Strange New User Created

[Guest]

While performing a complete REINSTALL on my one-year-old computer to fix a
number of small things, I noticed that I had THREE USERS: me, guest, and a
user named ATIxxxxx. Almost immediately, my McAfee intervened to say that a
program was trying to access a file on my computer (regread?) and was this
okay?

I denied all outbound access and deleted the user, the one with the strange
name (again, ATIxxxxx where the little Xs are additional characters that I
failed to memorize).

Is there a virus/worm/trojan on my computer that caused this?
DannyBoy

 

[steve umbach]

Did that user appear immediatley after the install and before you connected
to the internet? Did you do a pristine install which requires that the
system drive be formatted [not quick format] ? Are you using authentic
Microsoft XP install disk and not some copy? --- Steve

 

[Mike Fields]

Take note of what the full string is and do a google search
for it. Seems to me I have seen that in the past having to
do with an ATI video card (somewhere back in the cob webs
of my mind).

mikey

Did that user appear immediatley after the install and before you connected
to the internet? Did you do a pristine install which requires that the
system drive be formatted [not quick format] ? Are you using authentic
Microsoft XP install disk and not some copy? --- Steve

While performing a complete REINSTALL on my one-year-old computer to fix a
number of small things, I noticed that I had THREE USERS: me, guest, and
a
user named ATIxxxxx. Almost immediately, my McAfee intervened to say that
a
program was trying to access a file on my computer (regread?) and was this
okay?

I denied all outbound access and deleted the user, the one with the
strange
name (again, ATIxxxxx where the little Xs are additional characters that I
failed to memorize).

Is there a virus/worm/trojan on my computer that caused this?
DannyBoy

 

[Guest]

Your second question, first:
I both partitioned AND FORMATTED the hard disk using the reinstall CD from
Dell Computers and no, I didn't choose the quick format.
Yourt third question:
I am using an authentic Dell Computers reintall CD.
Your first question:
I can't recall WHEN I UN plugged the Ethernet cable but I suspected that all
kinds of things could get past my hardware firewall/router (Zyxel) so very
early during the reinstall, I unplugged it. And when I did reconnect the
Ethernet cable, I made darned sure the Windows software firewall was turned
on. I then downloaded all the patches to the Windows operating system. I
then connected to McAfee and downloaded their software (the entire suite of
security protections) then downloaded all the patches for it.

I attempted to conduct a chat with someone at Dell Computers today (my day
off) but the lines were busy for one hour. I will try again later tonight.
I suspect that an ATI driver was trying to connect to something but it
doesn't make any sense at all that a new user (Dan (that's me), guest, and
ATIxxxx) would need to be created to accomplish this. That's what led me to
believe I have a virus.

Need to tell you that McAfee found no viruses/worms/trojans in my initial
scan.

Thanks for your response,
DannyBoy

Did that user appear immediatley after the install and before you connected
to the internet? Did you do a pristine install which requires that the
system drive be formatted [not quick format] ? Are you using authentic
Microsoft XP install disk and not some copy? --- Steve

While performing a complete REINSTALL on my one-year-old computer to fix a
number of small things, I noticed that I had THREE USERS: me, guest, and
a
user named ATIxxxxx. Almost immediately, my McAfee intervened to say that
a
program was trying to access a file on my computer (regread?) and was this
okay?

I denied all outbound access and deleted the user, the one with the
strange
name (again, ATIxxxxx where the little Xs are additional characters that I
failed to memorize).

Is there a virus/worm/trojan on my computer that caused this?
DannyBoy

 

[Steven L Umbach]

I was also thinking of what Mike alluded to in that maybe an application
created this user and since you are using an ATI video card the fact the
username starts with ATI leads me to believe that this may be what has
happened. Did you need to install and ATI software for drivers/control
center? If you did try reinstalling it to see if the user account is created
again.

After your description of what you did to rebuild your computer I would tend
to believe that it probably is malware free as you seem to be pretty careful
about what you did. Personally I would think that your Zyxel firewall would
do a great job protecting your network but there is nothing wrong with also
enabling the Windows Firewall. --- Steve

Your second question, first:
I both partitioned AND FORMATTED the hard disk using the reinstall CD from
Dell Computers and no, I didn't choose the quick format.
Yourt third question:
I am using an authentic Dell Computers reintall CD.
Your first question:
I can't recall WHEN I UN plugged the Ethernet cable but I suspected that
all
kinds of things could get past my hardware firewall/router (Zyxel) so very
early during the reinstall, I unplugged it. And when I did reconnect the
Ethernet cable, I made darned sure the Windows software firewall was
turned
on. I then downloaded all the patches to the Windows operating system. I
then connected to McAfee and downloaded their software (the entire suite
of
security protections) then downloaded all the patches for it.

I attempted to conduct a chat with someone at Dell Computers today (my day
off) but the lines were busy for one hour. I will try again later
tonight.
I suspect that an ATI driver was trying to connect to something but it
doesn't make any sense at all that a new user (Dan (that's me), guest, and
ATIxxxx) would need to be created to accomplish this. That's what led me
to
believe I have a virus.

Need to tell you that McAfee found no viruses/worms/trojans in my initial
scan.

Thanks for your response,
DannyBoy

Did that user appear immediatley after the install and before you
connected
to the internet? Did you do a pristine install which requires that the
system drive be formatted [not quick format] ? Are you using authentic
Microsoft XP install disk and not some copy? --- Steve

While performing a complete REINSTALL on my one-year-old computer to
fix a
number of small things, I noticed that I had THREE USERS: me, guest,
and
a
user named ATIxxxxx. Almost immediately, my McAfee intervened to say
that
a
program was trying to access a file on my computer (regread?) and was
this
okay?

I denied all outbound access and deleted the user, the one with the
strange
name (again, ATIxxxxx where the little Xs are additional characters
that I
failed to memorize).

Is there a virus/worm/trojan on my computer that caused this?
DannyBoy