Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Strange Virus: Constantly creating new user accounts

31 Jul 2012   #31
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.

After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


My System SpecsSystem Spec
.
31 Jul 2012   #32
Jimmyman

Windows 7 Ultimate x64 sp1
 
 

Hey, I don't have the problem anymore! No more user accounts are being created. I think that combofix helped fix my problem. Thanks for all the help everyone!
My System SpecsSystem Spec
31 Jul 2012   #33
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

? How so? You did a system restore after you ran Combofix.
My System SpecsSystem Spec
.

31 Jul 2012   #34
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Damn I hate it when 2 and 2 doesn't equal 4. What infection did combofix report and what did you do to rid yourself of it?
My System SpecsSystem Spec
31 Jul 2012   #35
Jimmyman

Windows 7 Ultimate x64 sp1
 
 

I'm not exactly sure how combofix helped fix it. I think that the virus was either caused by that eset bug beforehand or it may have been cleaned out by Malware bytes or MSE beforehand, but just not completely cleaned out when I quarantined the virus and deleted it. It must have been in my temporary files or something but combofix helped fix that.

On second thought though, it may have been gone awhile ago and I didn't recognize it until now because I never really restart my computer that much and wouldn't have noticed untill combofix ran and made me restart my computer.

Thanks for all the help though guys. If you want to check out the combofix report Layback Bear, please look at the log file I uploaded on a previous post.
My System SpecsSystem Spec
31 Jul 2012   #36
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

ComboFix found and 'fixed' many infected files ... most possibly associated with P2P file sharing.

If you did a system restore after using ComboFix, they're still on your computer.

I'm kind of wondering why you didn't post the CKFiles.txt that I asked for. (need I ask more? )

If you're going to go about using an infected computer, then uninstall ComboFix by:
(For Vista / Windows 7 users)
Copy/paste ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
My System SpecsSystem Spec
31 Jul 2012   #37
Jimmyman

Windows 7 Ultimate x64 sp1
 
 

The CKscanner gave me these results:

c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\far cry\objects\glm\shipwreck\brokenwall\swr_mp_wall_ceiling_cracked_400.cgf
c:\program files (x86)\far cry\objects\glm\shipwreck\brokenwall\swr_mp_we_400z300xcrack.cgf
c:\program files (x86)\far cry\textures\decal\crack_broken\bulletspray.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\bulletspray_ddn.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\concrbrok.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\concrbrok02.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crack.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crack02.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crack03.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crack04.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crack05.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crackbroken6.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crackbroken7.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crackbroken8.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\crackbroken9.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\dirty021broken.dds
c:\program files (x86)\far cry\textures\decal\crack_broken\exploded.dds
c:\program files (x86)\far cry\textures\decal\noalpha\crackbroken_w.dds
c:\program files (x86)\far cry\textures\glm\corporate_buildings\wall\concr_d14crack.dds
c:\users\steven\desktop\stuff\steven\desktop\stuff 3\important stuff\articles and pictures\how to articles\driveway_cracking__how_to_concrete_resurface_quickly_and_easily.txt
c:\users\steven\desktop\stuff\steven\desktop\stuff 3\important stuff\articles and pictures\how to articles\dry__cracked_heels_-_how_to_handle_.txt

I don't know if combofix did anything then. The MSE or MB must have fixed the problem beforehand then and then I just didn't notice it until Combofix restarted my computer.
My System SpecsSystem Spec
31 Jul 2012   #38
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Thanks for your help Jacee.
My System SpecsSystem Spec
31 Jul 2012   #39
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

No wonder you have issues - cracked software is sure to be the cause of much of your trouble.
My System SpecsSystem Spec
29 Mar 2013   #40
drockmd

win 7 x64
 
 

Just so there is a solid resolution to this post, since it was driving me crazy for 2 weeks. I had the same problem, contacted Eset and it turns out, the version of smart security 6 is creating the phantom user.

If you sign up for their Anti theft feature, they create the phantom user so they can access your computer in case it is stolen. So the ComboFix didnt actually fix it, it just happened to be the troubleshooting step you tried right after uninstalling Eset SS6.
My System SpecsSystem Spec
Reply

 Strange Virus: Constantly creating new user accounts




Thread Tools




Similar help and support threads
Thread Forum
Virus constantly creating new user accounts
i know my problem is similar with this http://www.sevenforums.com/system-security/242161-strange-virus-constantly-creating-new-user-accounts.html since its banned to use combofix without trained supervision, so i start new thread P.S : Downloading Malwarebytes, ill update if they found something
System Security
Creating new user account adds TWO accounts
On my laptop I created a new user account called "Colin". When I looked (in Windows Explorer) under "users" there were two new accounts listed, one called "Colin" and one called "Colin.laptop". Of these, only "Colin" appears at Login or if accounts are viewed under "User Accounts" in Control Panel....
General Discussion
Need Help in creating extremely limited User Accounts
I do not know much about these things so I'm gonna make it direct. I want the only functionality it can do is 1. open a folder containing shortcuts to files in a certain folder. 2. be able to run those shortcuts. **The files run on flash, and apparently my PC chose Internet Explorer as its...
General Discussion
Strange Unknown Accounts In User list
Hi there, Wonder if you can help me. Noticed something strange today and trying to work out whether anything sinister is going on with my machine. Ran virus scans and such, all came back clear. I basically have a series of "Unknown Accounts" listed in advanced system properties. This...
General Discussion
Affected by virus, user accounts dont display
by mistake i double clicked a file in mail attached i am sureits some form of virus it affected my pc i removed it by antimalware,mse and kaspersky but still i cant see user accounts check attached pics,do help me i need to take files from desktop and downloads which is hided now else i will...
System Security
Strange user accounts i dont reconize?
Hi i am running windows 7 and i setting up my mini home network and when i right click on the file i would like to share to change some of the permissions there are 3 user account that appear. There is my account Liam-laptop\Liam, administrators Liam-laptop\administrators and there is one with a...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:54.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App