Suspicious hidden user accounts

Sidebar Sidebar
A

ammonv

Sep 26, 2018
2
0
10
Hi there,

I accidentally stumbled across some hidden user accounts on my account by enabling hidden files. They are extremely strange, and from what I can tell have no place being there. Here is a picture with all the folders shown:


I tried opening one of the files inside the hidden user accounts and nothing happens. Just says they are corrupted or cannot be opened, etc.

I looked up some other posts and saw something about using a cmd command and I tried it but the computer said the user accounts didn't exist? The command was

net user "username" /active:no

I think that was it.

Anyways, I've done virus scans and nothing is popping up. Any help would be appreciated.

Here's a picture to the files: https://imgur.com/bcEpft6
 
Solution
D
It's weird, two possibilities in my mind
#1 you've got a virus
#2 some kind of honeypot for ransomware detection, do you have a program called Cybereason RansomFree if so it's most likely related
See: https://security.stackexchange.com/questions/148511/can-you-recognize-this-virus
The way these seem to work is they create some random files which look like user file and keep watch on them, if they get modified they can detect it and try to stop the misbehaving process, since they are the first and last folder they're most likely to be targeted by ransomware first...

Otherwise did you install any programs on 9/26/2018 if so it's likely related, all files have the same timestamp
Sort by date Sort by votes
D

dalaran

Distinguished
Jun 7, 2011
12
0
18,570
It's weird, two possibilities in my mind
#1 you've got a virus
#2 some kind of honeypot for ransomware detection, do you have a program called Cybereason RansomFree if so it's most likely related
See: https://security.stackexchange.com/questions/148511/can-you-recognize-this-virus
The way these seem to work is they create some random files which look like user file and keep watch on them, if they get modified they can detect it and try to stop the misbehaving process, since they are the first and last folder they're most likely to be targeted by ransomware first...

Otherwise did you install any programs on 9/26/2018 if so it's likely related, all files have the same timestamp
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.

Similar threads

I
Question Methods to restore corrupted combined program files made into zip files
Replies
11
Views
3K
Laptop Tech Support
COLGeek
COLGeek
C
Question Thumbdrive with files from my android phone can't be read by windows 10
Replies
3
Views
3K
Android Smartphones
rgd1101
rgd1101
R
  • Locked
  • Question
Question A lot of photos and videos disappeared, nothing is working to recover it
Replies
1
Views
6K
Android Smartphones
hang-the-9
hang-the-9
V
  • Locked
  • Solved
Solved! I have a Toshiba C50-A0413. I set up the bios passwords from the user HDD/SSD AND SUPERVISOR. Now SUPERVISOR and other settings are greyed out
Replies
3
Views
3K
Laptop Tech Support
rgd1101
rgd1101
The KiWeeD
  • Locked
  • Question
Question Virus that turns itself off when task manager is opened
Replies
1
Views
11K
Antivirus / Security / Privacy
Tubucu246
Tubucu246

TRENDING THREADS

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom