MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 08-17-08, 22:02
DCallaway DCallaway is offline
Private E-2
 
Join Date: Aug 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Did Malware Create a new User?

After a one week vacation we returned home to find our house sitter invited in every malware imaginable!! After 24-hours of floundering I found “READ & RUN ME FIRST.” After following the procedures (almost another entire day) I now believe that I am malware free, GOD BLESS MAJOR GEEKS. One issue that bothers me and may be a symptom of my problems is that my “Documents and Settings” directory has a new sub directory; it has the same name as our primary user but is in the form of “user name.USERNAME”.

I couldn’t find this in any of the posts. I only have two Accounts in “User Accounts” and boot to the new account. Because of this many of our settings were inactive. I copied the old files into the new user account, and most of the functionality was restored, was this OK? Did the malware create this new user account? Although I do not seem to have any active problems should I do anything else (other than getting a new house sitter)?

Thanks Again
Reply With Quote
Sponsored links
  #2  
Old 08-18-08, 17:25
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,704
Thanks: 449
Thanked 4,655 Times in 4,394 Posts
Default Re: Did Malware Create a new User?

New housesitter or passwords!

Attach the requested logs from running the Read and RUn First and I will look and see.
Reply With Quote
  #3  
Old 08-18-08, 19:12
DCallaway DCallaway is offline
Private E-2
 
Join Date: Aug 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Did Malware Create a new User?

I know instructions say Run Ssans Only Once, but I have repeted the entire process several times over the last three days. The logs are generally from the first run.

Could the new user account have been created when our house sitter tried to run a Restore?

Thanks, Danny
Attached Files
File Type: txt SASlog and Malwarebytes log.txt (8.8 KB, 2 views)
File Type: txt ComboFix.txt (11.7 KB, 1 views)
File Type: zip MGlogs.zip (58.0 KB, 6 views)
Reply With Quote
  #4  
Old 08-19-08, 12:37
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,704
Thanks: 449
Thanked 4,655 Times in 4,394 Posts
Default Re: Did Malware Create a new User?

The scans took care of the malware.....now tell me what user account was created.

Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| ASPNET ----> if you are referring to this, it is normal.
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | Marilyn Callaway
| SUPPORT_388945a0 (Disabled)

You can use add/remove programs to uninstall:
Viewpoint Media Player

And use windows explorer to find and delete:
C:\Temp

Now tell me what malware issues you may still be having.
Reply With Quote
  #5  
Old 08-19-08, 18:56
DCallaway DCallaway is offline
Private E-2
 
Join Date: Aug 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Did Malware Create a new User?

Tim,

Thanks for looking at our log files, I hope that you're right and we are Malware free. I am still wondering how our user account info was changed, I am attaching a zip with a Windows Explorer Screen Shot, can you tell anything from this information? Does the System Restore create a new user directory such as we are seeing?

Thanks again,
Danny
Attached Files
File Type: zip Tim.zip (150.9 KB, 5 views)
Reply With Quote
Sponsored links
  #6  
Old 08-20-08, 14:39
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,704
Thanks: 449
Thanked 4,655 Times in 4,394 Posts
Default Re: Did Malware Create a new User?

System restore would not have done that......nor would any of the scanning tools.

From one of our resident registry guru's
Quote:
I would deduce there was either a registry failure, or an account corruption. This is how the second account is created, but does not show up for login.

Let me give an example.

My account name is shammu. My computername is Shammu-PC.

If say, my account were to corrupt, when I went under the hard disk, (in the case of Vista it is C:\users), I would see my user account, shammu. In ADDITION, I would see a new user account that Windows built because my former one corrupted, named shammu.Shammu-PC.

The computername gets appended to the new account because you cannot have the same name for the folder in the same location more than once.

Last edited by TimW; 08-20-08 at 15:59..
Reply With Quote
  #7  
Old 08-20-08, 18:43
DCallaway DCallaway is offline
Private E-2
 
Join Date: Aug 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Did Malware Create a new User?

Tim,

You asked if I tried to delete the second user directioies, yes I did. I forgot I deleted the "user name.USERNAME" directory set as one of the first things when I found out we had Malware. The sequence was something like this:

I found out we had Malware.
I found out we specifically had "Antivirus XP 2008" (I didn't know that this was just the tip of the iceburg).
I found a site that recommended "Malwarebytes" to remove "Antivirus XP 2008"
I ran "Malwarebytes"
I thought I was OK (not by a long shot).
I went into "Safe Mode" and deleted the "user name.USERNAME" directory
I rebooted but the computer recreated the "user name.USERNAME" directory
I continued to have issues, including problems booting up.
I discovered the MajorGeeks "READ & RUN ME FIRST"
I uninstalled all old spyware/antivirus programs
I ran "READ & RUN ME FIRST"

Now that I am feeling virus free (or at least in virus remission) I tried the following:

I went to "Safe Mode" as Administrator and created a Zip of the "user name. USERNAME" directory.
I then deleted the "user name.USERNAME" directory and rebooted.
The computer created a new set of clean directory files in the format "user name.USERNAME"

Tim, as long as this user directory was not Malware created then I can live with it.

Thanks again for your help, and thanks to the resident registry guru.
Danny
Reply With Quote
  #8  
Old 08-20-08, 19:54
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,704
Thanks: 449
Thanked 4,655 Times in 4,394 Posts
Default Re: Did Malware Create a new User?

You need to get all of you data and folders transferred to the "username.USERNAME" account and then delete the original "username" account. then you should be able to rename the " username.USERNAME" back to the "original name".

The original one was/is corrupt and the new one may not have all the files folders and data that was in the original one.....so you should make sure you have moved it all over to the new account before you delete the original one. You just can't have two accounts with the exact same name which is what happened.

You may get better help in the software section. Let me know.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Question about single user games on XP multi user computer shewolf Software 1 01-13-07 09:17
Latest out of user groups on Malware Bri Malware Removal 0 05-01-06 14:58
Dealing with user accounts in order to clean up malware!?!? rogvalcox Malware Removal 1 03-24-06 11:31
How do I create an XP user profile that doesn't load any networking functions? Pilot145XR Software 2 08-30-04 08:29
create and customise user account bern Software 4 01-08-04 23:42


All times are GMT -5. The time now is 22:49.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright © MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger