Question about Environment Variables
i recently noticed a new Environment Variable in System Properties (right-click on My Computer > select Properties > select Advanced tab > click on Environment Variables). It's "Isuser" and it's point toward my system temp folder.
Anyone know why it's there and if I can delete it??
Thanks,
Anyone know why it's there and if I can delete it??
Thanks, 0
Comments
I have seen similar things to such in malware, I would check box for malware, and you might see what a registry search on the term Isuser brings up. I woudl like to know what software registered that, it is named as an install process would be named in general sense (Microsoft use IS prefix for InStall, and uis prefix for UnInStall). One other thing, try rebooting the box if you have not done so after installing software (use Turn off computer|Restart in Windows itself). If it vapozes, there is a temp user named like that and some software does use that name for a user kept until things are fully registered in registry-- unfortunately, some of that software is pure malware and some is NOT. If it continues to be there after a restart, I would see Prime's article and run a very recently updated AV scan as well. There are malware things that use this name, and not just one or two unfortunately.
Take no action until after a restart except to LOOK and not touch in registry, but if you find things write them down as knowing the registry keys and valuse will help trace better as to good or bad thing. I cannot tell you for usre if your exact thing is good, questionable, or bad without knowing more deatails, but SpyBotS&D, a very recently updated (like today) AV scan, and and an Adaware run are also in order after the computer comes back up and is restarted. I know that "user" should not run after a restart since the last install YOU deliberately did of software unless you got a bad software install or XP refused to fully install something and it was not uninstalled right.
If it DOES remain after a restart, then either your box has a malware infection or a software install is hung or partially completed. Please check for BOTH possibilities.
John D.
i tried rebooting and it was still there. i also ran Norton AV and AdAware and both found nothing.
it points to an empty folder in my system temp folder, so i'm thinking i might just delete the entry.
what do you think?
Besides, it'll be nice to know you're clean of that crap.
Navigate to the folder it goes to in My Computer. In the tools menu click the folder Options option. Open the view tab of that dialog (the box is the dialog)go down with eyes until you see a listing by a folder icon, that says Hidden Files and Folders. See if the second option with a radio button (round O looking thing) has a dot in it. if not, click that, then apply if that option si offered and then OK to close, until you are looking at jsut the list. Let us know if anything shows up, otherwise delete the registry key that has that name and that folder you were in for path -- path will be in quotes.
IF there is anything that pops up after you tell Windows to show hidden files and folders, I woudl like to know what it is(name of folder you are looking in, folders that are hidden in it, any files you can list by then going into folders without clicking with left button on files themselves (folders you can click on to look inside them), can then find out maybe EXACTLY what it is for you, and folder path would help possibly also, and right-clicking on a file or folder will not run but will bring up the properties sheet dialog and I would like to know that info also. REASON, if I have all that, we can see if something did not get UNINSTALLED right and I might get better info out of all these things together than I got so far and remember. Also look at Prof's link for what to use to check for major gremlins, ok???
I know how to match symptom SETS (with strane file names and folder names)to viruses and trojans and worms, but only have one symptom, and file names used are often of hiddn files in ceritan folders.In some circumstances I tell folks exactly how to kill something, and to delete folder by knowing it does not even belong on box.
If you have NSW somtimes the WinDoctor tool will tell you if it just a bad key, and WinDoctor can help kill things that are gremlins but is by no means a virus killer, it just knows patterns of what normally exist in Windows. BUT, if it wants to delete something, 95% of the time I let it. That is true for any Norton Windoctor that will RUN and scan right on Windows XP. NSW 2003 and 2004 have a good one of those for XP.
John D.
in any case, my Folder Options settings show all files, including hidden files, and that folder was empty. I went ahead and deleted the variable (it was a user variable) as well as the folder last week, and I haven't had a problem since. I didn't actually do a registry search -- unfortuantely i deleted everything before reading your post, so i don't remember the registry entry -- in any case, i think i should be fine.
ran NAV 2004 and latest version of AdAware again, and there was nothing. I think it was just some residual installation crap.