Last week I noticed upon booting my computer there was an extra user account named IUSER. I couldn't get into it 'cause it was password protected. So I deleted it from my account and did a virus scan which turned up nothing (I've got McAfee and it's updated). So a few days later, there's IUSER again! I delete him and run a scan. This happens every other day now. WTF is up and what can I do?

You must have installed IIS on your computer by accident. This is just the Microsoft web server application and it is not a virus or spyware. Just go into "Add Remove Programs" Then "Add Remove Windows Components" and uninstall it.

Sounds like an easy fix, thanks dan, but there nothing called IIS listed in the Windows Components window. Does it have another name?

it will say "internet Information Service IIS" If you see that the little checkbox is check, then it is installed. To uninstal it, just uncheck it and click on "next".

In the Windows Components window, I've got

+Accessories and Utilities
+Fax Services
-Indexing Service
+Internet Explorer
-Management and Monitoring Tools
+MSN Explorer
+Networking Services
-Other Network File and Print Services
+Outlook Express
+Update Root Certificates
+Windows Media Player-
Windows Messenger

(+ means checked and - means not checked)

Can't find the IIS.

IIS should be right under Internet Explorer.

You may have also installed some other web server other than IIS. Take a look in "Add Remove Programs" and see if there is anything there that says some kind of web server.

sorry, not there under Explorer, unless it's been rendered invisible or something...i'll check for other web servers, thanks. i DO want to thank you dan, for taking the time to help. could someone be accessing my computer remotely?

sorry, not there under Explorer, unless it's been rendered invisible or something...i'll check for other web servers, thanks. i DO want to thank you dan, for taking the time to help. could someone be accessing my computer remotely?

I doubt if someone is accesing your computer remotely. The iuser is created by iis so that annonymous users can access your webserver. It is the way that all of us can see a website. I suppose there is a possiblity that someone is accesing it, but if you have Mcafee installed and it is up to date, it's probably ok. If you need more help, you can PM me. Im just working at my desk for a while so I will be around.

Thanks so much dan. I've got to get back to work now. But I might PM you sometime later today or this week. Thanks again.

Thanks so much dan. I've got to get back to work now. But I might PM you sometime later today or this week. Thanks again.

NP anytime

I'm an 20 + year IT professional so you can consider or ignore this as you desire..

First, if you think you are beinhg hacked, PULL THE NETWORK WIRE OR REMOVE / DISABLE THE WIRELESS ADAPTER.

Reboot the machine, and check for the unwanted user id. it's presence or asence is not a determinator of whether ornot a remote connection is doing this but it may help. The idea here is to document effects of changes.

Then check you running processes, with CTL-ALT-DEL and select the processes and apps tabs.

Write down everything

Then get from a friend a copy of Security task manager a shareware program. You can temporarily re-activate your newtork connections to do this (the machine is either fucked or it isn't at this point).

Install it and run it. It will list every process running and give an opinion on how safe or risky a program is. It's a much better listing of processes than what's built into winBlows.

You can use STM to remove unanted processes from your registry (and the STM program shows the full pathname of the processes so if it's in its own directory and you didn't install the program) you can delete the bad files.

Reboot the machine. the bad proccesses removed if any should NOT show up.

PM me if you want more assistance or just post responses to this thread.

Here are the screenshots from XP