Chinese hieroglyphs appear on screen when signing out of windows

Question

For some time now, when I try to sign out of windows or restart my computer, a message appears that a program forbids my computer from signing out and this program is a .exe file with Chinese hieroglyphs for a name and I can't understand where it comes from. The last time I signed out, instead of them it showed up no game stream window, then turned them into hieroglyphs and then it signed out.

So any suggestions what this is, or should I be worried my system is compromised? It will be a solution to just format my drive, but of course I want to avoid this.

You've been surfing to unknown sites with javascript enabled again? — ott--, Sep 13 '15 at 20:23
possible duplicate of [How do I deal with a compromised server?](http://security.stackexchange.com/questions/39231/how-do-i-deal-with-a-compromised-server) — Deer Hunter, Sep 14 '15 at 08:18

score 2 · Answer 1 · answered Sep 14 '15 at 00:11

Sorry to break it to you, but your system is definitely compromised. To be truly safe you must do a complete disk wipe.

Something you can attempt is a system restore. If you have a a restore point prior to the infection you can possible be saved. Usually one is created prior to Microsoft's second Tuesday of the month update. That being said it IS possible to infect this system restore, but prior to doing a complete reformat I'd advise at least checking into this option.

It is a significant risk to retrieve files from this infected machine, those files themselves could be corrupted. Files in the "My documents" folder or on the desktop are especially suspect to being infected. If you lift files be prepared to do a second disk reformat if the problem reappears.

If you do a complete disk reformat you're 99.9% safe. There are types of persistent malware which live in the bios but they are extremely rare (or from lenovo:) ).

score 0 · Answer 2 · answered Sep 13 '15 at 18:38

0

Take a copy of all files you need and format it. Pretty sure it is compromised.

answered Sep 13 '15 at 18:38

Zardox

51
6

And if the needed files are compromised too? – ott-- Sep 13 '15 at 20:21
That is a problem. I was mostly thinking of documents etc. Which you can start on a VM and copy the text too a new document. – Zardox Sep 14 '15 at 01:22

score 0 · Answer 3 · answered Sep 14 '15 at 03:04

Don't even look back, just format your hard drive and start again, that is what I would do in your situation once making sure the system restore wasn't a valid option like Chris mentioned.

And rescuing files can be risky so it's better to start fresh.

Chinese hieroglyphs appear on screen when signing out of windows

3 Answers3