Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Undeletable user account.
From: Jeremy Bishop <requiem () praetor org>
Date: Tue, 3 Jan 2006 15:28:59 -0800

On Tuesday 03 January 2006 13:54, James Bower wrote:
Hi all, one of my servers has recently been compromised.  No suprise
but the hacker created himself a user account.  The problem is that I
can't seem to delete the account.  The account is not part of any

To be entirely snippy, the problem isn't the undeletable account.  That 
falls into the "amusing puzzle" category.  The problem is that you are 
attempting to clean up the machine instead of rebuilding from 
known-good media.

I'm sure you have a very good reason for doing this, and I'm just making 
the assumption that the Windows culture has less awareness that this is 
generally a Bad Idea.

As for the user account, I suspect that it can be deleted in much the 
same way one would go about deleting the local administrator account.  
Have a link: http://www.kuro5hin.org/story/2004/7/4/7570/05276


The Write Many, Read Never drive.  For those people that don't know
their system has a /dev/null already.
              -- Rik Steenwinkel, singing the praises of 8mm Exabytes
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]