Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Unusual User Accounts


  • Please log in to reply
8 replies to this topic

#1 Guest_Dar Bako_*

Guest_Dar Bako_*

  • Guests
  • OFFLINE
  •  

Posted 19 December 2007 - 06:11 PM

Hi BC Friends
A strange thing happened the other night, when restarting my PC I had two user accounts re appear. they had been deleted for a long time couple of years i think. and after several system restore point deletes,due to problems. they both had administrator rights which they didn't have originally have!
I am on a single home PC. Has any one head of this sort of thing before?
regards Bako :thumbsup:

BC AdBot (Login to Remove)

 


#2 CTH_Tom

CTH_Tom

  • Members
  • 295 posts
  • OFFLINE
  •  

Posted 19 December 2007 - 06:33 PM

When you create a user account XP generates a SID, security identifier, for that account. Windows uses SIDs instead of usernames.
When you delete that user the SID still resides in the registry for the now deleted user account.

after several system restore point deletes,due to problems

Can you elaborate on the problems?
I've heard of hackers accessing a computers registry to reacitvate accounts from the SID's.
X

#3 Guest_Dar Bako_*

Guest_Dar Bako_*

  • Guests
  • OFFLINE
  •  

Posted 19 December 2007 - 06:51 PM

HI CHT Tom
There are no problems as such, just that my anti virus sometimes gets switched off or at least it goes off. it may be totally unrelated, but after such a long time?

#4 CTH_Tom

CTH_Tom

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 19 December 2007 - 06:59 PM

Could be the system restores brought back the deleted user accounts, don't know for sure as I've never deleted an account and then used system restore.
As for your AV shutting down that could be a malware problem and should address that in the What If I'm Infected forum.
What AV program are you using?

Edited by CTH_Tom, 19 December 2007 - 06:59 PM.

X

#5 Guest_Dar Bako_*

Guest_Dar Bako_*

  • Guests
  • OFFLINE
  •  

Posted 19 December 2007 - 07:24 PM

thank you Thanks for your reply CTH Tom
I have just been cleaned up by top HJT team member . I don't think its a malware problem . I on trust them on that :thumbsup:
Its just such a surprise to see it come back,old photos and user names? why now? I use Norton provided by ISP.

#6 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope

Posted 19 December 2007 - 07:34 PM

Hi Dar Bako,

I don't have an answer to your question, though I have had an odd user account put itself on my machine before. I just thought I'd follow this thread for awhile to see if anyone comes up with anything solid.


Hi CTH_Tom,

Interesting information about the CIDs thingy... now as I have deleted a couple of accounts in the past that had Admin rights I can foresee the possibility of a future security breach should some nosy hacker just happen by.

Where does one look to see if there are any old CIDs laying about that should be deleted? AND how do you know if a CID is for a current user account or for an account that has been scrubbed?

Thanks,

♥ Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#7 Guest_Dar Bako_*

Guest_Dar Bako_*

  • Guests
  • OFFLINE
  •  

Posted 19 December 2007 - 07:43 PM

"What" :thumbsup:

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:14 PM

Posted 20 December 2007 - 08:58 AM

A couple of things of note (IMO):
1) previous malware infection
2) mysterious reappearing accounts
3) Antivirus turning on and off

The 2 possibilities (IMO) are:
1) That you've gotten re-infected
2) That Windows has corruption issues.

As a caveat here, viruses are very invasive and can damage the OS either when they are installed - or when they are removed. This can cause the OS to react in strange ways.

I'd start with a couple of free, online scans to rule out a reinfection
http://safety.live.com (requires Internet Explorer)
http://housecall.trendmicro.com

If they come up clean, then we'll have to work at repairing your Windows installation. Please let us know the results.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 Guest_Dar Bako_*

Guest_Dar Bako_*

  • Guests
  • OFFLINE
  •  

Posted 22 December 2007 - 08:55 PM

Thanks usasma
I will try your options soon. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users