Could a virus create duplicate accounts in Windows XP? Said duplicate accounts have same rights (admin...), same name, but the folder name under C:\Documents and Settings\ is OrignalName-CJP[RandomLetters]. If so, what virus would do that?
Further behaviour description: All account files (from My Documents, Desktop, etc) are in the -CJP folder, not the original user's folder, thus indicating that login effectively occurs in CJP account, even if the account selected in the logon screen is the original name.
Answer
The "RandomLetters" are probably a temporary computer name under which the accounts were created (and using the other accounts of the same name as templates). I'm guessing that either a virus or SpyWare was attempting to set up a backdoor, or an update ran amock and this extraneous account creation was an unintended side-effect.
When an account, say "Administrator" for this example, already exists on a computer, and then you login to a network account by the same name, a local account called "Administrator.NETWORK_NAME" gets created to avoid a conflict with the local account that doesn't have that trailing computer name.
I've also noticed that accounts are sometimes created with this network or computer name added after a account of the same name was previous deleted by the data files remained. Obviously this is caused by Windows re-creating the account in a manner that doesn't conflict with another account of the same name (especially since some files in the user's "Documents and Settings" profile directories can't be deleted).
No comments:
Post a Comment