Symantec & virus removal ??? Residual effects...

[A. M. Brineman]

Dell 8300 XP Pro SP2

Two "user" computer. My wife and I both have "administrator" rights.

Sooo, Symantec removed a spy-ware hi-jacker virus. I don't know what it was,
and Symantec never defined it.

Presently, Everything seems OK.

However....

When I boot into "Safe" mode, there is a "guest" user name listed. THAT user
name has a "password" box attached, and I have no idea how to get rid of
that "guest" user name. That "squatter" showed up in my "Safe" mode AFTER
Symantec had worked their "magic" on my infected computer.

Symantec says "Duhhhh - ask Dell." Yeah, right....

I sure would like to get rid of the "squatter" user in my "Safe" mode.

Any suggestions?

Thanks in advance

Matt

 

[JS]

Description of the Guest account in Windows XP
http://support.microsoft.com/kb/300489

Try Power Toy's Tweak UI from Microsoft:
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Install, run and under Logon you will find check boxes to select the
accounts you want displayed.

More Detail on available features in Tweak UI:
http://www.winxpsolution.com/Tweakuixppro.aspx

JS

 

[nesredep egrob]

Dell 8300 XP Pro SP2

Two "user" computer. My wife and I both have "administrator" rights.

Sooo, Symantec removed a spy-ware hi-jacker virus. I don't know what it was,
and Symantec never defined it.

Presently, Everything seems OK.

However....

When I boot into "Safe" mode, there is a "guest" user name listed. THAT user
name has a "password" box attached, and I have no idea how to get rid of
that "guest" user name. That "squatter" showed up in my "Safe" mode AFTER
Symantec had worked their "magic" on my infected computer.

Symantec says "Duhhhh - ask Dell." Yeah, right....

I sure would like to get rid of the "squatter" user in my "Safe" mode.

Any suggestions?

Thanks in advance

Matt

I should right click My Computer and go for Properties, System Properties ,User
Profiles, HighLight the devil and delete.

Don't blame your wife - it is all the fault of Microsoft and by the way the poor
devil did not do any harm at all.

Borge in sunny Perth, Australia

 

[Leythos]

Dell 8300 XP Pro SP2

Two "user" computer. My wife and I both have "administrator" rights.

Sooo, Symantec removed a spy-ware hi-jacker virus. I don't know what it was,
and Symantec never defined it.

Presently, Everything seems OK.

However....

When I boot into "Safe" mode, there is a "guest" user name listed. THAT user
name has a "password" box attached, and I have no idea how to get rid of
that "guest" user name. That "squatter" showed up in my "Safe" mode AFTER
Symantec had worked their "magic" on my infected computer.

Symantec says "Duhhhh - ask Dell." Yeah, right....

I sure would like to get rid of the "squatter" user in my "Safe" mode.

Any suggestions?

Thanks in advance

That's funny - the account, if not the standard windows GUEST account,
was setup because of the malware, not because Symantec did anything.

Symantec was right, you have a compromised machine, symantec maybe
cleaned it, but the rest is up to you.

Keep in mind that you can't 100% clean a compromised machine, the only
proven method is to wipe it and reinstall in a clean environment.


--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)

 

[Bullwinkle]

That's funny - the account, if not the standard windows GUEST account,
was setup because of the malware, not because Symantec did anything.

Symantec was right, you have a compromised machine, symantec maybe
cleaned it, but the rest is up to you.

Keep in mind that you can't 100% clean a compromised machine, the only
proven method is to wipe it and reinstall in a clean environment.

I'm finding that there is no longer any clean environment. As soon as you
connect to the internet you are attacked. So you need to install a good
software or hardware firewall and a background AV program before you
configure your connection to the internet. Otherwise you are compromised
immediately.

I couldn't recommend any particular programs. There are several good ones to
choose from but to operate without any is tantamount to committing suicide.

Regards,

 

[Leythos]

I'm finding that there is no longer any clean environment. As soon as you
connect to the internet you are attacked. So you need to install a good
software or hardware firewall and a background AV program before you
configure your connection to the internet. Otherwise you are compromised
immediately.

I couldn't recommend any particular programs. There are several good ones to
choose from but to operate without any is tantamount to committing suicide.

If you connect and are attacked then you don't understand "Clean" or
network security. A simple NAT Router will block inbound connections and
permit you to update/install without malware being able to reach you
without you contacting it first.

So, clean is very simple - you install a NAT Router or a firewall, block
all inbound to the computer from unsolicited connections, only surf to
the Windows Update site and the AV update site, get your updates and
then apply all of them. Then you need to "secure" the computer by
removing functions/services you don't need and even stop using IE/OE if
possible.

A simple NAT router is the first and most important protection device,
then a quality AV product, then common sense.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)

 

[Bullwinkle]

If you connect and are attacked then you don't understand "Clean" or
network security. A simple NAT Router will block inbound connections and
permit you to update/install without malware being able to reach you
without you contacting it first.

So, clean is very simple - you install a NAT Router or a firewall, block
all inbound to the computer from unsolicited connections, only surf to
the Windows Update site and the AV update site, get your updates and
then apply all of them. Then you need to "secure" the computer by
removing functions/services you don't need and even stop using IE/OE if
possible.

A simple NAT router is the first and most important protection device,
then a quality AV product, then common sense.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)

I fully agree with you.

Regards,