honorable
Aug 23, 2015
28
0
10,530
Hey guys,
So My New ASUS Zephyrus was stollen a few months back with only access to a non admin profile. I figured id never see it again and someone on facebook bought it at messaged me. WOW I got it back. Everything seems okay with it other then this, I need some help on what it is. If the computer sits for a while or last time i closed it and reopend I am getting a lock screen as shown in the photos. I have never seen the computer do this in the 2 months I had it prior. It did this once in windows 10 and I just did the upgrade to windows 11 and it did it again this morning. I tried all the passwords I could think of but I dont have one for this computer. only a pin? I get three trys before it just freezes and i have to restart the pc but the layout doesnt look like anything i have seen? Any help would be greatly appreciated. want to make sure something bad wasnt installed on this.

Screen photos
 

USAFRet

Titan
Moderator
No so I can log into windows just fine. computer works good, but twice when I close laptop and reopen it goes to a odd looking login screen. doesnt even look like windows
It was out of your possession, in the hands of a known thief.
Now it is acting a bit weird.

How much do you trust he, or anyone he knows, did not install something malicious?
Keylogger, mining, botnet, etc, etc....


You can continue to think all is well, but that odd login screen...nope, not a chance.
Full wipe and reinstall.
 
  • Like
Reactions: 4745454b
D

Deleted member 14196

Guest
They could’ve let you have your computer back so they can get your banking data and sensitive things like that by allowing you to log into their fake login screen capturing your password

That’s the only reason you got your computer back is what I’m thinking they are out to scam you
 
  • Like
Reactions: jnxzi94 and Cj-tech
Jul 14, 2021
35
3
45
Hey guys,
So My New ASUS Zephyrus was stollen a few months back with only access to a non admin profile. I figured id never see it again and someone on facebook bought it at messaged me. WOW I got it back. Everything seems okay with it other then this, I need some help on what it is. If the computer sits for a while or last time i closed it and reopend I am getting a lock screen as shown in the photos. I have never seen the computer do this in the 2 months I had it prior. It did this once in windows 10 and I just did the upgrade to windows 11 and it did it again this morning. I tried all the passwords I could think of but I dont have one for this computer. only a pin? I get three trys before it just freezes and i have to restart the pc but the layout doesnt look like anything i have seen? Any help would be greatly appreciated. want to make sure something bad wasnt installed on this.

Screen photos

I agree with everyone that you should did a full wipe and compete re-install. Treat it like a second hand purchase from eBay. I don't know how you got it back but if someone just contacted you up out of the goodness of their heart, I'd be a bit suspicious. How did they realize that it was stolen? If it was PIN protected, how were they able to get in to find your information to contact you?

If you're really curious about that weird screen, contact a malware specialist before you do the full wipe. You might have discovered a new malware that is still not well-known. If you're lucky enough to have a large university nearby, email their Computer Science department and see if any researcher there is interested. It takes them just a few seconds to look at the screenshot. You can even email researchers out of state but they won't be able to ask you to bring your computer in. Alternatively, contact the major malware companies, e.g. McAfee or Norton, to see if they recognize the screen. I believe both sites have a way to report suspicious software. It would help, of course, if you actually owned their software.
 
Last edited:

nissan20det

Honorable
Aug 23, 2015
28
0
10,530
Yes I do own Norton so I guess I could try that. I don't think the person that stole it really knew about computers he just liked the price tag, and the person who found me on facebook traded a motorcycle for it couldnt get it unlocked and msged me on FB said he found me from my name that showed on the lock screen.

I then explained what happened and after the new owner looked into it I guess the first guy got arrested and never transferred the title so I heard this guy got his bike back. but yes that could all be BS cuz this is very obscure.

Now this being a new ROG Asus I would hate to reset it and have a ton of the factory software missing. So Could I just do reset but keep personal files in recover menu? Reset completely option? or do I need Like Windows Disk And Wipe? and going back to alot of the factory software then missing, I bought this in Nov from bestbuy No Extended Warranty would they fix it correcty? and possibly covered?
 
Jul 14, 2021
35
3
45
Yes I do own Norton so I guess I could try that. I don't think the person that stole it really knew about computers he just liked the price tag, and the person who found me on facebook traded a motorcycle for it couldnt get it unlocked and msged me on FB said he found me from my name that showed on the lock screen.

I then explained what happened and after the new owner looked into it I guess the first guy got arrested and never transferred the title so I heard this guy got his bike back. but yes that could all be BS cuz this is very obscure.

Now this being a new ROG Asus I would hate to reset it and have a ton of the factory software missing. So Could I just do reset but keep personal files in recover menu? Reset completely option? or do I need Like Windows Disk And Wipe? and going back to alot of the factory software then missing, I bought this in Nov from bestbuy No Extended Warranty would they fix it correcty? and possibly covered?

Contact Asus. They can probably give you an image file to restore the computer to its initial state, including all the software. If not, ask them for links to all the apps. Make sure to back up all your important files, and check them for malware. Malicious code can even be hidden in Word files, etc. Good luck.
 
Last edited:
D

Deleted member 14196

Guest
Factory software is mostly garbage so I don’t know why you would wanna even keep it and everything else you can download from web. Do not do a factory reset it is useless

Whenever I get a new computer I’ll wipe it format it and install windows clean because I do not want garbage crap from the factory
 
Jul 14, 2021
35
3
45
Hey guys,
So My New ASUS Zephyrus was stollen a few months back with only access to a non admin profile. I figured id never see it again and someone on facebook bought it at messaged me. WOW I got it back. Everything seems okay with it other then this, I need some help on what it is. If the computer sits for a while or last time i closed it and reopend I am getting a lock screen as shown in the photos. I have never seen the computer do this in the 2 months I had it prior. It did this once in windows 10 and I just did the upgrade to windows 11 and it did it again this morning. I tried all the passwords I could think of but I dont have one for this computer. only a pin? I get three trys before it just freezes and i have to restart the pc but the layout doesnt look like anything i have seen? Any help would be greatly appreciated. want to make sure something bad wasnt installed on this.

Screen photos
Yes I do own Norton so I guess I could try that. I don't think the person that stole it really knew about computers he just liked the price tag, and the person who found me on facebook traded a motorcycle for it couldnt get it unlocked and msged me on FB said he found me from my name that showed on the lock screen.

I then explained what happened and after the new owner looked into it I guess the first guy got arrested and never transferred the title so I heard this guy got his bike back. but yes that could all be BS cuz this is very obscure.

Now this being a new ROG Asus I would hate to reset it and have a ton of the factory software missing. So Could I just do reset but keep personal files in recover menu? Reset completely option? or do I need Like Windows Disk And Wipe? and going back to alot of the factory software then missing, I bought this in Nov from bestbuy No Extended Warranty would they fix it correcty? and possibly covered?

Did you try asking the person who returned the computer to you? The fact that the weird logon screen popped up indicates that it's unlikely to be malware. Except for ransomware, most malware are stealthy and don't announce themselves like that. Could it be that the buyer installed an app that attempts to bypass the normal Windows login screen? When that didn't work, he contacted you. Now I don't know if it's even possible to install anything without logging in first so this is just a paranoiac hunch.

My suggestion is to contact the buyer who returned the laptop to you. If he says that he installed that app, see if he can give you the password. If he won't, try to get the name of the app then go to the app's website to look for remedies. If he denies installing anything, see if he also encountered that weird login screen. If not, you have a real puzzle...
 

USAFRet

Titan
Moderator
Now this being a new ROG Asus I would hate to reset it and have a ton of the factory software missing.
bzzzzt, wrong answer.

Full wipe and reinstall.

If you really want, after Windows 10 is installed, you can go to Asus and download all that junk.

Don't contact anyone, don't scan with Norton....nothing.

The mere existence of a popup screen that was not there before is far more than enough to suggest Something Is Not Right.

The fastest and best way to get rid of it?
 

Ralston18

Titan
Moderator
@nissan20det

Are you keeping a close eye on all your accounts: banking, credit card, online stores, etc.?

If they were able to figure out who you are and "return" the laptop then they probably know a lot more about you than you think.

As mentioned the laptop could indeed be set up as a trap to capture even more information.

Clean install and set up some watches on all accounts along with password changes.