October 30th, 2003, 09:27 AM
A new user account !!
I have just found a new account on my home computer called, ASP.NET.machine A it was a password protected administrator account!!
My wifes account which was a Limited user account with no password has changed to an Administrator account with no password.
I have now deleted the ASP.net account and changed my wifes account to limited and made her put a password on it.
Does anyone have any idea how a new adim account can just appear?
Do I have to do anything else except delete this account?
Could any software have created this account, or has someone remotley created it?
I am running WIN XP Pro.
October 30th, 2003, 09:58 AM
I looked for and found the answer. It is not a trojan created item. It is created by one of the dot.NET installations.
It seems that various facilities will create accounts for their own use and management of data to keep it separate from the other accounts.
I found more info at various places including:
Hope i get some greenies for this! =)
74 68 65 65 6f 6e
October 30th, 2003, 10:11 AM
This has potential to be used as an entry point to a machine/network i think.
I wouldnt be suprised if someone has already figured an exploit for it.
Nice of M$ to tell people they are creating a new user account on their computer, altough nothing they do suprises me anymore.
October 30th, 2003, 11:02 AM
The .NET architecture that M$ implemented is still in its baby-stage...Try and remember that.
Most of the people using the .NET architecture already know that it will create an administrator account, as it might be needed for some application information storage. Like I always say, better safe than sorry, always read up on updates before you install them.
Because we all know that M$ likes to..."suggest" things Because after all, M$ knows whats best for us...(zombie)
Creating further mindless stupidity....through mindless automation.
October 30th, 2003, 01:37 PM
Let's not forget that IIS also creates new accounts. It seems to be just a development of this idea that the systems need to run stuff in their own accounts, so they can control the permissions issues.
Of course, they are not Admin accounts. This does seem like a dangerous hole, particularly as experience shows that changing the password breaks stuff. Is this user needed ( I wonder ) on a development environment only, or on a live one too ( where it would seem like a BIG hole ).
As to why your wife's account was changed at the same time, that is more puzzling. Maybe she is hacking your system
October 30th, 2003, 02:40 PM
LOL wouldnt suprise me!
October 30th, 2003, 03:36 PM
Various programs do create new user accounts - these are typically not admin accounts, and are assigned random passwords.
The purpose of these accounts is to run services under a low-privilege user. It is true that if they knew the password, someone could log in, but that is highly unlikely, as it will be assigned a random long password.
The ASPNET account should not normally be an administrator - are you sure?
Perhaps it's different in XP, I've only used it on 2k
October 30th, 2003, 04:05 PM
It was definatly an Admin account, thats why I was a little suspisious and confused about it.
My line of thinking was that if it was an account made for a sofware app, why would it need an admin account. Thats why it thought that something a bit un-toward was happening.
As for my wifes account being made in to an admin account I have no idea how or why that happened, she asures me it wasent her.
I have ran all the obvious checks to see if anything is installed that shouldnt be and they all came up ok.
I think I will do a fromat/reinstall just to be on the safe side!
Thaks for all your help!
October 31st, 2003, 01:47 AM
Hmm, M$ is always talking about security and low and behold, they are our worst enemy. Read about those updates before downloading them.
October 31st, 2003, 07:03 PM
hmmm...making asp.net account admin to have more phun playing with the asp files you had not before...
making your wifes account admin without password to come back if you found the backdoor.
sounds like you are running more then just one service....
would you please make a :
netstat -a -n
and post it here?
i will help ya.