[[RESOLVED] HELP needed! Windows 10 process (?) is copying my "user" to "user1"]

Up-and-running!

Cheers

[[RESOLVED] HELP needed! Windows 10 process (?) is copying my "user" to "user1"]

UPDATE! | SOLVED!

Because I killed the internet connection as soon as I saw the accounts added, I was not able to check the Anti Theft (AT) status.

@Marcos a big thank you to you! It was indeed the caused by the AT ghost account, I changed it immediately to another and for me much more recognisable ghost-name! I apologize for my panic-attack.

Pff guys, I'm really sorry for stirring up things around here , never had encountered this issues before, since I use ESET AT.

For now all-systems-are-GO! A very BIG thank you for all who tried to help me solve this headache 

Note to self: keep better track of your system thingies & RTFM! 

Cheers

[[RESOLVED] HELP needed! Windows 10 process (?) is copying my "user" to "user1"]

1 hour ago, itman said:

Here's what is strange. The accounts the malware are creating show the "admin" symbol but they are missing the wording "local administrator account."

Personally if you have malware that can at will create local admin accounts, it might be time to do a "repair" or full Win 10 reinstall. I would try the "repair" in place option first. I assume you haven't created periodic full image backups?

You can also try a system restore to some previous time where malware activity wasn't present. Doubtful about the effectiveness of that but it's worth a shot. 

Thanks for chiming in @itman, appreciated! This is an e-mail I found in the Apple Mail junk folder, please note that yesterday I booted my Windows 10 SSD in a NOT ISOLATED Vmware Fusion VM, but picked it up and booted as native "BootCamp" partition with regular shares Win10 <-> macOS



Here's the screen for the copied user account:



Any thoughts guys?

TIA!

[[RESOLVED] HELP needed! Windows 10 process (?) is copying my "user" to "user1"]

1. ESET SS in-depth scan as administrator returned CLEAN!

2. Malwarebytes macOS returned CLEAN!

3. Running ESET CSP atm for ALL disks and all DAS/NAS!

Keep you posted...

[[RESOLVED] HELP needed! Windows 10 process (?) is copying my "user" to "user1"]

Hi Marcos,

Thanks, atm I don't suspect anything because I'm still investigating, running ESET scan and Windows Defender.

Will report back...

[[RESOLVED] HELP needed! Windows 10 process (?) is copying my "user" to "user1"]

Thanks guys for your immediate response, much appreciated. Will check your options right after the in-depth scan as administrator!

 

 

 

 

[[RESOLVED] HELP needed! Windows 10 process (?) is copying my "user" to "user1"]

Hi all,

I urgently need some serious help tackling my issue! As stated in the titles my SSD-WIN10PRO is out of control creating additional strange user names. After deleting them manually, I now even face a security risk, because some process is even copying my own "username" as "username1"? 

Running ESET SS 10.0.390.0 with latest updates. I rebooted my SSD-WIN10PRO as an isolated VM now in VMware Fusion, killing the internet connection as well!

Help much needed and appreciated ATM!

Cheers

 

[Running Processes Not Showing All Info]

Thanks for your feedback!

[Forum Feedback]

1 hour ago, planet said:

 

 

I'm happy to see that with the new Forum recently, these two things are now possible -- notifications for receiving kudos, as well as being able to provide a reason for editing posts. Thank you!

[Disable scanning my external hard drive]

On 1/10/2017 at 5:27 PM, Ren said:

I already unchecked external HDD but it still check it :-)

Regarding to your screencaps, you are mixing things up a bit. Cap #1 are the settings for the Real-Time Protection, #2 are the settings to perform Computer Scans for internal and external drives with Smart/In-depth/Context selections. In your screen #2 a scan is performed By profile setting and selected only your Macintosh HD.

Please note that you have to set up and select your drives in Scan Targets for all scan scenarios in the Scan Profile Setups for Computer Scan (Smart/In-depth/Context)!

1. Select Scan Profile

2. Select Setup for Scan Targets (see selections above)

Greetz

[Fails Leak test]

Thank you @itman and @Marcos for chiming in and adding some valuable additional info's. Of course automatic mode in ESET is for the 'average' PC user  but when installing beta/preview software, it's nice to know - even for a much lesser tech savvy person like myself - what connections are made in- and/or outbound. For me that's one of the fun part testing beta's.

Greetz

[Fails Leak test]

Thanks for your reply, appreciated!

Yes, to monitor every single connection by any application, inbound and/or outbound the best way to go is using the "interactive mode". It's more time consuming, but sets my own mind at ease. It also gives you a great insight - e.g. when testing beta-software - what the behaviour is in connecting to what server and which protocol its using like http(s).

I'm an insider for Windows as well. The ESET SS software goes bananes - in interactive mode - when doing the first time clean install of Windows. Heh, its fun to watch the telemetry entering your computer!

The GRC Leakage Tester sends an inbound connection to the firewall, when in "interactive mode" you have the option to rule in/out the connection you find suspicious. See my screens. The last test is to rule out that some other process then the ESET firewall is blocking the connection. The combination of both let's you check if your firewall is oke.

If you have any more questions please don't hessitate to ask them here on the forum, a great place te be! I'm still on the steep learning curve myself! ?

Greetz

[Fails Leak test]

2 minutes ago, The Scorpion said:

Eset gave no warning at all of the test when I ran the test so as to let me deny or allow it.

Sorry if I'm missing something here! 

 

What warning were you expecting, I don't quite follow you on this. I've set ESET products always in "interactive mode".

[Fails Leak test]

Just a quick Q: Did you DENY & ALLOW the rules correctly by clicking twice on the OK button after removing/adding the rules for the GRC Leakage Tester, according the sequence advised in this test? Perhaps you could share some screencaps on where ESS failed on you?

I want to share my test sequence with you, perhaps other users running this test, being my first! 

1. Test sequence start:

2. Run Leakage Tester -> create rule and remember permanent: DENY

3. Result Unable To Connect

4. ESS added the create rule (#417) and remember permanent: DENY

5. Removing (#417 -> #416) the create rule and remember permanent: DENY (note: don't forget to OK + OK the removal!)

6. Run Leakage Tester again -> create rule and remember permanent: ALLOW

7. ESS added the create rule (#417) and remember permanent: ALLOW

8. Result Firewall Penetrated

9. Removing (#417 -> #416) the create rule and remember permanent: ALLOW (note: don't forget to OK + OK the removal!)

10. Close the GRC Leakage Tester application

Greetz

[Why the Anti-Theft function has been removed from Eset Smart Security?]

On 1/6/2017 at 4:47 AM, Marcos said:

As of v10, ESET Internet Security has replaced ESET Smart Security and does not contain Anti-Theft. Anti-Theft is now a part of ESET Smart Security Premium. As an existing customer, you can still install and use ESET Smart Security which contains Anti-Theft too.

WOW when I booted my VM after a 10 days absense, I NOTICED that Anti-Theft is back on track in my ESET SS v10 10.0.386.0 (NON-PREMIUM version)!!!

Thank you ESET! 

Greetz!

[Disable scanning my external hard drive]

Oke. Please post screencaps here to check if we're talking about the same prefs.

Greetz

[Disable scanning my external hard drive]

In the Select Scan Tragets you (un)select any external drive you want. Just uncheck the name of the drive you do not want to scan during the Computer Scan.

I would NOT disable any drive for  the Real Time Protection!!!

Greetz

[Disable scanning my external hard drive]

Hi Ren, you can set them in the preferences of ESET CS(P) for RTP & CS:

In main preferences select RTP:

Select your desired Media to Scan. Better leave this one selected for RM:

In main preferences select CS:

Select SPS (1) for several profiles and then select the ST (2) for each profile that you want to change. Repeat for each SPS needed.
 

Select desired scan targets BY PROFILE SETTINGS: 

OR select desired scan targets BY DRIVE TYPE -> i.e. in your case only Local Drives.

Select the drives you want to scan and click OK!

Hope this will help you! Q's? Just let me know!

Greetz

[Forum Feedback]

Roger!

[Forum Feedback]

Hi @TomFace,

I received an e-mail notification with your added link to the post from @SCR about the same spelling typo:

1. Did I post in the wrong subforum? Seems to be a double then. Thanks for that!

2. I can't find your edited quote/post in which you added the link. A bit confusing, but not an issue of course.

Greetz

[Forum Feedback]

Just a little thingy I noticed today!



Should be "See WHO gave kudos"

Greetz

[Happy New Year]

Same to you!

[When can we expect a major upgrade for ESET CS (Pro) Mac - like SSP v10?]

Hi Marcos,

Thanks for your prompt reply and I wish you and all members of the ESET Team a great 2017!

I'll just let ESET surprise me with the new (beta) ECSPro for Mac. Will a beta version also be submitted to the Insiders Program?

Greetz

[When can we expect a major upgrade for ESET CS (Pro) Mac - like SSP v10?]

On 18 December 2016 at 3:26 PM, Marcos said:

What features are you missing in ECS / ECSP for Mac?

Hi Marcos,

Any updates from your product development/management department? Really looking forward to a new release for the Mac!

All the best for 2017 for you and the ESET team?

Cheers

[Screen Shots Not Allowed?]

On iOS 9.3.5 / Safari it just works!

Greetz