User Accounts

  • Thread starter Thread starter jonathan
  • Start date Start date
J

jonathan

Hi

Does anyone know why windows XP seems to "breed" user
accounts in the */documents & settings folder. I have
four users on the PC and, in addtion to their own folders,
XP has created eight separate "x6r6nx4pju" folders,
(preceded by the user name). There does not seem to be
any rhyme or reason to this but each acocunt takes up
about 250 MBs and each one has different content ie
fred/x6r6nx4pju.000 is different to fred/ and so on.....

Any ideas people?

Cheers

JND
 
On Tue, 14 Sep 2004 04:17:24 -0700, "jonathan"
Does anyone know why windows XP seems to "breed" user
accounts in the */documents & settings folder. I have
four users on the PC and, in addtion to their own folders,
XP has created eight separate "x6r6nx4pju" folders,
(preceded by the user name).
Click to expand...

Do you mean, "Name\x6r6nx4pju" or "Name x6r6nx4pju" ?
each acocunt takes up about 250 MBs
Click to expand...

That's big, for malware - unless something's taking advantage of
peer-2-peer file sharing's appetite for large files.
and each one has different content ie
fred/x6r6nx4pju.000 is different to fred/ and so on.....
Click to expand...
Any ideas people?
Click to expand...

That sort of garbage name looks like either malware, or some attempt
to use a unique name to avoid a clash (the latter would usually use a
CLSID, much as SR does). I see these are not accounts, but subdirs
within existing accounts - so I'd think about things like web browser
cache, CD writing workspace, those sorts of things.

Done a formal virus scan yet?


-------------- ---- --- -- - - - -
Click to expand...
"I think it's time we took our
friendship to the next level"
'What, gender roles and abuse?'
 
On Wed, 15 Sep 2004 12:36:50 -0700, "Jonathan"
The PC has been through several rebuilds as a result of
various assaults in the past - now fully protected
(shutting the stable door after the horse has bolted.....)
with multiple firewalls and anti-spyware programmes plus
AVG plus regulare use of the SYMANTEC online analysis
Click to expand...

Multiple firewalls may conflict much as multiple active av can, and
Windows-based av is really effective for malware that has yet to go
active. I don't see a role for online scanning other than to scan
single inactive files you upload to it to scan.

IMO, none of this stuff is suitable for detecting traditional malware
that may be active, unless you're using AVG's rescure diskettes and
they can "see"the file system (i.e. it's not NTFS).
I have just been back and checked the exact folder name,
it is:
Click to expand...
"Fred.YOUR-x6r6nx4pju" (minus quote marks)
Click to expand...
As far as I can tell, Windows just periodically creates
these folders for no obvious reason .....
Click to expand...

I don't think it's Windows; more likely something else. Can you
rename away from Safe Mode? Do they recur in Safe Mode> Do they
recur in normal mode if you stay offline? Only after being online?
I'll run through some security routines again and see how
I get on.
Click to expand...

OK - keep us posted ;-)


-------------------- ----- ---- --- -- - - - -
Click to expand...
Trsut me, I won't make a mistake!
 
Back
Top