• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 634
  • Last Modified:

Account keeps rebuilding itself on XP

I have an HP computer running windows XP Media Center.  Something happened and instead of the user booting up to HP_Administrator account as usual, he was booting up to an account HP_Administrator.MINEMINEMI.   I ran combofix and Malewarebytes multiple times.   Deleted multiple threats, but now those two apps come back saying it is runing clean.   But everytime I bootup it goes to the HP_Administrator.MINEMINEMI account.   SO I went to Safe Mode went to Administrator Account and deleted the HP_Administrator.MINEMINEMI.  BUt everytime I reboot into regular mode, it recreates the HP_Administrator.MINEMINE<MI account.  How do I stop this from happening?
3 Solutions
I would advise you download a program from http://www.systeminternals.com/ called "Autoruns"


This way you can check what is causing the start up issues.

Be careful, these tools are very powerful
Don't use the administrator account as a standard account. Rather create a new user account with a complete new name (like the name of the user of that PC. Then logon to that account and set it up the way you need it. Then delete the administrator account, and if the minemineme still exists also that one, when deleting make sure you also select to delete all files and folders in that account (back needed files up or copy them to the new account or to the public folder area before deleting the accounts).

When done reboot, create a new Administrator Account, give it a good password. After that change the user's main user account to a standard, not administrator's account, but keep on using that one as the main account.
Dr. KlahnPrincipal Software EngineerCommented:
Suggest you run the Symantec online virus scanner using Internet Explorer.  It is amazingly slow to load, taking up to an hour the first time around, but it finds things other virus scanners do not.
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

it's seem you have issue with current account

to solve it just create anther username let's say it admin1

give it administrator rights then login using admin1

remove all old profiles (after you copy your files) then remove all users too.

restart your machine

login using admin1 again then create anther username (as you like) with rights you want

login using that username and confirm is things good or still pointing to anther profiles.

syssolutAuthor Commented:
I went in and ran Symantec online scanner, nothing, the computer is clean.   I went in and created a new account and tried to delete the old HP_Administrator but it says I cannot even though I am signed in under the new account with admin rights.   It says I cannot dete the "stub_data".   Access is denied.  There is also the normal account of Administrator that shows up under Safe Mode.   As for the HP_Administrator account, I was able to delete it under User Accounts with all it's files, but it still shows up under Explore and I cannot delte it.  The error message above shows up.   Any ideas?   Or am I going to have to copy files and restore to factory fresh?
Try deleting it in while safe mode.
What you see is that you are not logged in under a different account, but a different profile.
From what you mention i guess that your computer name is MINEMINEMI

You have created a user account called HP_Administrator; Normally this user account gets a profile called HP_Administrator. But if the profile gets corrupted in some way (rights are removed, ntuser.dat has the wrong owner etc) a new profile is created with the computer name appended, thus the HP_Administrator.MINEMINEMI *profile* associated to the HP_Administrator *account*.

Now that you have created a new account with a new profile you should be able to delete the old profile. Make sure in explorer - Folder and search options - View you enable "Show hidden files, folders and drives". In permissions of the folders you cannot delete (Properties - Security - Advanced - Owner) make yourself the owner of that folder and subfolders
syssolutAuthor Commented:
Thanks, the MINEMINEMI was the computer name as you said.  I did create a new account and delete that one account so now it just boots automatically to the new account.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now