Victim of an Illegal Activity Warning Message on startup

subby6

Member
Member
Messages
17
I get this message on startup of Windows 8, before the login screen. Dunno if its from a virus or malware.

https://imageshack.com/i/n65vekjj

Clicking OK on that brings up the login screen and I can log into Windows fine. But whether or not i log in or wait at the message, the computer will restart. I get about 2 minutes before it restarts.

https://imageshack.com/i/msk7rmj

-I have done a full scan of all partitions with Kaspersky Rescue Disc 10. Found no viruses.
-Have enabled legacy boot menu policy so can boot into safe mode by pressing F8. Message still appears and computer still restarts.
-Unable to Refresh PC, due to drive being locked.
-Unable to Reset PC, due to a required partition is missing.
-I have uninstalled the graphics driver while in safe mode.
-I have done chkdsk, found no errors.
-System Restore Failed.
-Cannot do a sfc scan, due to Windows Resource Protection could not start the repair service. (Running from win8 disc)

Stumped at what to try next
 

My Computer

System One

  • OS
    Windows 8.1
Your computer is infected. Follow the steps in the malware forum.
 

My Computer

System One

  • OS
    Linux Mint 17.2
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satellite C850D-st3nx1
    CPU
    AMD E1-1200 APU with Radeon (tm) HD Graphics 1.40 GHZ
    Memory
    12GB
    Graphics Card(s)
    AMD Radeon™ HD 7310 Graphics
    Sound Card
    Realtek HD
    Monitor(s) Displays
    LCD
    Screen Resolution
    1366 x 768
    Hard Drives
    Crucial M500 240GB SSD
    Mouse
    Logitech M525
    Internet Speed
    45/6 - ATT U-Verse
    Browser
    Google Chrome
    Antivirus
    None needed. It is Linux.
    Other Info
    Arris NVG589 Gateway; Router - Cisco RV320; Switch - Netgear GS108 8-Port Switch & Trendnet TEG-S50g 5-Port Switch; Access Points - Engenius ECB350, Trendnet TEW-638APB; NAS - Lenovo ix2-4; Printer - Brother HL-2280DW; Air Print Server - Lantronix XPrintServer

    A/V UPS - Tripp-Lite Smart 1500LCD 1500 Va/900 W.
Could be a variant of metropolitan police nasty.

Malwarebytes will probably do the job.

If you can't stay in windows, try this:

boot into safe mode.

Open regedit

go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

It should be "Shell"="explorer.exe"


2014-07-10_064535.jpg


If it says anything else, that is the nasty thing.

Change the entry to explorer.exe. Try deleting the nasty it was pointing at.

Now see if you can boot in ok.
 

My Computer

System One

  • OS
    7/8/ubuntu/Linux Deepin
    Computer type
    PC/Desktop
Had a look in the registry where you suggested. It explorer.exe for Shell. I took a screenshot, but before i could paste it in paint, pc rebooted.
 

My Computer

System One

  • OS
    Windows 8.1
IMHO, not knowing how deep that thing has infected - a restore (if you can you get to a restore point) or better still clean install may be better options... good luck though!
 

My Computer

System One

  • OS
    PC-DOS v1.0
    Computer type
    PC/Desktop
    System Manufacturer/Model
    IBM
    CPU
    Intel 8088, 4.77MHz
    Memory
    16K, 640K max
    Graphics Card(s)
    What's that?
    Sound Card
    Not quite
    Screen Resolution
    80 X 24 text
    Hard Drives
    dual 160KB 5.25-inch disk drives
Tried Reset and Refresh PC, both can't do. And no recovery Disc's. If i can get the PC to stop crashing, I can make recovery disc's and try install of them. But been unable to prevent the crash. Don't know what is using the file scssifilter64.sys to disable it or uninstall.
 

My Computer

System One

  • OS
    Windows 8.1
Last edited:

My Computer

System One

  • OS
    Windows 8.1.1 Pro with Media Center
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Gateway
    CPU
    AMD K140 Cores 2 Threads 2 Name AMD K140 Package Socket FT1 BGA Technology 40nm
    Motherboard
    Manufacturer Gateway Model SX2110G (P0)
    Memory
    Type DDR3 Size 8192 MBytes DRAM Frequency 532.3 MHz
    Graphics Card(s)
    ATI AMD Radeon HD 7310 Graphics
    Sound Card
    AMD High Definition Audio Device Realtek High Definition Audio USB Audio Device
    Monitor(s) Displays
    Name 1950W on AMD Radeon HD 7310 Graphics Current Resolution 1366x768 pixels Work Resolution 1366x76
    Screen Resolution
    Current Resolution 1366x768 pixels Work Resolution 1366x768 pixels
    Hard Drives
    AMD K140
    Cores 2
    Threads 2
    Name AMD K140
    Package Socket FT1 BGA
    Technology 40nm
    Specification AMD E1-1200 APU with Radeon HD Graphics
    Family F
    Extended Family 14
    Model 2
    Extended Model 2
    Stepping 0
    Revision ON-C0
    Instruction
    Browser
    Opera 24.0
    Antivirus
    Avast Internet Security
Wouldn't let me change it. Gonna check permissions on it

edit.

Ok deleted the data in the 2 registry keys. But after a restart the data is still there.
 

My Computer

System One

  • OS
    Windows 8.1
If I rename the scssifilter64.sys file, would the PC still function. I'm thinking it might stop the PC crashing, so I can run malware scans.
 

My Computer

System One

  • OS
    Windows 8.1
We are assuming malware - but Radio Rentals do have their own protection software - surely they should be able to disable it?

Apparently it requires a password to be entered usually - is it possible that too many incorrect password attempts has lead to this disabling of the PC?

Opinion based on this: My friend gave me a laptop that was with radio rentals which is locked by them, is it possible to get it unlocked? - Radio rentals latop contract now over laptop paid for but has a lock on it red screen with password slot what software do they use to
 

My Computer

System One

  • OS
    PC-DOS v1.0
    Computer type
    PC/Desktop
    System Manufacturer/Model
    IBM
    CPU
    Intel 8088, 4.77MHz
    Memory
    16K, 640K max
    Graphics Card(s)
    What's that?
    Sound Card
    Not quite
    Screen Resolution
    80 X 24 text
    Hard Drives
    dual 160KB 5.25-inch disk drives
I'll speak to the customer about this.

And i've managed to stop the PC from crashing, by renaming the scssifilter64.sys to oldscssiflter64.sys.
 

My Computer

System One

  • OS
    Windows 8.1
From what the screen says the computer you are using belongs to a company called "radio rentals" in Australia. A quick search shows that this is a real company.

Companies that rent out computers lock them down and install tracking software so they can find and repossess them should the renter stop paying the rent. Even if you find a way to get this thing working you will still have to live with the possibility that someone is logging everything you do and type on the machine as well as tracking your whereabouts.

I would look up the phone number of the store in the message and give them a call. Maybe you can come to some kind of agreement and get them to release their hold on it.
 

My Computer

System One

  • OS
    Windows 8.1 consumer 64 bit
    Computer type
    Laptop
    System Manufacturer/Model
    Acer Aspire M5 481PT-6644
    CPU
    Intel Core I5
    Memory
    6 GB
    Hard Drives
    Spinning/SSD hybrid 500GB/20GB
    Mouse
    ELAN Trackpad
    Internet Speed
    18mbs/5mbs
    Browser
    Chrome
    Antivirus
    Windows Defender
I've seen the paperwork for the Computer, was rented 18months ago, and paid off 6 months ago, and therefore no longer being under warranty. But will pop into the store, so can show them the image of the warning. As an email customer showed me stated that they can't help them since computer is out of warranty.
 

My Computer

System One

  • OS
    Windows 8.1
If it not a malware then how come there is not a single search result in Google and not even in Carrona's DRT for the given Driver? Could this be renamed on purpose as on just reading the driver name it feels like it is a SCSI Device Filter but has got an extra s in the SCSI.
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
See here:Malware scan of scssifilter64.sys (Microsoft© Windows© Operating System) 88577d0e2fb82dad0f8d100ed46b8c3a88d652af - herdProtect
File name:scssifilter64.sys

Publisher:Microsoft Corporation (signed by DesignerWare, LLC)
Scanner detections: 0 / 68

Status:Clean (as of last analysis)

Analysis date:4/17/2014 6:13:51 PM UTC (two months ago)

and here: http://www.designerware.com/eSiteWay/Home.aspx
DesignerWare, LLC specializes in security, consulting, and writes and sells antitheft software to be installed on devices in the case they become lost or stolen. The software allows you to lockdown and secure a device protecting the data if it becomes lost or stolen.
 

My Computer

System One

  • OS
    PC-DOS v1.0
    Computer type
    PC/Desktop
    System Manufacturer/Model
    IBM
    CPU
    Intel 8088, 4.77MHz
    Memory
    16K, 640K max
    Graphics Card(s)
    What's that?
    Sound Card
    Not quite
    Screen Resolution
    80 X 24 text
    Hard Drives
    dual 160KB 5.25-inch disk drives
How come there was not a single search result a while back and now there are like so many? :O

Did I make a mistake in searching?:shock:
That's certainly interesting though, but does this still occur if you reverse your time in BIOS settings and disconnect from the Internet?
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
I renamed the file to oldscssifilter64.sys and the PC still boots into windows and no longer crashes. Now I'm attempting to remove the malware.
 

My Computer

System One

  • OS
    Windows 8.1
Back
Top