Administrator profiles

[Bill C.]

I have a user's machine that has been infected with Vundo. In the process of
cleaning the machine I discovered 3 profiles labeled Administrator, two with
extensions. Before I delete the wrong profile and have to reload the machine
what can I do?

 

[Shenan Stanley]

I have a user's machine that has been infected with Vundo. In the
process of cleaning the machine I discovered 3 profiles labeled
Administrator, two with extensions. Before I delete the wrong
profile and have to reload the machine what can I do?

Figure out which profile is used when you logon as administrator (put
something on the desktop, in the start menu, etc and check for it in the
actual directory) and erase the rest.

 

[Bill C.]

I have already done that - I know which profile is the "master" admin
profile. Unfortunately, the "master" does not include all of the standard
folders and I am unsure whether or not XP will add the correct hierarchy.

One thing that really concerns me is whether or not this is a common
virus/trojan occurence. In the 12 years I have been doing Microsoft computer
support this is the first time I have run across this issue. None of the
other virus/trojan repairs I have done had this.

BLC

 

[Anteaus]

The safe approach is to rename the unneeded folders. That way, you don't lose
the content. Either that, or move them elsewhere.

Be aware that where things have gone badly wrong in the registry, it is
possible to have crosslinked userprofiles, analagous to files in a directory
being crosslinked. In this case, components may be loading from more than one
directory-structure at the same time. If this is at all likely, you should
not make any assumptions about profiles being no longer needed until you've
checked that everything still works.