Windows 10: Strange accounts found in registry

Discus and support Strange accounts found in registry in AntiVirus, Firewalls and System Security to solve the problem; Hello, Recently my virus scanner (Malwarebytes) discovered a registry key that seemed to be associated with a virus that I thought I had gotten rid of... Discussion in 'AntiVirus, Firewalls and System Security' started by Alyssa479, Aug 11, 2018.

  1. ALYSSA479
    Alyssa479 Win User

    Strange accounts found in registry


    Hello,

    Recently my virus scanner (Malwarebytes) discovered a registry key that seemed to be associated with a virus that I thought I had gotten rid of a while ago. After doing some digging around in the regsitry editor I found some user keys in HKU that were similar to the one that was found in the scan. The user's key is S-1-5-21-1056437499-3650250187-3843188673-1001. Is this normal or is this user associated with the threat and should be deleted immediately? I completely got rid of the infected programs, keys, and files, but this is making me paranoid that my computer is still infected. This is the report from Malwarebytes:


    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 8/10/18
    Scan Time: 11:15 PM
    Log File: d2d8fbee-9d14-11e8-9a86-309c2313b15d.json
    Administrator: No

    -Software Information-
    Version: 3.5.1.2522
    Components Version: 1.0.391
    Update Package Version: 1.0.6297
    License: Free

    -System Information-
    OS: Windows 10 (Build 17134.165)
    CPU: x64
    File System: NTFS
    User: MSI\ae325

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 344643
    Threats Detected: 1
    Threats Quarantined: 1
    Time Elapsed: 0 min, 43 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 1
    RiskWare.BitCoinMiner, HKU\S-1-5-21-1056437499-3650250187-3843188673-1001\SOFTWARE\IdleBuddy, Quarantined, [930], [550947],1.0.6297

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)


    Thank you!

    :)
     
    Alyssa479, Aug 11, 2018
    #1
  2. ZAKIN
    Zakin Win User

    Strange Windows 10 User Account issue.

    Unfortunately I had done those steps numerous reboots, it just, reappears for no good reason. The base account isn't even a Microsoft account, it's a local account.

    I haven't quite tried the built in administrator account on W10, but so far in my experience on my own computer, the built in account seemed to have absolutely no more control than I did on my own.

    It's just strange, I go in, it warns me twice about deleting the account, then it's gone. Reboot, and it's back?

    EDIT: Just to specify, both command line and Netplwiz both say only HIS account exists on the computer, it doesn't list this rogue account. This is what I meant in my first post about the fact that even Windows doesn't seem to believe it exists, HALF the time. *Frown Strange accounts found in registry :(
     
    Zakin, Aug 11, 2018
    #2
  3. VESAO
    Vesao Win User
    Remove account


    I suggest you backup your personalized files first before removing the account.
    To delete an account, follow these steps:
    • Press WIN + X keys and click Command Prompt (Admin) from the menu.
    • Type the following command and press Enter. Replace test with the name of your sister's account. Code: net user test /del[/quote]
     
    Vesao, Aug 11, 2018
    #3
  4. EASO
    Easo Win User

    Strange accounts found in registry

    Strange Windows 10 User Account issue.

    Have you cleaned up registry? User lists are saved there too.
     
    Easo, Aug 11, 2018
    #4
Thema:

Strange accounts found in registry

Loading...

  1. Strange accounts found in registry - Similar Threads - Strange accounts found

  2. EMDMgmt nowhere to be found in the Registry

    in Windows 10 Gaming
    EMDMgmt nowhere to be found in the Registry: So I wanted to enable readyboost on my laptop but it says that my laptop is already fast enough and all of the ways to enable readyboost forcefully include a folder in the registry 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\EMDMgmt' but the EMDMgmt is...

  3. Strange ports are found and TPM is not found

    in Windows 10 Gaming
    Strange ports are found and TPM is not found: Hello FriendsWell i have Windows 11 installed on Asus ROG ,So Here is the thing i have formated my laptop because seems malware bytes found legalhakcer.com suspicious linked to my edge...But some how i see two ports open in my laptop port 1042,1043 afrog so i googled seems...

  4. Strange ports are found and TPM is not found

    in Windows 10 Software and Apps
    Strange ports are found and TPM is not found: Hello FriendsWell i have Windows 11 installed on Asus ROG ,So Here is the thing i have formated my laptop because seems malware bytes found legalhakcer.com suspicious linked to my edge...But some how i see two ports open in my laptop port 1042,1043 afrog so i googled seems...

  5. Strange Account I found in HKEY_USERS

    in AntiVirus, Firewalls and System Security
    Strange Account I found in HKEY_USERS: I recently got a malware attack, luckily nothing bad happen, I resolved it, but when I go to regedit, I found these accounts in HKEY_USERS:S-1-5-18S-1-5-19S-1-5-20S-1-5-21-1822402108-566194498-1648361893-1001S-1-5-21-1822402108-566194498-1648361893-1001_ClassesThese are very...

  6. Strange registry entries

    in AntiVirus, Firewalls and System Security
    Strange registry entries: When searching the registry I came across the entries: The only languages I have installed are American and English. Are these entries installed by Microsoft or by malware?...

  7. Strange file found

    in Windows 10 Network and Sharing
    Strange file found: The short version is that I found this file about 8 months ago and called windows phone support. No one there had any idea as what it was. All scans have comw up negative for malware. There is no information about it on the web that I could find. I have attached a pic of...

  8. Strange Registry Key- Possible spyware

    in AntiVirus, Firewalls and System Security
    Strange Registry Key- Possible spyware: I was looking through regedit and was this key HKEY_CURRENT_USER\SOFTWARE\·ÎÄà ÀÀ¿ë ÇÁ·Î±×·¥ ¸¶¹ý»ç¿¡¼* »ý¼ºÇÑ ÀÀ¿ë ÇÁ·Î±×·¥ I believe its some spyware. I need advice on how to deal with it Thank you 53977

  9. Strange characters in registry (screenshot)

    in Windows 10 Support
    Strange characters in registry (screenshot): [img] What are the characters at the bottom? 105734

  10. Strange symbols found in Registry Editor

    in Windows 10 Support
    Strange symbols found in Registry Editor: I wasn't sure which place to put it in, so I put it in General Support. I was about to find out why my Desktop Wallpaper's not changing - again - and when I went into Reg Edit, I saw this: Does anyone know what this could mean? [img] 99897