Windows XP Pro suddenly prompting for captcha

My Windows XP Pro box suddenly today starting putting up a window asking me to type in two words displayed as graphics to be able to continue. This is not a web page, this is a window that pops up and prevents all further activity on the machine until I enter the words. Why is this doing this after a few years of uneventful operation? And why is it doing it at all?

Ha! That’s awesome!

It must be a malware that uses drones (you) to solve captchas to register email addresses that will be used for spamming, etc.

That’s pretty ingenious.

Yes, it’s Yahoo Answers but for a change, it’s not idiots writing and it does agree with Alex_Dubinsky.

Oh shit. You know, the window says XP Professional but I have XP Home. How about that.

You mean this whole time you’ve just been doing what it says, saying to yourself, “That darned Bill Gates, what will he think of next?”

You’d be surprised at how many people wind up doing this. This is why the virus works.

It’s my wife’s machine. I looked over her shoulder and said, “That’s weird. Never seen that before.” I told her to go ahead and enter it so she could keep working. First time I’ve had a virus in years. I need to check the virus software on that box. That’s a very slick program.

Here’s how that might work. You are infected by a program that is part of a rogue network. When some rogue program, somewhere in the world, tries to break in to some site and is presented with a CAPCHA, it ships the graphic data off to someone like you to decode. The plaintext result you enter is sent back to the original rogue program, which is then able to break thru the CAPCHA and enter the site.

So every time you answer the question, you may be helping a criminal bypass a security protection.

This stuff must be really good because ZoneAlarm didn’t prompt me to allow the program to connect to the Internet. Is it possible for an app to bypass ZoneAlarm?

My virus software hadn’t had its definitions updated for a while and wanted to be paid, so I switched to MS Security Essentials. I did a full system scan and it did not find anything.

So I have not found the culprit, but it only happened twice and then hasn’t shown up again.

It probably installed itself as a Browser Helper Object (BHO), and as such, has the same firewall permissions as your browser.

Right (except subsitute “spambot” for “criminal”. Banks and the FBI don’t rely on captchas to stop hackers from invading their systems. At least, I hope so ;)).

Gotta admit, it’s quite a clever scam. Evil, but clever.

Because spamming is legal! Spammers totally should not go to jail!

>This stuff must be really good because ZoneAlarm didn’t prompt me to allow the program to connect to the Internet. Is it possible for an app to bypass ZoneAlarm?

Is the virus/trojan is run as admin it can do anything it wants. There’s nothing magical about ZA. The malware can simply change ZA’s outbound database and add itself. Thats why its important to run as non-admin.

Very true. I learned this the hard way when I had a Vundo infection, and wound up having to reinstall Windows. Now I use a limited account.

Recently my father stumbled upon a fake antivirus ad, and went ahead and downloaded it. It ran, but it was unable to actually infect my system any further. I ran Spybot in the same limited account, and it got rid of it completely.

By the way, that’s what you need to do, OP. Follow the instructions in the Computer sticky on the top of this forum.

ETA: Here’s a linky.