Shared Computer Toolkit Hacked? RRS feed

  • Question

  • I realize this software may no longer be supported but we have been using this without any issues (until recently) which is prompting for my questions.

    Again, we've used this with very little problems for about 2.5 years.  We recently discovered a computer that had a new user account created called "Spy".  This account was not created by myself or the other technicians and it had full administrator access.  It was also password protected.

    Now the user account had not been logged onto since there was no profile in "Documents and Settings".  We reset the password through another admin account and logged onto it for the first time (as far as we can tell).

    How would someone be able to create an account on a limited account?  It's odd because even though it was created, it was never used.  Do USB keyloggers work on restricted accounts?  If there's a USB keylogger and I log in with an admin account wouldn't it effectively log all my keystrokes?  

    We're in the process of upgrading these desktops to the latest version of SteadyState but this issue has me extremely curious as to how they pulled this off.
    Monday, December 29, 2008 11:34 PM


  • Hi Marc, thank you for the feedback. From the description, this account can be created either via SCT toolkit or user management in Windows. If this user was not created by administrator, the issue can be virus/malware related and I don't think there is much to do in SCT toolkit. I suggest you first delete the account and see if it can be re-created. Also, I suggest you try a free online virus scan on the following site:


    Meanwhile, if you need more help with virus-related issues, please contact Microsoft Product Support Services.

    For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates.

    For support outside the United States and Canada, visit the Product Support Services Web page (http://support.microsoft.com/?pr=SecurityHome  ).

    If this issue also occurs in the latest version of Windows SteadyState, please feel free to let us know. Thank you.

    • Edited by Leo Huang Friday, April 6, 2012 8:29 AM PCSafety Center update
    Wednesday, December 31, 2008 3:33 AM