ESET Insiders m4v3r1ck 85 Posted February 21, 2017 ESET Insiders Share Posted February 21, 2017 (edited) Hi all,I urgently need some serious help tackling my issue! As stated in the titles my SSD-WIN10PRO is out of control creating additional strange user names. After deleting them manually, I now even face a security risk, because some process is even copying my own "username" as "username1"? Running ESET SS 10.0.390.0 with latest updates. I rebooted my SSD-WIN10PRO as an isolated VM now in VMware Fusion, killing the internet connection as well! Help much needed and appreciated ATM! Cheers Edited February 22, 2017 by m4v3r1ck Link to comment Share on other sites More sharing options...
Administrators Marcos 4,710 Posted February 21, 2017 Administrators Share Posted February 21, 2017 Didn't you activate Anti-Theft and mark the computer as missing? Link to comment Share on other sites More sharing options...
Most Valued Members cyberhash 167 Posted February 21, 2017 Most Valued Members Share Posted February 21, 2017 Try running process explorer and let it check the processes via virus total, it might help you narrow down the offender Link to comment Share on other sites More sharing options...
ESET Insiders m4v3r1ck 85 Posted February 21, 2017 Author ESET Insiders Share Posted February 21, 2017 Thanks guys for your immediate response, much appreciated. Will check your options right after the in-depth scan as administrator! Link to comment Share on other sites More sharing options...
Administrators Marcos 4,710 Posted February 21, 2017 Administrators Share Posted February 21, 2017 If you suspect ESET to be the culprit, you can try temporarily disabling automatic start of real-time protection in the advanced setup and restarting the computer. Should the problem persist, disable HIPS as well and reboot the computer. If nothing helps, try temporarily uninstalling ESET and see if the issue actually goes away or not. Link to comment Share on other sites More sharing options...
ESET Insiders m4v3r1ck 85 Posted February 21, 2017 Author ESET Insiders Share Posted February 21, 2017 Hi Marcos, Thanks, atm I don't suspect anything because I'm still investigating, running ESET scan and Windows Defender. Will report back... Link to comment Share on other sites More sharing options...
ESET Insiders m4v3r1ck 85 Posted February 21, 2017 Author ESET Insiders Share Posted February 21, 2017 (edited) 1. ESET SS in-depth scan as administrator returned CLEAN! 2. Malwarebytes macOS returned CLEAN! 3. Running ESET CSP atm for ALL disks and all DAS/NAS! Keep you posted... Edited February 21, 2017 by m4v3r1ck Link to comment Share on other sites More sharing options...
itman 1,541 Posted February 21, 2017 Share Posted February 21, 2017 (edited) Here's what is strange. The accounts the malware are creating show the "admin" symbol but they are missing the wording "local administrator account." Personally if you have malware that can at will create local admin accounts, it might be time to do a "repair" or full Win 10 reinstall. I would try the "repair" in place option first. I assume you haven't created periodic full image backups? You can also try a system restore to some previous time where malware activity wasn't present. Doubtful about the effectiveness of that but it's worth a shot. Edited February 21, 2017 by itman Link to comment Share on other sites More sharing options...
ESET Insiders m4v3r1ck 85 Posted February 21, 2017 Author ESET Insiders Share Posted February 21, 2017 (edited) 1 hour ago, itman said: Here's what is strange. The accounts the malware are creating show the "admin" symbol but they are missing the wording "local administrator account." Personally if you have malware that can at will create local admin accounts, it might be time to do a "repair" or full Win 10 reinstall. I would try the "repair" in place option first. I assume you haven't created periodic full image backups? You can also try a system restore to some previous time where malware activity wasn't present. Doubtful about the effectiveness of that but it's worth a shot. Thanks for chiming in @itman, appreciated! This is an e-mail I found in the Apple Mail junk folder, please note that yesterday I booted my Windows 10 SSD in a NOT ISOLATED Vmware Fusion VM, but picked it up and booted as native "BootCamp" partition with regular shares Win10 <-> macOS Here's the screen for the copied user account: Any thoughts guys? TIA! Edited February 21, 2017 by m4v3r1ck typo Link to comment Share on other sites More sharing options...
ESET Insiders m4v3r1ck 85 Posted February 22, 2017 Author ESET Insiders Share Posted February 22, 2017 (edited) UPDATE! | SOLVED! Because I killed the internet connection as soon as I saw the accounts added, I was not able to check the Anti Theft (AT) status. @Marcos a big thank you to you! It was indeed the caused by the AT ghost account, I changed it immediately to another and for me much more recognisable ghost-name! I apologize for my panic-attack. Pff guys, I'm really sorry for stirring up things around here , never had encountered this issues before, since I use ESET AT. For now all-systems-are-GO! A very BIG thank you for all who tried to help me solve this headache Note to self: keep better track of your system thingies & RTFM! Cheers Edited February 22, 2017 by m4v3r1ck typo Link to comment Share on other sites More sharing options...
ESET Insiders m4v3r1ck 85 Posted February 23, 2017 Author ESET Insiders Share Posted February 23, 2017 Up-and-running! Cheers Link to comment Share on other sites More sharing options...
Recommended Posts