May 6th, 2011, 01:20 AM
Mysterious user account
I was updating a Windows XP SP3 box and happened to notice that I had a new user account in documents and settings, called "UpdatusUser".
It had shortcuts to Windows remote assistance and LG updater. The LG item is the DVD drive in this box.
I looked at user accounts in control panel and the account wasn't displayed there.
A bit of investigation revealed that it must have happened when I updated the nVidia management software and drivers for the GeForce 8400GS video card. I allowed the updater utility to be installed, as there was no warning that it would create a system account.
Apparently it will do the same thing in Vista and Windows 7.
I am no expert at malware authorship but it did occur to me that this could be a potential exploit vector?
I uninstalled the nVidia updater utility and noticed that this does not get rid of the phantom account.
I am still trying to figure out the LG DVD drive bit though, as I can't quite see the connection?
The driver was 270.61
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
By steve.milner in forum IDS & Scanner Discussions
Last Post: August 12th, 2004, 12:23 PM
By Nokia in forum Tips and Tricks
Last Post: June 18th, 2004, 04:24 PM
By mrleachy in forum *nix Security Discussions
Last Post: October 18th, 2002, 01:27 PM
By Joey_Batch_File in forum The Security Tutorials Forum
Last Post: September 20th, 2002, 09:03 PM