Windows 7 - Deep Techie Help Needed - Cannot Delete Unknown User

To many ads? Support ODJT and see no ads!

Cap Capello

Always @ Ur Service
ODJT Supporter
Dec 14, 2006
3,834
4,095
80
Saratoga, NY
www.imadj.com
Recently, in response to a security recommendation, I added an "enter password" requirement on my office computer. There's only my wife and I here and she has her own laptop, so I didn't feel the need to add that extra log on step.

Now being required to enter a password to get into the machine, loe and behold there's another user showing up. There's me (as admin) and a regular user named "faeegiina". Where that came from and how it got there is a total mystery but I instantly rebooted into safe more and did a deep deep scan with a little known Microsoft tool : Microsoft Safety Scanner - Free Virus Scan with the Microsoft Safety Scanner

and it did reveal a trojan (win32/orsam!rts) which it removed completely, but that was it. Nothing else found.

So I ran Malwarebytes and Spybot too. Nothing. Lastly I ran another deep scan with ESET A/V. Nothing.

I got into the registry and searched on "faeegiina" Any occurrences were deleted (3 entries). No change.

Followed MS "delete/remove user" protocol to the letter. No change.

Stumped. Open to suggestions EXCEPT reformat and reload everything brand new.
 
  • Like
Reactions: ittigger
First off, your normal account should not have Admin (aka: root) access. You should be logging in as Admin only when needed. The Trojan (and account) could have easily been put there by you, because you allowed scripts the access equivalent of root to the machine.

If this 'user' has any permissions to files / folders, you will have to find them and remove them as well (or take ownership of them).

Are you sharing any data with a device that is not local to the machine - (network or other)?
 
I found the issue in the first link. It is a deliberate fictitious user account set up by the ESET Anti-Theft feature.

Should someone steal the unit and logs on, I can remotely trigger a locator and activate the cam to take pictures on whomever is using the machine.

I wish somewhere in ESET's documentation, that extra user would've been clearly spelled out.

Thank you, Tiggy baby!
 
They made Win10 so much harder to find anything. You almost have to ask the system for help. Great way to increase productivity.

I thought it was just me...I feel like a complete idiot some days on 10
 
but if you know what ya doing then using the admin account is VITAL on everyday use .....
 
  • Like
Reactions: ittigger
For 99% of what most people do, you don't need to use Admin level privileges.

I am a cocky bastard[emoji1]... For years and years I gave that same advice, but did not follow it myself. I finally took my admin rights away from my typical login ID on my main PC last week.[emoji4] It's just not that difficult to log in as Admin when I need to have admin privileges, which isn't really very often.[emoji4]


Sent from my iPhone using Tapatalk
 
Since we're talking security, though, and this is not directly related to the topic[emoji1], I had an appointment with an insurance agent yesterday. Her office was outside of town in a beautiful country setting... nice house, pool, and separate office building in the back, next to a barn with horses. Really nice. The office was one big room and she had two employees working at their desks near the entrance. She met with us in a comfortable living room type of setup in front of a fireplace near her desk. A very nice little operation. At the end of the meeting, she wanted to scan my Medicare card. WAIT A MINUTE!!!... For those who don't have one yet, your Medicare Card has your Social Security number on it. So I asked where they would be storing my personal identity information, and the answer was; they store it on a cloud storage service I won't name, mostly so they did not need to have their own server and no need to perform their own backup. Nope... not gonna happen. They don't encrypt, and frankly hadn't really thought about the security of the data they had collected. I ask what measures they took to prevent their computer systems from being hacked, and none of them had a clue. RED FLAG. I explained that I'm a retired IT guy, and was REALLY fussy about how my personal information is stored. I reluctantly allowed her to write down my number and put it in my physical paper file, as long as my file was kept in a locked filing cabinet. Still makes me a little uneasy, but if someone was going the steal it, they would have to physically break into the office.
This is a scenario we all face from time to time... like when we go to the Doctor. A doctor's office is often a small operation and most hire a cheap local IT firm to install and maintain their computer systems. Most do a pretty poor job with the security. Doctor's office's computer systems hold a wealth of personal information and are SO easy to hack. Just some food for thought.[emoji6]


Sent from my iPhone using Tapatalk
 
^^^^ And all of that "no security" is pretty much against the law and they can be held liable for security breaches; isn't that so?
With all of the HIPAA, PHI, PII, etc., etc. training, forms to sign, and various issues dealt with at my day-job and in almost any business interfaced with nowadays, I would think more people would be aware and they would be a little more careful...

Good tips, Bobcat, thanks. I'm a little nuts about security as well...

GJ
 
^^^^ And all of that "no security" is pretty much against the law and they can be held liable for security breaches; isn't that so?
With all of the HIPAA, PHI, PII, etc., etc. training, forms...GJ
There are laws, but you know how that goes. If you don't know they exist or what they say, you don't know what you don't know. There's laws against hacking too.[emoji1] There are disclosure laws in most states requiring notification to anyone whose info was compromised while in your possession, but if it was hacked, and you have no intrusion detection, you might never know.



Sent from my iPhone using Tapatalk
 
There are laws, but you know how that goes. If you don't know they exist or what they say, you don't know what you don't know. There's laws against hacking too.[emoji1] There are disclosure laws in most states requiring notification to anyone whose info was compromised while in your possession, but if it was hacked, and you have no intrusion detection, you might never know.

Locks (and firewalls) are for honest people ;)
 
Jeff if I told you what I do here, I would have to KILL you :)
 
  • Like
Reactions: Jeff Romard