Unknown user showing in user accounts - possibly compromised?

Page 1 of 2 12 LastLast

  1. Posts : 9
    Windows 7 Home Premium 64-bit
       #1

    Unknown user showing in user accounts - possibly compromised?


    Hi all,

    Hoping someone might be able to help. Recently, a few strange things have happened with the PC, which first started when I found I couldn't use the Backup & Recovery software in Windows 7. Whenever I clicked on one of the buttons with a shield, nothing would happen at all. I've looked around and just can't find the solution to this. However, today when trying to fix this, I've come across a new user account in the permissions section. The name is jvactaett - I certainly haven't made this! Does anyone have any ideas how this account has got there, and how I can remove it? It doesn't show in user accounts through Control Panel.

    I've put a screenshot as well. To get there, I right clicked a hard drive and went to properties, Security, Add, advanced and then clicked Find Now.

    I don't know if the two things above are linked or not...
    Thanks!
    Attached Thumbnails Attached Thumbnails Unknown user showing in user accounts - possibly compromised?-jvactaett.png  
      My Computer


  2. Posts : 9
    Windows 7 Home Premium 64-bit
    Thread Starter
       #2

    A further observation is that when I do sfc /scannow through cmd, it stops at 59%. Same problem as this post, but didn't follow all the things that were replied as I didn't know if they were relevant to me...

    Windows Firewall Service unable to activate, SFC scan unable to work
      My Computer


  3. Posts : 4,566
    Windows 10 Pro
       #3

    "Disclaimer" : I am not a known malware removal person, But I have done a lot in my lifetime. Just not recognized. Therefor a malware removal assistant should assist you shortly, but until they do these are my thoughts:

    That down arrow on the "unknown jvactaett" account means the account is disabled. So relax a little :)
    You can delete the account several ways:

    User Account - Delete

    Are you sure you never created it? This is your pc and your the only one who ever used it?


    You state that sfc does not complete. We may need to do a Repair Install but lets check some things out first.


    I suggest doing the following:

    Please use the Farbar Recovery Scan Tool
    Download: http://www.bleepingcomputer.com/down...ery-scan-tool/
    Select the version that applies to your system.
    Save it to your Desktop.

    Double-click the downloaded file to run it.
    When the tool opens click Yes to the disclaimer.

    Press the Scan button.

    The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
    Please provide the FRST.txt in your reply.

    The first time the tool is run, it also makes another log: Addition.txt
    Also post the Addition.txt in your reply.



    Next, download the Farbar Service Scanner

    http://www.bleepingcomputer.com/down...rvice-scanner/

    Save to the Desktop
    Make sure the following options are checked:
    Internet Services
    Windows Firewall
    System Restore
    Security Center
    Windows Update
    Windows Defender
    Press: Scan
    FSS creates a log, FSS.txt, on the Desktop.
    Please provide the FSS.txt in your reply
      My Computer


  4. Posts : 48
    Windows 7 Home Premium x64
       #4

    Like andrew said, the account is disabled, so relax a little.

    1. Boot in Safe Mode WITH NETWORKING How to: How to Enable Safe Mode in Windows 7 | PCWorld


    2. Install Malwarebytes IN SAFE MODE!


    3. During installation, it should say that the database is outdated, update it.


    4. Run a "Full System Scan"


    5. Post the report.txt file it makes here :)
      My Computer


  5. Posts : 9
    Windows 7 Home Premium 64-bit
    Thread Starter
       #5

    Hi Andrew,

    Thanks for the response :)

    100% positive that I, nor my wife, have ever created that account. Thing is, it doesn't appear in the user accounts at all. It's only if I go to security settings that I can see it. It's odd....

    Anyway, I've attached all of those txt files, can you see anything untoward there?

    andrew129260 said:
    "Disclaimer" : I am not a known malware removal person, But I have done a lot in my lifetime. Just not recognized. Therefor a malware removal assistant should assist you shortly, but until they do these are my thoughts:

    That down arrow on the "unknown jvactaett" account means the account is disabled. So relax a little :)
    You can delete the account several ways:

    User Account - Delete

    Are you sure you never created it? This is your pc and your the only one who ever used it?


    You state that sfc does not complete. We may need to do a Repair Install but lets check some things out first.


    I suggest doing the following:

    Please use the Farbar Recovery Scan Tool
    Download: Farbar Recovery Scan Tool Download
    Select the version that applies to your system.
    Save it to your Desktop.

    Double-click the downloaded file to run it.
    When the tool opens click Yes to the disclaimer.

    Press the Scan button.

    The tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
    Please provide the FRST.txt in your reply.

    The first time the tool is run, it also makes another log: Addition.txt
    Also post the Addition.txt in your reply.



    Next, download the Farbar Service Scanner

    Farbar Service Scanner Download

    Save to the Desktop
    Make sure the following options are checked:
    Internet Services
    Windows Firewall
    System Restore
    Security Center
    Windows Update
    Windows Defender
    Press: Scan
    FSS creates a log, FSS.txt, on the Desktop.
    Please provide the FSS.txt in your reply
    Unknown user showing in user accounts - possibly compromised? Attached Files
      My Computer


  6. Posts : 4,566
    Windows 10 Pro
       #6

    "Disclaimer" : I am not a known malware removal person, But I have done a lot in my lifetime. Just not recognized. These are my thoughts only and do not reflect seven forums. Always back up your data.

    **Please answer all questions asked, it helps me help you.**

    Hello Gideetudee:

    Did you follow this guide I gave you on how to delete that jvactaett account? User Account - Delete
    You have a lot of toolbars, and I notice some files related to the zero access botnet on your system.
    Please do the steps in order, rebooting after each step. This is important.

    Lets get started:

    1.) ** I know you said you could not backup your data using backup and restore, so I suggest Doing the following before proceeding: Go to start-computer. Double Click C, then users. Copy both your wifes and your account name to an external hard drive. This will backup all your data files such as pictures, documents etc.**

    2.) Go to this guide here: User Account Control - UAC - Change Notification Settings
    Under option Two use the first option there to always have UAC notify you. Follow the directions there.

    3.) I notice you have eset security installed. Did you pay for this software and install it on your system as your antivirus?
    If so,
    Please update it and run a full scan. Then please click this link to see instructions on how to attach the log to this forum. (Export the log as you would, but then upload it here instead.)

    4.) Download Malwarebytes antimalware free version and at the last screen of the install there are 3 check boxes. Uncheck the top one where it states about running the free trial. Leave the other 2 boxes checked. Once it updates do a full scan with the product. Delete anything found. Upload the log in your reply please.


    5.) Please download and install adw cleaner.

    -Click the scan button, and then the clean button once it completes. This will then automatically restart your PC.
    Once this happens, a log will appear on the next reboot. Save that log and upload it here as well.


    6.) Please see these guides below so that we can run sfc before boot. Please be thorough when reading this and don't skim.

    -*Create a repair cd : System Repair Disc - Create

    The cd should then load in your pc the next time your computer restarts. You may need to tell the computer you want to use the cd as a boot option. If you need help on this let me know.

    -*Go to step 6 in this guide on how to run the sfc scan.
    SFC /SCANNOW : Run in Command Prompt at Boot
    Please post back the results of the sfc scan.


    7.) I notice you have Java installed. I recommend uninstalling it. While the program itself is safe, it has multiple problems with backdoors and is commonly attacked, leading to infection. Most websites do not use it anymore. If after you remove it, and you visit a website that needs it to work, you can easily install it again from javas website.
    I am sure you know how to uninstall a program but just in case here is a tutorial on that.
    Programs and Features - Uninstall or Change a Program
    While you are in there, uninstall any other software you do not use, such as google earth, and any other software your wife and you do not use.

    8.) Post back with your findings and We will see how it goes. We will then look into optimizing and securing your system.
    Last edited by andrew129260; 28 Oct 2013 at 17:10.
      My Computer


  7. Posts : 9
    Windows 7 Home Premium 64-bit
    Thread Starter
       #7

    Hi Andrew,

    Thanks again for your help with this

    I've got as far as point 6, which is where i'm having an issue. When I start Windows with the repair cd, it says it's found errors. It then reboots, and I have the option of booting Win 7 as it is, or win 7 (recovered). If I boot the recovered version, it boots from my secondary hard drive, rather than my SSD....any ideas?! I will say that on that boot, backup does work
      My Computer


  8. Posts : 4,566
    Windows 10 Pro
       #8

    It looks like you did not answer some of my questions:

    Did you follow this guide I gave you on how to delete that jvactaett account?

    I notice you have eset security installed. Did you pay for this software and install it on your system as your antivirus?


    Please answer these questions.

    Also,

    When you say step 6, do you mean my step 6 or the step 6 in the tutorial for running the sfc scan?
      My Computer


  9. Posts : 9
    Windows 7 Home Premium 64-bit
    Thread Starter
       #9

    Hi Andrew,

    Sorry, didn't have much time when I posted before. Let me answer in a little more detail

    I've followed the guides, but the account doesn't seem to show up anywhere. It's a little puzzling to be honest. When I go in through User Accounts in the Control Panel, I find no mention of it, not even when I click on "Configure Advanced User profile properties". I can't find it anywhere, except how I mentioned above in going to security for a drive and looking there.

    I have purchased ESET, and that is my main antivirus solution. It's been running on the PC for a couple of years now. Full ESET scan found one issue in the PC. Scan is attached

    Malwarebytes and adwcleaner logs also attached - they each found a couple of things to clean as well.

    In my last post, I was referring to point 6 on how to start sfc at bootup. I think the explanation above states what's happened - essentially, I've now got 2 OS to pick from whenever I boot. If I pick the recovered option, it boots from my old hard drive. If I pick the normal version, that's the one I'm running now. I want it to repair my OS on my SSD though

    Sorry for the short reply last time - hopefully that's a little more comprehensive.

    Thanks again for your time
    Attached Thumbnails Attached Thumbnails Unknown user showing in user accounts - possibly compromised?-boot-options.png  
    Unknown user showing in user accounts - possibly compromised? Attached Files
      My Computer


  10. Posts : 4,566
    Windows 10 Pro
       #10

    Hello Gideetudee,

    Looking at your logs quick, I notice that you did hit clean and let adwcleaner clean the threats (There was a ton), but you did not tell malware bytes to do so.

    Just like before, please do all the steps and answer all questions :) Thank you!


    1.) Run a check for update in malwarebytes, and then run a full scan again. Remove everything found.

    Then restart the pc.

    How is your PC now after doing this? Probably running a little better and faster.

    2.) I noticed you did full scan with eset and provided me a log as instructed above. However the log is not there. There are 2 of the adwcleaner. I think it was just a mistake. Thats okay.

    3.) Do you know why you have 2 windows 7 partitions? What do you mean boot from old hard drive?

    4.) Also TRY THIS if having issues running from the cd:

    Tap f8 repeatably before windows loads, then choose repair your computer. Then follow the guide again on how to run sfc. Let me know if repair your computer is not an option.


    Please post back with as much detail as possible. Let me know if you have any questions or need more explanation.

    I will be back online on Monday.
    Have a good day!
    Last edited by andrew129260; 02 Nov 2013 at 14:32.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:38.
Find Us