Marktavius
New Member
I was hoping someone a bit more computer-savvy than I am could help me with the following problem.
1. I recently detected a trojan called "exploit-byte verify" on my computer. I deleted it. Then, I shut off system restore and started my computer in safe mode to do another virus scan and delete any copy of the trojan that might be stored among my back-up files. When I restarted my computer, there were two user account options: the one I always use and "Administrator" (I have XP Pro). I am fairly sure I deleted the Administrator account when I first installed the OS, so I think someone may have remotely added that user account to my computer in order to remotely use it covertly. The fact that there is a stupid little karate icon next to the Administrator account option also leads me to believe this since I would never choose that icon. The Administrator account option is only visible when I start my computer in safe mode, never when I start it in regular mode. Does this sound like someone may be remotely using my computer? If so, does anyone know of the best way to go about handling the situation?
2. I also unchecked the "Allow Remote Assistance invitations to be sent from this computer" option, which I found under the Remote tab in the System Properties window. The "Allow users to connect remotely to this computer" option was already unchecked. I'd like to take additional actions, but I want to first make sure they will not be harmful to my computer. Under the Services tab in the System Configuration Utility window, I would like to uncheck every option that begins with the word "Remote," except for the one that begins with "Remote Procedure Call," which the computer will not allow me to uncheck. Given that I never use the remote access feature, don't share files with other members of my LAN, and don't have (or didn't think I did) multiple users on my OS (not really sure if these facts are even pertinent), should it be safe to uncheck these options?
Thanks,
Mark
1. I recently detected a trojan called "exploit-byte verify" on my computer. I deleted it. Then, I shut off system restore and started my computer in safe mode to do another virus scan and delete any copy of the trojan that might be stored among my back-up files. When I restarted my computer, there were two user account options: the one I always use and "Administrator" (I have XP Pro). I am fairly sure I deleted the Administrator account when I first installed the OS, so I think someone may have remotely added that user account to my computer in order to remotely use it covertly. The fact that there is a stupid little karate icon next to the Administrator account option also leads me to believe this since I would never choose that icon. The Administrator account option is only visible when I start my computer in safe mode, never when I start it in regular mode. Does this sound like someone may be remotely using my computer? If so, does anyone know of the best way to go about handling the situation?
2. I also unchecked the "Allow Remote Assistance invitations to be sent from this computer" option, which I found under the Remote tab in the System Properties window. The "Allow users to connect remotely to this computer" option was already unchecked. I'd like to take additional actions, but I want to first make sure they will not be harmful to my computer. Under the Services tab in the System Configuration Utility window, I would like to uncheck every option that begins with the word "Remote," except for the one that begins with "Remote Procedure Call," which the computer will not allow me to uncheck. Given that I never use the remote access feature, don't share files with other members of my LAN, and don't have (or didn't think I did) multiple users on my OS (not really sure if these facts are even pertinent), should it be safe to uncheck these options?
Thanks,
Mark
