Windows update just added a User to my PC, Do I need 2 plus guest?

Torchwood, it is not an additional admin account that was introduced, it has always been there. Problem was it got enabled without user consent.

I have all Windows updates installed and haven't seen such behavior in my PCs.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1AMD Phenom 2 1090T2x8GB Kingston HyperX Fury Black 1600Mhz Unga...MSI GTX 970 Gaming 4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Ultimate x64 SP1
CPU
AMD Phenom 2 1090T
Motherboard
Gigabyte GA-890FXA-UD5
Memory
2x8GB Kingston HyperX Fury Black 1600Mhz Unganged
Graphics Card(s)
MSI GTX 970 Gaming 4G
Sound Card
Realtek On-Board HD 7.1 Audio / Logitech G35
Monitor(s) Displays
3xAcer GD245HQ
Screen Resolution
1920x1080
Hard Drives
Samsung 850 Pro 512GB SSD - OS /
WD Caviar Black SATA 3 - 1 TBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GB - Internal Backup /
Seagate Barracude SATA 3 - 3TB - External Backup/ Sync
PSU
HighPower 1000W
Case
Cooler Master HAF 932
Cooling
Noctua NH-D14
Keyboard
Logitech G19
Mouse
Logitech G500
Internet Speed
100/4 Mbit Cable (100GB quota)
Antivirus
ZoneAlarm Extreme Security / MBAM Pro / MBAE Free / SAS Free
Browser
IE 11 - Firefox - Chrome
Other Info
Logitech F710/ G27/ G940/ Z5500 // TrackIR 5 // Nvidia 3D Surround Vision
~~~
Well, try logging in with the Administrator (now Admin-Bob) and if it works, just disable it and remember the name if ever needed. :) We should be rename it back somehow, maybe others will advice something regarding this.
Many companies rename the built-in Administrator account as an extra security step. The laptop that I'm on has had that account renamed (and disabled) from day one. This makes it harder for malware that intends to enable/use this built-in Administrator account.

The link that you provided to the tut for enable/disable built-in admin account has a step that deals with renamed accounts by linking to this tut: http://www.sevenforums.com/tutorials/7417-built-administrator-account-change-name.html

Bottom-line...
...renaming that built-in account is a good thing
...disabling that built-in account is a good thing


BobKoz,
Most users don't bother renaming the built-in admin account. It is fine if you want to leave that account with its default name. As far as using a admin:user account vs. an standard:user account for day to day use: Yes, the using a standard:user account is safer; however, it can be hard to do/understand certain actions, so it is probably not worth changing to a standard:user account. Just keep the User Account Control turned on when using your current admin:user account.
 

My Computer My Computer

At a glance

W7 Pro SP1 64biti78GBIntel HD Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
UNI, you are of course 100% right. I was trying to comment on BobKoz's way of trying to deal with the issue. And to be honest almost forgotten of that best practice :)
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1AMD Phenom 2 1090T2x8GB Kingston HyperX Fury Black 1600Mhz Unga...MSI GTX 970 Gaming 4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Ultimate x64 SP1
CPU
AMD Phenom 2 1090T
Motherboard
Gigabyte GA-890FXA-UD5
Memory
2x8GB Kingston HyperX Fury Black 1600Mhz Unganged
Graphics Card(s)
MSI GTX 970 Gaming 4G
Sound Card
Realtek On-Board HD 7.1 Audio / Logitech G35
Monitor(s) Displays
3xAcer GD245HQ
Screen Resolution
1920x1080
Hard Drives
Samsung 850 Pro 512GB SSD - OS /
WD Caviar Black SATA 3 - 1 TBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GB - Internal Backup /
Seagate Barracude SATA 3 - 3TB - External Backup/ Sync
PSU
HighPower 1000W
Case
Cooler Master HAF 932
Cooling
Noctua NH-D14
Keyboard
Logitech G19
Mouse
Logitech G500
Internet Speed
100/4 Mbit Cable (100GB quota)
Antivirus
ZoneAlarm Extreme Security / MBAM Pro / MBAE Free / SAS Free
Browser
IE 11 - Firefox - Chrome
Other Info
Logitech F710/ G27/ G940/ Z5500 // TrackIR 5 // Nvidia 3D Surround Vision
Your right GokkAy

Standard is greyed out - no problem, you've helped enough :)
 

My Computer My Computer

At a glance

Windows 7 Premium 64 BitIntel Core i7 4790K 4.0GHz Quad Core 8MBKingston 16GB (2X8GB) DDR3-1600Gigabyte Radeon HD 260X 2GB PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Intel Generic
OS
Windows 7 Premium 64 Bit
CPU
Intel Core i7 4790K 4.0GHz Quad Core 8MB
Motherboard
ASUS Intel H97-Pro Gaming ATX
Memory
Kingston 16GB (2X8GB) DDR3-1600
Graphics Card(s)
Gigabyte Radeon HD 260X 2GB PCI-Express
Hard Drives
Samsung 850 EVO Series 250GB SSD (Drive C:\)
1TB Western Digital Black 7200RPM SATA-3 6 Gbs 64MB Cache (Drive D:\ & E:\)
Antivirus
Trend Micro Maximum Antivirus, Malwarebytes, CCleaner
Browser
FireFox
Bob, can you try one thing please:

- Run: eventvwr.msc
- Expand Windows Logs - Security
- On right pane - filter current log
- Enter 4722 (just the number) in the box where it writes <All Event IDs>
- It will now show which account enabled which account and a bit more info

See if you can spot something at the day of issue
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1AMD Phenom 2 1090T2x8GB Kingston HyperX Fury Black 1600Mhz Unga...MSI GTX 970 Gaming 4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Ultimate x64 SP1
CPU
AMD Phenom 2 1090T
Motherboard
Gigabyte GA-890FXA-UD5
Memory
2x8GB Kingston HyperX Fury Black 1600Mhz Unganged
Graphics Card(s)
MSI GTX 970 Gaming 4G
Sound Card
Realtek On-Board HD 7.1 Audio / Logitech G35
Monitor(s) Displays
3xAcer GD245HQ
Screen Resolution
1920x1080
Hard Drives
Samsung 850 Pro 512GB SSD - OS /
WD Caviar Black SATA 3 - 1 TBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GB - Internal Backup /
Seagate Barracude SATA 3 - 3TB - External Backup/ Sync
PSU
HighPower 1000W
Case
Cooler Master HAF 932
Cooling
Noctua NH-D14
Keyboard
Logitech G19
Mouse
Logitech G500
Internet Speed
100/4 Mbit Cable (100GB quota)
Antivirus
ZoneAlarm Extreme Security / MBAM Pro / MBAE Free / SAS Free
Browser
IE 11 - Firefox - Chrome
Other Info
Logitech F710/ G27/ G940/ Z5500 // TrackIR 5 // Nvidia 3D Surround Vision
I had to post here, tried 3 x after your last question:

I just typed in a lot of info but got logged out and lost it..

I added 4722 and displayed the event, it says it happened on 9/9/15 11:02:57 AM which is probably when I turned the PC on.
I can't capture this sys window with my software - Under subject it says BOBS-PC\BobsPC, and under Target account it says BOBS-PC\Administrator........ But I didn't create anything?

Also on bootup it said it was completing update installation before opening Windows. This was the first time I had to choose '
admin' or 'my user'

About renaming Administrator again : if I do this it won't match the folder called Administrator in C:\Users > is this OK? Or should I remame the folder to match?
 

My Computer My Computer

At a glance

Windows 7 Premium 64 BitIntel Core i7 4790K 4.0GHz Quad Core 8MBKingston 16GB (2X8GB) DDR3-1600Gigabyte Radeon HD 260X 2GB PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Intel Generic
OS
Windows 7 Premium 64 Bit
CPU
Intel Core i7 4790K 4.0GHz Quad Core 8MB
Motherboard
ASUS Intel H97-Pro Gaming ATX
Memory
Kingston 16GB (2X8GB) DDR3-1600
Graphics Card(s)
Gigabyte Radeon HD 260X 2GB PCI-Express
Hard Drives
Samsung 850 EVO Series 250GB SSD (Drive C:\)
1TB Western Digital Black 7200RPM SATA-3 6 Gbs 64MB Cache (Drive D:\ & E:\)
Antivirus
Trend Micro Maximum Antivirus, Malwarebytes, CCleaner
Browser
FireFox
BobKoz,
As you have noted - your problem is solved and your computer logs you directly onto your desktop. (This happens by default when Windows see only one enabled account and that account has no password.)

If you have the time and the interest, GokAy will help you try to figure out why this happened. My rambling below are just to try and answer some of the questions that you asked. Some may have already been answered... so I might be repeating stuff:


I worked on the extra user issue all day yesterday and so far I have not found a solution.
Computers can sure take up a lot of time :-(



I don't believe Malware/Virus caused this unless it was picked up with the 25 Windows updates. I have a lot of protection on my PC (as shown above), but anything is possible! Aso my wife's computer did the same thing after the 25 up-dates, her computer is exactly the same as mine and we are not Network Connected.
As you noted, we are not seeing any other people mention this happening to them.
Wild (and unlikely) guess here:
It could be that your antivirus app prevented some update from doing its thing and the update enabled the built-in admin account to complete the task. (I'm guessing that you and your wife use the same antivirus app.)



A new user was created on my PC during the Windows update named "Administrator" (with administrator rights).
As noted elsewhere, the built-in account was enabled, not created. While this is a minor distinction, it would be really scary if a new admin account had been created. As it is, the event is still a mystery, but slightly less scary.



....but no-one has reported this issue as happening on their computer as far as I know?
Correct*. You are the first*. Lucky you :-)

*Not that we hear every report of every Windows Update anomaly.



I deleted the key in my registry for "Administrator" but it did not delete the User "Admin-Bob", I restored the registry with the backup I made. Maybe I should have deleted the C:\ folder in \Users named "Administrator" but I did not. I also searched my computer for "Admin-Bob" and my registry but did not find it anywhere.
Directions I used to delete registry key: https://support.microsoft.com/en-us/kb/156826
For future reference...
...visit that link again
...scroll near the bottom
...the info on that web page applies to
Applies to

Microsoft Windows Millennium Edition
Microsoft Windows 98 Second Edition
Microsoft Windows 98 Standard Edition
Microsoft Windows 95
While it is good that you made a backup of the key before deleting it, there are registry keys that cannot easily be restored via backup. In this case, you did no harm. It won't hurt to leave the key there or to delete it.



GokAy - could not disable Admin account per your link on added user..
This is just FYI: When working with accounts, it is best to restart the computer and log onto your normal account before doing the steps in that tutorial.




torchwood - I looked at my System Properties \ User Profiles - (BOBS-PC is name of PC and belongs to a Homegroup - BobsPC is my original user account), I wasn't able to create a screen capture or image but I copied the "User Profiles" results below:

USER PROFILES
Profiles shared on this computer:
----------------------------------------------------------------------------------------
BOBS-PC\Administrator 46.9 MB Local Local 9/12/2015 << Questionable?
BOBS-PC\BobsPC 18.6 MB Local Local 9/12/2015
Default Profile 1.50 MB Local Local 5/20/2015
----------------------------------------------------------------------------------------

I am still looking for assistance with this issue :
The added User Account appeared after Windows Update called "Administrator" (with Administrator rights) - I renamed it "Admin-Bob", which is probably connected to the new folder in my C:\
Drive, in the \Users folder called "Administrator"
-- I would like to delete this new added user. GokAy, UsernameIssues, torchwood or any members help is appreciated.

Thank you :(,
Bob
See pictures
As has been mentioned: you cannot delete that account. You can (and have) disabled it. If you want, after restarting the computer and logging on with your normal account, you can safely delete that Administrator user folder. You can also leave it there. It really does not matter. About the only impact will be a tiny amount of time added to each full antivirus scan that you do on your computer.





Bob,
what have you got here.
Note shorten name field to get all of last modified date.

Roy

Hello,

torchwood - I looked at my System Properties \ User Profiles - (BOBS-PC is name of PC and belongs to a Homegroup - BobsPC is my original user account), I wasn't able to create a screen capture or image but I copied the "User Profiles" results below:

USER PROFILES
Profiles shared on this computer:
----------------------------------------------------------------------------------------
BOBS-PC\Administrator 46.9 MB Local Local 9/12/2015 << Questionable?
BOBS-PC\BobsPC 18.6 MB Local Local 9/12/2015
Default Profile 1.50 MB Local Local 5/20/2015
----------------------------------------------------------------------------------------

Do you think the one marked "Questionable" is the added User account and deleting it will get rid of the added user?
What worries me is that I'm going to delete part of my original User account or the PC name?
And the Date modified is the date of the Windows update when the added User was created - My original User "BobsPC"' was created back in May?

Thanks,
As mentioned above and elsewhere, you cannot delete the built-in administrator account. I'm repeating this so that I can also add an assurance that deleting the user folder associated with that built-in administrator account will not impact any other account (not that you expressed that specific concern about the user folder).



GokAy - your comment:

Administrator is a default built-in admin account, which is by default disabled.
Guest is by default disabled and built in also.
Your own account should be an admin account.

I never saw the built-in Administrator account before the Windows update, so your saying it somehow got enabled?

Do you know of anyway I can rename it back to "Administrator"? I'm pissed that I renamed it "Admin-Bob", because now it won't let me rename it back to "Administrator"..

12 years on WinXP with no issues, this Win7 double administrator thing is kicking me in the butt..:cry:
I am pretty sure that XP has the same built-in administrator account. It is also disabled by default. You probably never had a need to use it.



GokAy,

netplwiz results:

[X] Users must enter a user name and password to use this computer

Users for this computer:
----------------------------------
Administrator HomeUsers; Administrators
BobsPC HomeUsers; Administrators
HomeGroupUser$ HomeUsers; Administrators

---------------------------------

1) GokAy., I was able to rename the 'Admin-Bob' back to 'Administrator' in netplwiz using properties.

2) I then Hid the built in Administrator using command prompt > net user administrator /active:no

3) Built in Administrator is not displayed in Control Panel/User Accounts anymore (fixed)

4) I tested with a shut down and cold boot and it opens directly into my User Account without any user options


Looks like you fixed all issues GokAy, thanks for all your help :)

Is it a security risk to set user account to Administrator, is it a security risk from Hackers (because no-one else physically touches my PC)?

Sorry for the delay, I wanted to double check everything,
Bob
That is an excellent summary.

I already stated my view on "Is it a security risk to set user account to Administrator"; however, I don't want to discourage you from using the safer Standard account if you want to try it.
You would need to...
...create a user:admin account
(because you don't want to use the built-in:admin account)
...restart the computer
...log onto that new user:admin account
...demote your normal user account to a standard user account
...restart the computer (optional).
Then use your user:standard account for day to day use.

Let me offer an example of one difficulty that you might encounter while using a user:standard account:
We often ask you to do things using an elevated command prompt. If you did option three in this tutorial (http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html), the resulting text file will end up in the desktop folder of the admin account. As long as you know that this is going to happen, then you can deal with it. You can go get the file from there and move it to your desktop.
Or, you could temporarily make your day to day user account an admin account - then change it back once you are done troubleshooting stuff. There are some things that are impossible to do as a standard user. Using "run as administrator" just will not work for some tasks. While this can be frustrating, you can also look at it as an extra measure of safety. This makes it harder for malware to do those things too :-)





I'm going to change it to "Standard" until I get more familiar with Win7, big change from XP..

Netplwiz did actually fix all my issues, I've kept a list of all your directions. I'll mark this thread as solved in a little while.

Thanks again for all your help, you know your stuff !
The same advice applies to XP. It was safer to use a non-admin account in XP too.
 
Last edited:

My Computer My Computer

At a glance

W7 Pro SP1 64biti78GBIntel HD Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
It doesn't mean you personally changed it but it was done with your account's privileges.

Last thing I would check is the Application and System event logs at around the time of the change to see if anything catch my attention.

If you can't, oh well, issue is solved even though the mystery is not! :)
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1AMD Phenom 2 1090T2x8GB Kingston HyperX Fury Black 1600Mhz Unga...MSI GTX 970 Gaming 4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Ultimate x64 SP1
CPU
AMD Phenom 2 1090T
Motherboard
Gigabyte GA-890FXA-UD5
Memory
2x8GB Kingston HyperX Fury Black 1600Mhz Unganged
Graphics Card(s)
MSI GTX 970 Gaming 4G
Sound Card
Realtek On-Board HD 7.1 Audio / Logitech G35
Monitor(s) Displays
3xAcer GD245HQ
Screen Resolution
1920x1080
Hard Drives
Samsung 850 Pro 512GB SSD - OS /
WD Caviar Black SATA 3 - 1 TBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GB - Internal Backup /
Seagate Barracude SATA 3 - 3TB - External Backup/ Sync
PSU
HighPower 1000W
Case
Cooler Master HAF 932
Cooling
Noctua NH-D14
Keyboard
Logitech G19
Mouse
Logitech G500
Internet Speed
100/4 Mbit Cable (100GB quota)
Antivirus
ZoneAlarm Extreme Security / MBAM Pro / MBAE Free / SAS Free
Browser
IE 11 - Firefox - Chrome
Other Info
Logitech F710/ G27/ G940/ Z5500 // TrackIR 5 // Nvidia 3D Surround Vision
I had to post here, tried 3 x after your last question:

I just typed in a lot of info but got logged out and lost it..
Bummer. Thanks for hanging in there.



I added 4722 and displayed the event, it says it happened on 9/9/15 11:02:57 AM which is probably when I turned the PC on.
I can't capture this sys window with my software - Under subject it says BOBS-PC\BobsPC, and under Target account it says BOBS-PC\Administrator........ But I didn't create anything?
What software are you using?




About renaming Administrator again : if I do this it won't match the folder called Administrator in C:\Users > is this OK? Or should I remame the folder to match?
For the most part, it will not hurt how Windows operates to have the user folder name differ from the user account name. It mostly just confuses the humans using the computer.

After you read my previous long/boring post, you will see that you can safely delete this folder. You can rename the built-in administrator account as an added safety measure, but you will need to remember that you have done so. If you are ever instructed to use "net user administrator /active:yes" again you will have to just know to modify those instructions to be "net user renamed /active:yes".

Again, Windows can handle the renamed account just fine. Its the humans (and malware) that get confused.
 

My Computer My Computer

At a glance

W7 Pro SP1 64biti78GBIntel HD Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
There are 50+ application logs and about the same System logs, on the night of original update an morning I after when I first booted - way to much to type..

Lets just say the Master Admin somehow got enabled and leave it at that, you helped me solve what I thought was an issue..

UsernameIssues says:
"Is it a security risk to set user account to Administrator" ....... By making user Standard.......This makes it harder for malware to do those things too.
And it's also OK to Delete the C:\Users "Administrator" folder (containing all user subfolders)..

Do you agree with these also GokAy?
 

My Computer My Computer

At a glance

Windows 7 Premium 64 BitIntel Core i7 4790K 4.0GHz Quad Core 8MBKingston 16GB (2X8GB) DDR3-1600Gigabyte Radeon HD 260X 2GB PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Intel Generic
OS
Windows 7 Premium 64 Bit
CPU
Intel Core i7 4790K 4.0GHz Quad Core 8MB
Motherboard
ASUS Intel H97-Pro Gaming ATX
Memory
Kingston 16GB (2X8GB) DDR3-1600
Graphics Card(s)
Gigabyte Radeon HD 260X 2GB PCI-Express
Hard Drives
Samsung 850 EVO Series 250GB SSD (Drive C:\)
1TB Western Digital Black 7200RPM SATA-3 6 Gbs 64MB Cache (Drive D:\ & E:\)
Antivirus
Trend Micro Maximum Antivirus, Malwarebytes, CCleaner
Browser
FireFox
When you say C:\Users"Administrator" folder do you mean C:\Users\Administrator or every folder under C:\Users? I believe UsernameIssues told that C:\Users\Administrator is safe to delete, the others are required (mostly).

Best defense is always user caution. I have always used administrator accounts (since XP era, I don't remember 95 days :p) and been using one with UAC disabled (many friends will advice against this) for 6 years with no issues at all due to malware. But then again I don't use torrent or visit shady sites, no piracy, etc.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1AMD Phenom 2 1090T2x8GB Kingston HyperX Fury Black 1600Mhz Unga...MSI GTX 970 Gaming 4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Ultimate x64 SP1
CPU
AMD Phenom 2 1090T
Motherboard
Gigabyte GA-890FXA-UD5
Memory
2x8GB Kingston HyperX Fury Black 1600Mhz Unganged
Graphics Card(s)
MSI GTX 970 Gaming 4G
Sound Card
Realtek On-Board HD 7.1 Audio / Logitech G35
Monitor(s) Displays
3xAcer GD245HQ
Screen Resolution
1920x1080
Hard Drives
Samsung 850 Pro 512GB SSD - OS /
WD Caviar Black SATA 3 - 1 TBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GB - Internal Backup /
Seagate Barracude SATA 3 - 3TB - External Backup/ Sync
PSU
HighPower 1000W
Case
Cooler Master HAF 932
Cooling
Noctua NH-D14
Keyboard
Logitech G19
Mouse
Logitech G500
Internet Speed
100/4 Mbit Cable (100GB quota)
Antivirus
ZoneAlarm Extreme Security / MBAM Pro / MBAE Free / SAS Free
Browser
IE 11 - Firefox - Chrome
Other Info
Logitech F710/ G27/ G940/ Z5500 // TrackIR 5 // Nvidia 3D Surround Vision
I meant C:\Users\Administrator is safe to delete < Thanks, and thanks for everything..
 

My Computer My Computer

At a glance

Windows 7 Premium 64 BitIntel Core i7 4790K 4.0GHz Quad Core 8MBKingston 16GB (2X8GB) DDR3-1600Gigabyte Radeon HD 260X 2GB PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Intel Generic
OS
Windows 7 Premium 64 Bit
CPU
Intel Core i7 4790K 4.0GHz Quad Core 8MB
Motherboard
ASUS Intel H97-Pro Gaming ATX
Memory
Kingston 16GB (2X8GB) DDR3-1600
Graphics Card(s)
Gigabyte Radeon HD 260X 2GB PCI-Express
Hard Drives
Samsung 850 EVO Series 250GB SSD (Drive C:\)
1TB Western Digital Black 7200RPM SATA-3 6 Gbs 64MB Cache (Drive D:\ & E:\)
Antivirus
Trend Micro Maximum Antivirus, Malwarebytes, CCleaner
Browser
FireFox
On my desktop and a virtual machine, I don't even have the administrator folder under Users. Because I never logged in with it (have always been disabled). A user folder gets created when the account logs in the first time.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1AMD Phenom 2 1090T2x8GB Kingston HyperX Fury Black 1600Mhz Unga...MSI GTX 970 Gaming 4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Ultimate x64 SP1
CPU
AMD Phenom 2 1090T
Motherboard
Gigabyte GA-890FXA-UD5
Memory
2x8GB Kingston HyperX Fury Black 1600Mhz Unganged
Graphics Card(s)
MSI GTX 970 Gaming 4G
Sound Card
Realtek On-Board HD 7.1 Audio / Logitech G35
Monitor(s) Displays
3xAcer GD245HQ
Screen Resolution
1920x1080
Hard Drives
Samsung 850 Pro 512GB SSD - OS /
WD Caviar Black SATA 3 - 1 TBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GB - Internal Backup /
Seagate Barracude SATA 3 - 3TB - External Backup/ Sync
PSU
HighPower 1000W
Case
Cooler Master HAF 932
Cooling
Noctua NH-D14
Keyboard
Logitech G19
Mouse
Logitech G500
Internet Speed
100/4 Mbit Cable (100GB quota)
Antivirus
ZoneAlarm Extreme Security / MBAM Pro / MBAE Free / SAS Free
Browser
IE 11 - Firefox - Chrome
Other Info
Logitech F710/ G27/ G940/ Z5500 // TrackIR 5 // Nvidia 3D Surround Vision
Yes, I know - I found a post online that explained it.. I did log into ''what I thought was the new account'' to check it out that morning.. I just wanted to confirm it was OK to delete it after it was created, thank you - it's already gone, and I renamed my Master Administrator and hid it again..

Have a good evening!
 

My Computer My Computer

At a glance

Windows 7 Premium 64 BitIntel Core i7 4790K 4.0GHz Quad Core 8MBKingston 16GB (2X8GB) DDR3-1600Gigabyte Radeon HD 260X 2GB PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Intel Generic
OS
Windows 7 Premium 64 Bit
CPU
Intel Core i7 4790K 4.0GHz Quad Core 8MB
Motherboard
ASUS Intel H97-Pro Gaming ATX
Memory
Kingston 16GB (2X8GB) DDR3-1600
Graphics Card(s)
Gigabyte Radeon HD 260X 2GB PCI-Express
Hard Drives
Samsung 850 EVO Series 250GB SSD (Drive C:\)
1TB Western Digital Black 7200RPM SATA-3 6 Gbs 64MB Cache (Drive D:\ & E:\)
Antivirus
Trend Micro Maximum Antivirus, Malwarebytes, CCleaner
Browser
FireFox
You too! :thumbsup:
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1AMD Phenom 2 1090T2x8GB Kingston HyperX Fury Black 1600Mhz Unga...MSI GTX 970 Gaming 4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Ultimate x64 SP1
CPU
AMD Phenom 2 1090T
Motherboard
Gigabyte GA-890FXA-UD5
Memory
2x8GB Kingston HyperX Fury Black 1600Mhz Unganged
Graphics Card(s)
MSI GTX 970 Gaming 4G
Sound Card
Realtek On-Board HD 7.1 Audio / Logitech G35
Monitor(s) Displays
3xAcer GD245HQ
Screen Resolution
1920x1080
Hard Drives
Samsung 850 Pro 512GB SSD - OS /
WD Caviar Black SATA 3 - 1 TBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GB - Internal Backup /
Seagate Barracude SATA 3 - 3TB - External Backup/ Sync
PSU
HighPower 1000W
Case
Cooler Master HAF 932
Cooling
Noctua NH-D14
Keyboard
Logitech G19
Mouse
Logitech G500
Internet Speed
100/4 Mbit Cable (100GB quota)
Antivirus
ZoneAlarm Extreme Security / MBAM Pro / MBAE Free / SAS Free
Browser
IE 11 - Firefox - Chrome
Other Info
Logitech F710/ G27/ G940/ Z5500 // TrackIR 5 // Nvidia 3D Surround Vision
BobKoz,
It is great that you asked for a second opinion from GokAy. Your caution will serve you well.

I'll add that the built-in administrator account profile folder will be recreated if you ever log in to the built-in administrator account again (which is something that you should never need to do).

edit: I see that this was mentioned while I wrote my post.


GokAy,
You probably already know this:
Normally, files coming in via browsers start with the Low Integrity level (or Untrusted Integrity level for Chrome). Malware goes to great lengths to find/use an exploit that allows them to automatically (without the user's help/knowledge) elevate their privileges to the High or System Integrity level. Having the UAC off runs your browsers* at the High Integrity level. Now the malware needs no exploits to elevate its privileges.

*Chrome runs as a combo of High and Untrusted with UAC turned off. However, some Chrome past exploits have taken it to the System Integrity level.

Surfing to websites like Yahoo.com got lots of users infected with the Crypto type of ransomeware. The malware came in thru infected Flash adverts. The malware needed a flawed version of Flash installed on the users computer and an exploit to escape the Low Integrity level. By having the UAC turned off, the infection could hit your computer if you allow Flash to work on Yahoo.com. Flash will still have flaws even when it is up to date.

There are 3rd party add-ons that can help prevent the escalation of privileges - but these tools are normally used by people that want to improve on what Windows already does via UAC. I tend to swing the pendulum the other way. I turn the UAC all the way up. I want to be notified about as many things as I can.

That said, I find it hard to get infected while using a Virtual Machine with all of the built in security things turned off. I've been hunting for a true drive-by infection for years. I've not been lucky enough to find even one that I can study. Yes, some infections will not infect a VM so that they cannot easily be studied... but you would think that I could find one or two infections that were not VM aware.


I'm not suggesting that you turn on the UAC - but since we are not allowed to discuss how you and I protect** our computers from Yahoo.com (and sites like that) - I'll just have to state some of what happens if you have the UAC off.

**those protection methods can fail. The UAC is a good backup.
 

My Computer My Computer

At a glance

W7 Pro SP1 64biti78GBIntel HD Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
Well, that was one very well formed piece of information. Thanks for that, UNI :) I believe I am just too lazy to click OK in UAC. :p Nevertheless noted down and I will process it.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1AMD Phenom 2 1090T2x8GB Kingston HyperX Fury Black 1600Mhz Unga...MSI GTX 970 Gaming 4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Ultimate x64 SP1
CPU
AMD Phenom 2 1090T
Motherboard
Gigabyte GA-890FXA-UD5
Memory
2x8GB Kingston HyperX Fury Black 1600Mhz Unganged
Graphics Card(s)
MSI GTX 970 Gaming 4G
Sound Card
Realtek On-Board HD 7.1 Audio / Logitech G35
Monitor(s) Displays
3xAcer GD245HQ
Screen Resolution
1920x1080
Hard Drives
Samsung 850 Pro 512GB SSD - OS /
WD Caviar Black SATA 3 - 1 TBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GB - Internal Backup /
Seagate Barracude SATA 3 - 3TB - External Backup/ Sync
PSU
HighPower 1000W
Case
Cooler Master HAF 932
Cooling
Noctua NH-D14
Keyboard
Logitech G19
Mouse
Logitech G500
Internet Speed
100/4 Mbit Cable (100GB quota)
Antivirus
ZoneAlarm Extreme Security / MBAM Pro / MBAE Free / SAS Free
Browser
IE 11 - Firefox - Chrome
Other Info
Logitech F710/ G27/ G940/ Z5500 // TrackIR 5 // Nvidia 3D Surround Vision
UsernameIssues; I only confirmed the deletion of the Administration folder with GokAy because he was more involved with helping me solve an issue. I don't like just deleting things, I know you are both very knowledgeable - I wish I was as experienced.

I decided to keep my user account as 'Administrator' but raise my UAC level to it's highest (right now it's at 3/4 which is default), and check that out for awhile.

I'm just a little reluctant in creating a new user account as standard because I just finished changing the Locations on my user Folders off my SSD to my Data disk drive (all except the profile).

Anyway, thanks again!
 

My Computer My Computer

At a glance

Windows 7 Premium 64 BitIntel Core i7 4790K 4.0GHz Quad Core 8MBKingston 16GB (2X8GB) DDR3-1600Gigabyte Radeon HD 260X 2GB PCI-Express
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Intel Generic
OS
Windows 7 Premium 64 Bit
CPU
Intel Core i7 4790K 4.0GHz Quad Core 8MB
Motherboard
ASUS Intel H97-Pro Gaming ATX
Memory
Kingston 16GB (2X8GB) DDR3-1600
Graphics Card(s)
Gigabyte Radeon HD 260X 2GB PCI-Express
Hard Drives
Samsung 850 EVO Series 250GB SSD (Drive C:\)
1TB Western Digital Black 7200RPM SATA-3 6 Gbs 64MB Cache (Drive D:\ & E:\)
Antivirus
Trend Micro Maximum Antivirus, Malwarebytes, CCleaner
Browser
FireFox
Back
Top