While performing a complete REINSTALL on my one-year-old computer to fix a
number of small things, I noticed that I had THREE USERS: me, guest, and a
user named ATIxxxxx. Almost immediately, my McAfee intervened to say that a
program was trying to access a file on my computer (regread?) and was this
okay?

I denied all outbound access and deleted the user, the one with the strange
name (again, ATIxxxxx where the little Xs are additional characters that I
failed to memorize).

Is there a virus/worm/trojan on my computer that caused this?
DannyBoy

Did that user appear immediatley after the install and before you connected
to the internet? Did you do a pristine install which requires that the
system drive be formatted [not quick format] ? Are you using authentic
Microsoft XP install disk and not some copy? --- Steve


"DannyBoy" <DannyBoy@discussions.microsoft.com> wrote in message
news:3CEF6A61-BFAA-4D26-8D0D-EF6A8C9F3241@microsoft.com...
> While performing a complete REINSTALL on my one-year-old computer to fix a
> number of small things, I noticed that I had THREE USERS: me, guest, and
> a
> user named ATIxxxxx. Almost immediately, my McAfee intervened to say that
> a
> program was trying to access a file on my computer (regread?) and was this
> okay?
>
> I denied all outbound access and deleted the user, the one with the
> strange
> name (again, ATIxxxxx where the little Xs are additional characters that I
> failed to memorize).
>
> Is there a virus/worm/trojan on my computer that caused this?
> DannyBoy

Take note of what the full string is and do a google search
for it. Seems to me I have seen that in the past having to
do with an ATI video card (somewhere back in the cob webs
of my mind).

mikey

"steve umbach" <n9rou@nO-spam-for-me-comcast.net> wrote in message
news:O$wOTOYEGHA.2320@TK2MSFTNGP11.phx.gbl...
> Did that user appear immediatley after the install and before you
connected
> to the internet? Did you do a pristine install which requires that the
> system drive be formatted [not quick format] ? Are you using
authentic
> Microsoft XP install disk and not some copy? --- Steve
>
>
> "DannyBoy" <DannyBoy@discussions.microsoft.com> wrote in message
> news:3CEF6A61-BFAA-4D26-8D0D-EF6A8C9F3241@microsoft.com...
> > While performing a complete REINSTALL on my one-year-old computer to
fix a
> > number of small things, I noticed that I had THREE USERS: me,
guest, and
> > a
> > user named ATIxxxxx. Almost immediately, my McAfee intervened to
say that
> > a
> > program was trying to access a file on my computer (regread?) and
was this
> > okay?
> >
> > I denied all outbound access and deleted the user, the one with the
> > strange
> > name (again, ATIxxxxx where the little Xs are additional characters
that I
> > failed to memorize).
> >
> > Is there a virus/worm/trojan on my computer that caused this?
> > DannyBoy
>
>

Your second question, first:
I both partitioned AND FORMATTED the hard disk using the reinstall CD from
Dell Computers and no, I didn't choose the quick format.
Yourt third question:
I am using an authentic Dell Computers reintall CD.
Your first question:
I can't recall WHEN I UN plugged the Ethernet cable but I suspected that all
kinds of things could get past my hardware firewall/router (Zyxel) so very
early during the reinstall, I unplugged it. And when I did reconnect the
Ethernet cable, I made darned sure the Windows software firewall was turned
on. I then downloaded all the patches to the Windows operating system. I
then connected to McAfee and downloaded their software (the entire suite of
security protections) then downloaded all the patches for it.

I attempted to conduct a chat with someone at Dell Computers today (my day
off) but the lines were busy for one hour. I will try again later tonight.
I suspect that an ATI driver was trying to connect to something but it
doesn't make any sense at all that a new user (Dan (that's me), guest, and
ATIxxxx) would need to be created to accomplish this. That's what led me to
believe I have a virus.

Need to tell you that McAfee found no viruses/worms/trojans in my initial
scan.

Thanks for your response,
DannyBoy

"steve umbach" wrote:

> Did that user appear immediatley after the install and before you connected
> to the internet? Did you do a pristine install which requires that the
> system drive be formatted [not quick format] ? Are you using authentic
> Microsoft XP install disk and not some copy? --- Steve
>
>
> "DannyBoy" <DannyBoy@discussions.microsoft.com> wrote in message
> news:3CEF6A61-BFAA-4D26-8D0D-EF6A8C9F3241@microsoft.com...
> > While performing a complete REINSTALL on my one-year-old computer to fix a
> > number of small things, I noticed that I had THREE USERS: me, guest, and
> > a
> > user named ATIxxxxx. Almost immediately, my McAfee intervened to say that
> > a
> > program was trying to access a file on my computer (regread?) and was this
> > okay?
> >
> > I denied all outbound access and deleted the user, the one with the
> > strange
> > name (again, ATIxxxxx where the little Xs are additional characters that I
> > failed to memorize).
> >
> > Is there a virus/worm/trojan on my computer that caused this?
> > DannyBoy
>
>
>

I was also thinking of what Mike alluded to in that maybe an application
created this user and since you are using an ATI video card the fact the
username starts with ATI leads me to believe that this may be what has
happened. Did you need to install and ATI software for drivers/control
center? If you did try reinstalling it to see if the user account is created
again.

After your description of what you did to rebuild your computer I would tend
to believe that it probably is malware free as you seem to be pretty careful
about what you did. Personally I would think that your Zyxel firewall would
do a great job protecting your network but there is nothing wrong with also
enabling the Windows Firewall. --- Steve


"DannyBoy" <DannyBoy@discussions.microsoft.com> wrote in message
news1CD1818-6621-44CC-ABFB-6E63C12D203F@microsoft.com...
> Your second question, first:
> I both partitioned AND FORMATTED the hard disk using the reinstall CD from
> Dell Computers and no, I didn't choose the quick format.
> Yourt third question:
> I am using an authentic Dell Computers reintall CD.
> Your first question:
> I can't recall WHEN I UN plugged the Ethernet cable but I suspected that
> all
> kinds of things could get past my hardware firewall/router (Zyxel) so very
> early during the reinstall, I unplugged it. And when I did reconnect the
> Ethernet cable, I made darned sure the Windows software firewall was
> turned
> on. I then downloaded all the patches to the Windows operating system. I
> then connected to McAfee and downloaded their software (the entire suite
> of
> security protections) then downloaded all the patches for it.
>
> I attempted to conduct a chat with someone at Dell Computers today (my day
> off) but the lines were busy for one hour. I will try again later
> tonight.
> I suspect that an ATI driver was trying to connect to something but it
> doesn't make any sense at all that a new user (Dan (that's me), guest, and
> ATIxxxx) would need to be created to accomplish this. That's what led me
> to
> believe I have a virus.
>
> Need to tell you that McAfee found no viruses/worms/trojans in my initial
> scan.
>
> Thanks for your response,
> DannyBoy
>
> "steve umbach" wrote:
>
>> Did that user appear immediatley after the install and before you
>> connected
>> to the internet? Did you do a pristine install which requires that the
>> system drive be formatted [not quick format] ? Are you using authentic
>> Microsoft XP install disk and not some copy? --- Steve
>>
>>
>> "DannyBoy" <DannyBoy@discussions.microsoft.com> wrote in message
>> news:3CEF6A61-BFAA-4D26-8D0D-EF6A8C9F3241@microsoft.com...
>> > While performing a complete REINSTALL on my one-year-old computer to
>> > fix a
>> > number of small things, I noticed that I had THREE USERS: me, guest,
>> > and
>> > a
>> > user named ATIxxxxx. Almost immediately, my McAfee intervened to say
>> > that
>> > a
>> > program was trying to access a file on my computer (regread?) and was
>> > this
>> > okay?
>> >
>> > I denied all outbound access and deleted the user, the one with the
>> > strange
>> > name (again, ATIxxxxx where the little Xs are additional characters
>> > that I
>> > failed to memorize).
>> >
>> > Is there a virus/worm/trojan on my computer that caused this?
>> > DannyBoy
>>
>>
>>