|
#1
01-05-2006, 05:43 AM
|
|||
|
|||
Strange New User Created
While performing a complete REINSTALL on my one-year-old computer to fix a
number of small things, I noticed that I had THREE USERS: me, guest, and a user named ATIxxxxx. Almost immediately, my McAfee intervened to say that a program was trying to access a file on my computer (regread?) and was this okay? I denied all outbound access and deleted the user, the one with the strange name (again, ATIxxxxx where the little Xs are additional characters that I failed to memorize). Is there a virus/worm/trojan on my computer that caused this? DannyBoy 
|
|
#2
01-05-2006, 05:44 AM
|
|||
|
|||
|
Re: Strange New User Created
Did that user appear immediatley after the install and before you connected
to the internet? Did you do a pristine install which requires that the system drive be formatted [not quick format] ? Are you using authentic Microsoft XP install disk and not some copy? --- Steve "DannyBoy" <DannyBoy@discussions.microsoft.com> wrote in message news:3CEF6A61-BFAA-4D26-8D0D-EF6A8C9F3241@microsoft.com... > While performing a complete REINSTALL on my one-year-old computer to fix a > number of small things, I noticed that I had THREE USERS: me, guest, and > a > user named ATIxxxxx. Almost immediately, my McAfee intervened to say that > a > program was trying to access a file on my computer (regread?) and was this > okay? > > I denied all outbound access and deleted the user, the one with the > strange > name (again, ATIxxxxx where the little Xs are additional characters that I > failed to memorize). > > Is there a virus/worm/trojan on my computer that caused this? > DannyBoy
|
|
#3
01-05-2006, 05:44 AM
|
|||
|
|||
|
Re: Strange New User Created
Take note of what the full string is and do a google search
for it. Seems to me I have seen that in the past having to do with an ATI video card (somewhere back in the cob webs of my mind). mikey "steve umbach" <n9rou@nO-spam-for-me-comcast.net> wrote in message news:O$wOTOYEGHA.2320@TK2MSFTNGP11.phx.gbl... > Did that user appear immediatley after the install and before you connected > to the internet? Did you do a pristine install which requires that the > system drive be formatted [not quick format] ? Are you using authentic > Microsoft XP install disk and not some copy? --- Steve > > > "DannyBoy" <DannyBoy@discussions.microsoft.com> wrote in message > news:3CEF6A61-BFAA-4D26-8D0D-EF6A8C9F3241@microsoft.com... > > While performing a complete REINSTALL on my one-year-old computer to fix a > > number of small things, I noticed that I had THREE USERS: me, guest, and > > a > > user named ATIxxxxx. Almost immediately, my McAfee intervened to say that > > a > > program was trying to access a file on my computer (regread?) and was this > > okay? > > > > I denied all outbound access and deleted the user, the one with the > > strange > > name (again, ATIxxxxx where the little Xs are additional characters that I > > failed to memorize). > > > > Is there a virus/worm/trojan on my computer that caused this? > > DannyBoy > >
|
|
#4
01-05-2006, 05:44 AM
|
|||
|
|||
|
Re: Strange New User Created
Your second question, first:
I both partitioned AND FORMATTED the hard disk using the reinstall CD from Dell Computers and no, I didn't choose the quick format. Yourt third question: I am using an authentic Dell Computers reintall CD. Your first question: I can't recall WHEN I UN plugged the Ethernet cable but I suspected that all kinds of things could get past my hardware firewall/router (Zyxel) so very early during the reinstall, I unplugged it. And when I did reconnect the Ethernet cable, I made darned sure the Windows software firewall was turned on. I then downloaded all the patches to the Windows operating system. I then connected to McAfee and downloaded their software (the entire suite of security protections) then downloaded all the patches for it. I attempted to conduct a chat with someone at Dell Computers today (my day off) but the lines were busy for one hour. I will try again later tonight. I suspect that an ATI driver was trying to connect to something but it doesn't make any sense at all that a new user (Dan (that's me), guest, and ATIxxxx) would need to be created to accomplish this. That's what led me to believe I have a virus. Need to tell you that McAfee found no viruses/worms/trojans in my initial scan. Thanks for your response, DannyBoy "steve umbach" wrote: > Did that user appear immediatley after the install and before you connected > to the internet? Did you do a pristine install which requires that the > system drive be formatted [not quick format] ? Are you using authentic > Microsoft XP install disk and not some copy? --- Steve > > > "DannyBoy" <DannyBoy@discussions.microsoft.com> wrote in message > news:3CEF6A61-BFAA-4D26-8D0D-EF6A8C9F3241@microsoft.com... > > While performing a complete REINSTALL on my one-year-old computer to fix a > > number of small things, I noticed that I had THREE USERS: me, guest, and > > a > > user named ATIxxxxx. Almost immediately, my McAfee intervened to say that > > a > > program was trying to access a file on my computer (regread?) and was this > > okay? > > > > I denied all outbound access and deleted the user, the one with the > > strange > > name (again, ATIxxxxx where the little Xs are additional characters that I > > failed to memorize). > > > > Is there a virus/worm/trojan on my computer that caused this? > > DannyBoy > > >
|
|
#5
01-05-2006, 05:44 AM
|
|||
|
|||
|
Re: Strange New User Created
I was also thinking of what Mike alluded to in that maybe an application
created this user and since you are using an ATI video card the fact the username starts with ATI leads me to believe that this may be what has happened. Did you need to install and ATI software for drivers/control center? If you did try reinstalling it to see if the user account is created again. After your description of what you did to rebuild your computer I would tend to believe that it probably is malware free as you seem to be pretty careful about what you did. Personally I would think that your Zyxel firewall would do a great job protecting your network but there is nothing wrong with also enabling the Windows Firewall. --- Steve "DannyBoy" <DannyBoy@discussions.microsoft.com> wrote in message news  1CD1818-6621-44CC-ABFB-6E63C12D203F@microsoft.com...> Your second question, first: > I both partitioned AND FORMATTED the hard disk using the reinstall CD from > Dell Computers and no, I didn't choose the quick format. > Yourt third question: > I am using an authentic Dell Computers reintall CD. > Your first question: > I can't recall WHEN I UN plugged the Ethernet cable but I suspected that > all > kinds of things could get past my hardware firewall/router (Zyxel) so very > early during the reinstall, I unplugged it. And when I did reconnect the > Ethernet cable, I made darned sure the Windows software firewall was > turned > on. I then downloaded all the patches to the Windows operating system. I > then connected to McAfee and downloaded their software (the entire suite > of > security protections) then downloaded all the patches for it. > > I attempted to conduct a chat with someone at Dell Computers today (my day > off) but the lines were busy for one hour. I will try again later > tonight. > I suspect that an ATI driver was trying to connect to something but it > doesn't make any sense at all that a new user (Dan (that's me), guest, and > ATIxxxx) would need to be created to accomplish this. That's what led me > to > believe I have a virus. > > Need to tell you that McAfee found no viruses/worms/trojans in my initial > scan. > > Thanks for your response, > DannyBoy > > "steve umbach" wrote: > >> Did that user appear immediatley after the install and before you >> connected >> to the internet? Did you do a pristine install which requires that the >> system drive be formatted [not quick format] ? Are you using authentic >> Microsoft XP install disk and not some copy? --- Steve >> >> >> "DannyBoy" <DannyBoy@discussions.microsoft.com> wrote in message >> news:3CEF6A61-BFAA-4D26-8D0D-EF6A8C9F3241@microsoft.com... >> > While performing a complete REINSTALL on my one-year-old computer to >> > fix a >> > number of small things, I noticed that I had THREE USERS: me, guest, >> > and >> > a >> > user named ATIxxxxx. Almost immediately, my McAfee intervened to say >> > that >> > a >> > program was trying to access a file on my computer (regread?) and was >> > this >> > okay? >> > >> > I denied all outbound access and deleted the user, the one with the >> > strange >> > name (again, ATIxxxxx where the little Xs are additional characters >> > that I >> > failed to memorize). >> > >> > Is there a virus/worm/trojan on my computer that caused this? >> > DannyBoy >> >> >>
|
 |
| Thread Tools | Search this Thread |
| Display Modes | |
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Error: Server rejecting sender's e-mail address | Fred | Outlook Express | 19 | 01-05-2006 04:42 PM |
| How to transfer files/data to a newly created User Account | Jerseyfinn | Windows XP Configuration Manage | 1 | 01-05-2006 07:33 AM |
| Delay opening folders caused by dcom server process launcher service | None | Windows XP Help and Support | 5 | 01-05-2006 02:46 AM |
| Long delay before Drives & Files appear in My Computer & Address Bar | shizzlenizzlator@gmail.com | Windows XP Help and Support | 3 | 01-05-2006 02:44 AM |
| Windows error message | Glo | Windows XP Basics | 41 | 01-05-2006 02:04 AM |
Linear Mode
