Computer Security & Viruses/New User Account
A few days ago, I noticed I had a new standard user account named "yeyhzuubo" on my computer. No one else uses the computer. (HP laptop, Vista Home Premium 64 bit.)
I have tried various things to remove it -- from Control Panel>User Accounts to "cmd" to System Restore to ESET virus scans to malware/spyware scans to a Windows Defender scan to Safe Mode to Norton Power Eraser to changing the name/adding a password and other parental controls and restrictions -- it is deleted temporarily then always shows up again later (with the parental restrictions gone.)
How can I remove this (and any harm being done) for good?
ANSWER: If this was my computer, I would take drastic measures. The problem is that we don't know the intentions of whomever is responsible for this intrusion. If you have used credit cards online, accessed your bank account online, provided enough information online or stored inside your computer to enable identity fraud, it would be a smart move to head off any problems right now. You would need to use your phone or go in person to your bank to change passwords, get new credit card numbers, set up alerts for fraud attacks and undo any fraud attacks that might already have occurred.
With any luck, you will not have suffered any fraud attempts so far. Computer crime nowadays is big business and they are so good at breaking into computers that they don't have enough skilled labor to take advantage of each and every victim. But just in case you are one of the unlucky victims (picture some Russian shooting dope and working as fast as he can for his crime boss on your computer -- he works on commission, a few cents on the dollar for what he can steal for his boss after being assigned to your computer!) then it's a good idea to defeat the bad guy ASAP.
Next, if this was my computer, I would do a complete reinstall of my operating system and all applications. There is a good chance that even if you get rid of this unauthorized account, there will be a back door left behind.
Be sure to back up your data first, but don't back up any program files! If you have purchased software and downloaded it online, be sure to get your serial numbers or whatever you need to get a new download later.
In the future, if you were not using a paid Internet security suite, please get one now so you don't have to go through this misery again. I recommend Kapersky, F-Secure, McAfee or Norton. For free trials, download either Kapersky Internet Security, which offers a free 30 day trial at http://usa.kaspersky.com/downloads/?domain=kaspersky.com
, or F-Secure's Complete Internet security suite, which offers a free thirty day trial: https://shop.f-secure.com/cgi-bin/dlreg/ml=EN?ID=FSISTB&desid=TRIALL
---------- FOLLOW-UP ----------
QUESTION: Thanks for you response.
I'm using ESET Smart Security, which is supposed to be pretty good, but apparently something "snuck in" with or without my help anyway. (I tried Kaspersky Pure last year but changed when I was having problems with it and I recall their customer service not being of much assistance.)
So you're saying the best thing to do would be to save my documents, photos, etc. to DVDs or flash drives, then revert the computer to "like new" condition? (I have three discs which I made immediately after purchasing the computer, for situations like this, if needed.) It wouldn't be something I'd look forward to doing -- is there a good Plan B that you could suggest?
Also, I use a password manager, which automatically fills in log in information when I visit favorite sites. It fills in the user name, then the password, which shows as dots -- would these sites still be vulnerable, since the actual password is not manually typed in or shown?
The computer is used for email, finances, bill paying, social media, etc. but I haven't noticed any problems with any of my accounts and this "thing" has been on here at least a week. Do attacks usually occur immediately or usually after a certain period of time . . . or both?
Another question -- if I transfer photos, etc. to another media, is it possible that whatever I transfer could be infected and might infect any new media or other computer that they would inhabit?
If I choose to try F-Secure (or Kaspersky) trials, I'm assuming I would first have to uninstall ESET to avoid a conflict -- between the uninstallation and the new security, wouldn't the computer be wide open to "anything?" I've already run Norton Power Eraser, which "eliminates deeply embedded and difficult to remove crimeware that traditional virus scanning doesn't always detect" among other programs. However, none found any problems; do you think using either of the two you mentioned would work "better" and find (and eliminate) something?
As I am still using the computer, would it be safer to use Chrome exclusively rather than I.E., or does that make no difference?
Sorry for so many questions, but I'm trying to consider various ways to handle this and don't especially want to revert the computer back to "day one."
ANSWER: Complexity is the enemy of security. I don't want to encourage you to continue down the path to yet more complexity. If your currently complicated security system hasn't been working, making it more complex could possibly make it worse.
To avoid reinfection after going back to factory settings, you need a complete computer security package that either comes in a box or that might be part of your factory settings. This way, you would install it from a disk before going online instead of downloading things while being vulnerable online. This is why many new computers come with a pre-installed computer security application that expires in a few weeks after going to factory settings.
If you get a complete Internet security product, you won't wind up again where you are now, with a jigsaw puzzle of partial solutions. Also, you can choose a vendor such as Norton that offers live technical support. These support technicians can even take over your computer through the Internet -- with your permission, of course -- and work with you watching until everything is fixed.
As for Windows updates, those can take a long time and possibly introduce problems while downloading. If your computer's security is worth enough to you, you could take it to a computer repair shop that has all Windows updates on disk. Big corporations clean computers that way -- factory reinstall, then install security and Windows updates from disks.
---------- FOLLOW-UP ----------
QUESTION: I did a System Recovery several days ago. Before doing that, I transferred my photos, documents, etc. to a flash drive, then transferred them back to the computer afterwards. I'm currently using Norton Internet Security on a 60 day trial that came with the new computer. So far, there are no unrecognized user accounts.
Everything is updated and most of my programs have been redownloaded. However -- I just noticed that many of my financial "Favorites" on I.E. (bank sites, credit card sites, etc.) are missing from my Favorites list. I use a password manager so all my passwords to log in anywhere are not typed or showing if my screen was viewed; they just pop in as a row of dots.
I set up fraud/freeze alerts earlier with the credit bureaus. Are there any additional actions I should take?
I am glad to see how careful you have been. The disappearance of some, but not all, of your favorites in IE is puzzling. Perhaps tech support at Norton would have an answer, as these are the favorites most likely to get you into trouble with computer criminals. Norton has a live chat system feature that will enable a tech person to log into your computer -- with your permission -- and see what might be going on. Or it may turn out that Norton found a problem with these favorites and deleted them. Their tech people could answer that question.