• Creator
  • #2155144

    someone created a user “will$” on my machine


    by tavari ·

    Hi all,
    someone created a username called: will$ and we don’t know who created it. Looks like a hack.
    Its windows XP Pro machine, and it does have a public ip address and RDP is available via the internet.

    Nothing seems to be wrong with the machine , but we want to know whats going on, and how to prevent it.
    We do need the public RDP acess as it will go be colocated at the hosting.



All Answers

  • Author
    • #2954437


      by tavari ·

      In reply to someone created a user “will$” on my machine


    • #2954431

      Anti-Virus Scan Time

      by bfilmfan ·

      In reply to someone created a user “will$” on my machine

      And what do your antivirus scans reveal?

    • #2954425

      Try this

      by rob miners ·

      In reply to someone created a user “will$” on my machine

      Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers.

      With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.

      Removing malware from System Restore points
      To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software – allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.

      Default Start Menu XP
      If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check “Turn off System Restore”.

      Classic Start Menu XP
      If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check “Turn off System Restore”.

      Start, right mouse click Computer and select Properties. Select Advanced System Properties, click contine and then System Protection. Untick the box nect to Local Disk C: and click on Turn System Restore off.

      After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from “Turn off System Restore”.

      Download Malwarebytes Anti-Malware, install it and update it.


      * Double-click mbam-setup.exe and follow the prompts to install the program.
      * At the end, be sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
      * If an update is found, it will download and install the latest version.
      * Once the program has loaded, select Perform Quick Scan, then click Scan.
      * When the scan is complete, click OK, then Show Results to view the results.
      * Be sure that everything is checked, and click Remove Selected.

      If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

      I would keep scanning with it until it is clean by closing out and rebooting and running it again.

      Download Spybot – Search & Destroy and install it. Update it and run it.


      Also run this Rootkit Revealer GMer



      Just to be on the safe side when you finish do an online scan with Bitdefender or Google for an online scanner.

Viewing 2 reply threads