 | |
| |
| 23 Jul 2012 | #1 |
| | Strange Virus: Constantly creating new user accounts Hello, I was wondering if someone could please help me out on this. I have Windows 7 and I have been current on my updates, I have Eset Smart Security on with strict settings, and my firewall is also enabled on strict settings as well. However, I noticed that whenever I turn my computer on there's a new user account. It's a standard user account and I keep deleting them once I'm in Windows but they keep going back everytime I restart Windows, and they always have a different name like vfdfaswww (not exactly like this) or something similar and they're always standard accounts. I've checked my processes and any irregular network activity as well but there's nothing suspicious going on. I don't know what this virus is doing though and if it is keylogging me, is spyware or something, and it's really bothering me. Any help would be appreciated. Thanks for reading. |
My System Specs | |
| 23 Jul 2012 | #2 |
| Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1 Missouri | Hello Jimmyman, Welcome to SF! Give this a shot: Do a full scan of your system using: Microsoft Security Essentials - Free Antivirus for Windows Afterwards: Malwarebytes : Free anti-malware download If nothing pops up for both of those, try: Windows Defender Offline |
| My System Specs |
| 23 Jul 2012 | #3 |
| | Hi, Some software create user accounts to update themselves (NVidia is an example). can you post the exact name of the next account it creates and post it here, so we can look at it? Regards, Golden |
| My System Specs |
| . |
| |
| 23 Jul 2012 | #4 |
| | Okay, scanning with Microsoft Security Essentials and Malwarebytes now. I didn't copy down the exact name of the last standard account username but the first one was vfeuuzvxqqe. Thanks for responding guys. |
| My System Specs |
| 23 Jul 2012 | #5 |
| | Hi, Mmm. When did you first notice this? Did it correspond to an installation of a particular software? Regards, golden |
| My System Specs |
| 23 Jul 2012 | #6 |
| | I first noticed it yesterday. I think it tries to hide itself though so that you don't really notice it. I installed, updated, and ran the Microsoft Security Essentials and Malware bytes. The MSE didn't find anything suspicious, but the Malware bytes found 5 files. They are: Spyware.Password C:\Windows\System32\ALZZip.BIN Trojan.Agent.CK C:\Users\Jimmy\AppData\Local\Temp\~nsu.tmp\Bu_.exe Spyware.Password C:\Windows\System32\ALZALZ.BIN Trojan.Agent.CK C:\Users\Jimmy\AppData\Local\Temp\~nsu.tmp\Au_.exe Affiliate.Downloader C:\Users\Jimmy\Downloads\Codec-V.exe I got Malware bytes to quarantine them, and then I deleted them from there. However, I do notice that whenever I restart Windows now I get the error that for Malware bytes the cleanup.dll specified module cannot be found. However, Malware bytes works fine and says I'm protected while in Windows. Do any of you guys know how to fix this or is it nothing really to worry about? Also, is there any way of knowing if the malware stole any passwords or anything, or is that kind of hard to tell? Thanks for all the help this far, especially with Malware bytes! I can't believe ESET and MSE didn't pick the spyware password viruses up though. Those are pretty nasty viruses! They should definitely be getting picked up, especially because they're in system32 and they're bin files!  Last edited by Jimmyman; 23 Jul 2012 at 09:48 AM.. |
| My System Specs |
| 23 Jul 2012 | #7 |
| Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1 Missouri | To fix that error, just try and reinstall malware bytes. But yes that would be hard to tell. I think near impossible, But I am no expert so don't take my word for it. Did you try windows defender online? -Justin |
| My System Specs |
| 23 Jul 2012 | #8 |
| | I'm trying Windows defender online now. I don't think it'll catch anything because I scanned with Windows defender too along with MSE and ESET and none of them found it. That's why I'm so surprised. I just can't believe they'd let something like that get away. MB is the best though. I think I'm going to use it from now on and get the premium version too! |
| My System Specs |
| 23 Jul 2012 | #9 |
| Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1 Missouri | Sorry i meant Windows Defender Offline lol sorry. Have you had any crashes since you removed those viruses? |
| My System Specs |
| 23 Jul 2012 | #10 |
| | I haven't had too many crashes. The most common was a BSOD saying athrx.sys but I've had that one before and I fixed it by rolling back the wireless network adapter driver to the one before Windows update. The problem still occurs though strangely with a new user being created everytime I restart Windows, even though I think I got rid of the virus. Maybe I should scan my whole system? |
| My System Specs |
 |
Strange Virus: Constantly creating new user accounts problems?
| Thread Tools | |
| Similar help and support threads for: Strange Virus: Constantly creating new user accounts | ||||
| Thread | Forum | |||
 Creating new user account adds TWO accounts | General Discussion | |||
| Need Help in creating extremely limited User Accounts | General Discussion | |||
| Strange Unknown Accounts In User list | General Discussion | |||
| Affected by virus, user accounts dont display | System Security | |||
| Strange user accounts i dont reconize? | Network & Sharing | |||
All times are GMT -5. The time now is 03:43 AM.
