Ghostuser attack.

Today, I remoted into one of my customer and the I couldn't.  The password was changed and the were 4 accounts created on the PC.  The accounts were Ghoster, GhostUser, GhostUsers, and GhostUserss.  All had admin rights.  Lucky, I have a program to blank out the password for the user account and could see the additional accounts on the PC.   I removed the Ghost accounts and scanned the PC for virus, etc. and found nothing that seems associated with this issue.  The data on the PC seems intake, strange.

Has anyone had this happen to them?

Who is Participating?
Shaun VermaakTechnical Specialist/DeveloperCommented:
A weak password or unpatched vulnerability
Shaun VermaakTechnical Specialist/DeveloperCommented:
Best solution
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.