Strange Virus: Constantly creating new user accounts

Page 1 of 5 123 ... LastLast

  1. Posts : 16
    Windows 7 Ultimate x64 sp1
       #1

    Strange Virus: Constantly creating new user accounts


    Hello, I was wondering if someone could please help me out on this. I have Windows 7 and I have been current on my updates, I have Eset Smart Security on with strict settings, and my firewall is also enabled on strict settings as well.

    However, I noticed that whenever I turn my computer on there's a new user account. It's a standard user account and I keep deleting them once I'm in Windows but they keep going back everytime I restart Windows, and they always have a different name like vfdfaswww (not exactly like this) or something similar and they're always standard accounts.

    I've checked my processes and any irregular network activity as well but there's nothing suspicious going on. I don't know what this virus is doing though and if it is keylogging me, is spyware or something, and it's really bothering me.

    Any help would be appreciated. Thanks for reading.
      My Computer


  2. Posts : 1,436
    Windows 8.1 Pro x64
       #2

    Hello Jimmyman, Welcome to SF!

    Give this a shot:

    Do a full scan of your system using: Microsoft Security Essentials - Free Antivirus for Windows

    Afterwards: Malwarebytes : Free anti-malware download

    If nothing pops up for both of those,

    try: Windows Defender Offline
      My Computer


  3. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #3

    Hi,

    Some software create user accounts to update themselves (NVidia is an example). can you post the exact name of the next account it creates and post it here, so we can look at it?

    Regards,
    Golden
      My Computer


  4. Posts : 16
    Windows 7 Ultimate x64 sp1
    Thread Starter
       #4

    Okay, scanning with Microsoft Security Essentials and Malwarebytes now. I didn't copy down the exact name of the last standard account username but the first one was vfeuuzvxqqe. Thanks for responding guys.
      My Computer


  5. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #5

    Hi,

    Mmm. When did you first notice this? Did it correspond to an installation of a particular software?

    Regards,
    golden
      My Computer


  6. Posts : 16
    Windows 7 Ultimate x64 sp1
    Thread Starter
       #6

    I first noticed it yesterday. I think it tries to hide itself though so that you don't really notice it. I installed, updated, and ran the Microsoft Security Essentials and Malware bytes. The MSE didn't find anything suspicious, but the Malware bytes found 5 files. They are:

    Spyware.Password C:\Windows\System32\ALZZip.BIN
    Trojan.Agent.CK C:\Users\Jimmy\AppData\Local\Temp\~nsu.tmp\Bu_.exe
    Spyware.Password C:\Windows\System32\ALZALZ.BIN
    Trojan.Agent.CK C:\Users\Jimmy\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Affiliate.Downloader C:\Users\Jimmy\Downloads\Codec-V.exe

    I got Malware bytes to quarantine them, and then I deleted them from there. However, I do notice that whenever I restart Windows now I get the error that for Malware bytes the cleanup.dll specified module cannot be found. However, Malware bytes works fine and says I'm protected while in Windows. Do any of you guys know how to fix this or is it nothing really to worry about? Also, is there any way of knowing if the malware stole any passwords or anything, or is that kind of hard to tell?

    Thanks for all the help this far, especially with Malware bytes! I can't believe ESET and MSE didn't pick the spyware password viruses up though. Those are pretty nasty viruses! They should definitely be getting picked up, especially because they're in system32 and they're bin files!
    Last edited by Jimmyman; 23 Jul 2012 at 09:48.
      My Computer


  7. Posts : 1,436
    Windows 8.1 Pro x64
       #7

    To fix that error, just try and reinstall malware bytes. But yes that would be hard to tell. I think near impossible, But I am no expert so don't take my word for it.

    Did you try windows defender online?

    -Justin
      My Computer


  8. Posts : 16
    Windows 7 Ultimate x64 sp1
    Thread Starter
       #8

    I'm trying Windows defender online now. I don't think it'll catch anything because I scanned with Windows defender too along with MSE and ESET and none of them found it. That's why I'm so surprised. I just can't believe they'd let something like that get away. MB is the best though. I think I'm going to use it from now on and get the premium version too!
      My Computer


  9. Posts : 1,436
    Windows 8.1 Pro x64
       #9

    Sorry i meant Windows Defender Offline lol sorry. Have you had any crashes since you removed those viruses?
      My Computer


  10. Posts : 16
    Windows 7 Ultimate x64 sp1
    Thread Starter
       #10

    I haven't had too many crashes. The most common was a BSOD saying athrx.sys but I've had that one before and I fixed it by rolling back the wireless network adapter driver to the one before Windows update. The problem still occurs though strangely with a new user being created everytime I restart Windows, even though I think I got rid of the virus. Maybe I should scan my whole system?
      My Computer


 
Page 1 of 5 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:27.
Find Us