Suspicious hidden user accounts

Sep 26, 2018
2
0
10
0
Hi there,

I accidentally stumbled across some hidden user accounts on my account by enabling hidden files. They are extremely strange, and from what I can tell have no place being there. Here is a picture with all the folders shown:


I tried opening one of the files inside the hidden user accounts and nothing happens. Just says they are corrupted or cannot be opened, etc.

I looked up some other posts and saw something about using a cmd command and I tried it but the computer said the user accounts didn't exist? The command was

net user "username" /active:no

I think that was it.

Anyways, I've done virus scans and nothing is popping up. Any help would be appreciated.

Here's a picture to the files: https://imgur.com/bcEpft6
 

dalaran

Distinguished
Jun 7, 2011
12
0
18,570
3
It's weird, two possibilities in my mind
#1 you've got a virus
#2 some kind of honeypot for ransomware detection, do you have a program called Cybereason RansomFree if so it's most likely related
See: https://security.stackexchange.com/questions/148511/can-you-recognize-this-virus
The way these seem to work is they create some random files which look like user file and keep watch on them, if they get modified they can detect it and try to stop the misbehaving process, since they are the first and last folder they're most likely to be targeted by ransomware first...

Otherwise did you install any programs on 9/26/2018 if so it's likely related, all files have the same timestamp
 

dalaran

Distinguished
Jun 7, 2011
12
0
18,570
3
It's weird, two possibilities in my mind
#1 you've got a virus
#2 some kind of honeypot for ransomware detection, do you have a program called Cybereason RansomFree if so it's most likely related
See: https://security.stackexchange.com/questions/148511/can-you-recognize-this-virus
The way these seem to work is they create some random files which look like user file and keep watch on them, if they get modified they can detect it and try to stop the misbehaving process, since they are the first and last folder they're most likely to be targeted by ransomware first...

Otherwise did you install any programs on 9/26/2018 if so it's likely related, all files have the same timestamp
 
Thread starter Similar threads Forum Replies Date
C Antivirus / Security / Privacy 2
P Antivirus / Security / Privacy 1
D Antivirus / Security / Privacy 9
B Antivirus / Security / Privacy 16
B Antivirus / Security / Privacy 1
B Antivirus / Security / Privacy 2
T Antivirus / Security / Privacy 1
Z Antivirus / Security / Privacy 3
T Antivirus / Security / Privacy 7
S Antivirus / Security / Privacy 2
K Antivirus / Security / Privacy 5
G Antivirus / Security / Privacy 1
itsVance Antivirus / Security / Privacy 1
Wobbleman1 Antivirus / Security / Privacy 3
CAaronD Antivirus / Security / Privacy 2
S Antivirus / Security / Privacy 4
J Antivirus / Security / Privacy 1
anoori9000 Antivirus / Security / Privacy 8
daniel_blacke Antivirus / Security / Privacy 3
kimatahi Antivirus / Security / Privacy 6

ASK THE COMMUNITY