Unknown built in account that was created by a trojan.

Posted on 2005-03-16
Medium Priority
Last Modified: 2010-04-13

I have been battling with troy for a couple of weeks now, I'm starting to feel like a real Spartan! I noticed today when running the security baseline analyser that there is an account in the administrators group that I don't recognize. It is dale.chippen(suspicios no?) and the system will not allow me to disable or delete it because it is a member of the built in accounts.

What is going on with that?
Question by:blairhenry
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13553783
Are you running Windows Pro or Server? Where do you see this account and in which container ?
LVL 35

Accepted Solution

Nirmal Sharma earned 2000 total points
ID: 13553808
>>>and the system will not allow me to disable or delete it because it is a member of the built in accounts.

Is this account listed as administrator account?
What is the full name of this account ? it is dale or dale.chippen?

If it is a member of built in account means GROUP and not user. If this is a user then it can be deleted easily using the Reg.exe.

Let me know.


Author Comment

ID: 13553835
I am running Windows 2000 Server for my Active Directory domain master.

The account is shown in a container called hyco/charlottetown which is an organizational unit in our domain.

The full name of the account is Dale Chippen and the user name is dale.chippen.

It seems to have been added as a member of the built in group administrators and I don't know how to remove it from this.
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more


Author Comment

ID: 13553945
Well, I am feeling kind of stupid now. My other tech just arrived and tells me that he renamed the original administrator account to this a while back.

I will close the case and award you the points for your response.

LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13553957
Do you see this account in Builtin container?
Try to remove it from Administrators Groups in Buitlin container and then removing this?
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13554500

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In today's business world, data is more important than ever for informing marketing campaigns. Accessing and using data, however, may not come naturally to some creative marketing professionals. Here are four tips for adapting to wield data for insi…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month11 days, 7 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question