Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird user account keeps popping up after i've deleted it a few times.


  • Please log in to reply
17 replies to this topic

#1 lukexj

lukexj

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 17 April 2016 - 01:36 AM

A weird user account keeps popping up on my great-grand fathers laptop, I have ran ESET and Malwarebytes but it didn't find anything. I've removed it a couple of times but it seems to keep popping up after awhile. This laptop is barely 2 weeks old, So if it did get infected i dont know how seeing as my grandpa doesn't click on weird ads or links, he doesn't even have flash or java on the laptop because i didn't download it.


Edited by lukexj, 17 April 2016 - 01:42 AM.


BC AdBot (Login to Remove)

 


#2 lukexj

lukexj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 17 April 2016 - 02:23 AM

I've run every tool and scan i could think of and not 1 threat or anything out of the ordinary



#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 18 April 2016 - 07:02 AM

Hi lukexj :)

Can you tell us what is the name of that weird user account?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 lukexj

lukexj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 18 April 2016 - 07:32 AM

Hi lukexj :)

Can you tell us what is the name of that weird user account?

 

The name of the account is "John", Why do you ask?


Edited by lukexj, 18 April 2016 - 08:38 AM.


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 18 April 2016 - 09:54 AM

Just to see if it's not a default Windows account. Where do you see popping up exactly?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 lukexj

lukexj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 18 April 2016 - 10:01 AM

Just to see if it's not a default Windows account. Where do you see popping up exactly?

 

It pops up at the logon screen, in the add remove user area it says its a standard user, no matter how many times i delete the account it seems to pop back up after a little while.



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 18 April 2016 - 10:31 AM

Alright. What version and edition of Windows are you running?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 lukexj

lukexj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 18 April 2016 - 10:49 AM

Alright. What version and edition of Windows are you running?

Windows 10 home



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 18 April 2016 - 11:42 AM

Is there anyone else in your family (or great-grand-father family) named John? Or is anyone else using that laptop?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 lukexj

lukexj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 18 April 2016 - 12:32 PM

There is one but he isnt over that much. but the weird thing is I've removed the account many times and it keeps coming back.



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 18 April 2016 - 01:00 PM

I thought that maybe when that person was coming over, he would create that account to use it. Is it a local account, or Microsoft account (associated with a Microsoft email address)?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 lukexj

lukexj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 18 April 2016 - 06:07 PM

It is a local account but when i deleted it and was doing the scans it popped right back up a little while after i deleted it and ran the scans. And i dont think anyone in my family could add/remove user accounts except me and my mom. So its highly unlikely that anyone would have added it.



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 20 April 2016 - 09:03 PM

Sorry it seems that I missed your reply.

Can you see the creation date of that account next time you see it? Take a look in it's userprofile and try to see the oldest creation/modification time you can see on a file and/or folder. You could right-click on its userprofile folder directly, select Properties and check the creation date there.

Edited by Aura, 20 April 2016 - 09:03 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 lukexj

lukexj
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 22 April 2016 - 06:06 PM

I was a little occupied the 20th, My great grandfather is using the laptop for a little bit. What should i do after i take a look after the creation date?



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:58 PM

Posted 23 April 2016 - 10:01 AM

Once you find the creation date, post it here, and export the Security log from the Event Viewer. To export it, enter Event Viewer in the Search Menu and click on its icon to launch it. From there, navigate to Windows Logs then Security. Once the entries are loaded, in the right corner of the tab, click on Save All Events As... and save the file on your desktop. From there, you can upload it on SendSpace and post the download URL for it here.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users