Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TeaTimer notification


  • Please log in to reply
9 replies to this topic

#1 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 27 November 2008 - 05:01 PM

Hey guys, I just logged on this morning and got the following TeaTimer popup. Since it doesn't look like a security risk, I posted in the XP forum.

Posted Image

If the image is too small to read, the message says

Category: Winlogon
Change: Value Changed
Entry: DefaultUsername

Old Data:Ka*** (I put the stars because it is a family member's name)
New Data: Sh***

I denied the change because I am not yet sure what it is doing.

If this should be in the security forum, please move it :thumbsup:

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Edited by Animal, 27 November 2008 - 05:02 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 27 November 2008 - 05:08 PM

Hello xblindx.

The HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\DefaultUsername determines which account to log onto by default.

The article here describes it quite well.

Did you or someone in your family change the autologon settings?

With Regards,
The Panda

#3 xblindx

xblindx
  • Topic Starter

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 27 November 2008 - 05:10 PM

Not that I am aware of. No account automatically logs on. If it matters, my brother (the Ka***) and my mom (Sh***) were the ones logged on already. Whenever I logged on (TeaTimer is on my account) I got the notifcation. Is it possible that maybe since my mom logged on before my brother (my brother is usually the first to log on), it thought it was making it the default? The message has appeared before, I always deny it without issue but just was curious as to what exactly is occurring.

Edited by xblindx, 27 November 2008 - 05:11 PM.


#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 27 November 2008 - 05:25 PM

Hello xblindx.

Not exactly sure what is happening here.

Try allowing the change (definately not anything dangerous). Does it appear again after?

With Regards,
The Panda

#5 xblindx

xblindx
  • Topic Starter

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 27 November 2008 - 05:30 PM

I'll allow the next time it appears, I doubt it will do anything but I just wasn't sure what was going on.

While I have you here, I have 2 quick questions:

1) When running MBAM, should you run it on each username or just on one (admin) account?
2) If you are using a router and visit a malicious site on, say an iPod touch, would the site download any infections onto the computer that is connected to the router, or is it not possible for the files to cross the boundary?

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 27 November 2008 - 06:05 PM

Hello xblindx.

1) When running MBAM, should you run it on each username or just on one (admin) account?

Any admin account will do fine. It will look into all the user profiles.

I am not sure if MBAM takes out registry entries under other user hives though.

If you are using a router and visit a malicious site on, say an iPod touch, would the site download any infections onto the computer that is connected to the router, or is it not possible for the files to cross the boundary?

The iPod environment does not allow malware to run (as far as I know). If Linux is installed, it is possible for malware to run on the iPod. I doubt it can go as far as altering the router.

With Regards,
The Panda

#7 xblindx

xblindx
  • Topic Starter

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 27 November 2008 - 06:12 PM

Well for the second question, I was asking if the site could somehow infect a PC that is connected to the same router as the iPod.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 27 November 2008 - 06:19 PM

Hello xblindx.

In theory, if you connect to a site using the iPod, your IP can be recorded and your computer can be hacked. However, simply having the IP is usually not enough to get into the computer.

So the answer would be no, otherwise extremely unlikely. There can always be exploits that no one has discovered.

With Regards,
The Panda

#9 xblindx

xblindx
  • Topic Starter

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 27 November 2008 - 06:56 PM

Alright. Thanks :thumbsup:

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 27 November 2008 - 07:11 PM

No problem.

The panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users