User Account appeared in the night


New Member
Yesterday morning I turned on my laptop and discovered a new user account had appeared during the night.
We searched, removed it, ran ESET, deleted Edge since the user seemed to be associated with it. My webcam is turned off, disabled, all features are disabled, microphone off, piece of painters' tape over the lens.
This morning, it's back.
Went through the check up routine again. Now, no sign of the interloper.
Here's the question. How do they get there when your laptop is turned off and not actively connected to any network. My internet is through my mobile hotspot which isn't running when I'm not on my laptop. I don't use it for anything else so I turn it off.
Right now, I'm going to turn off my laptop until later this afternoon. My hotspot will also be turned off.


Well-Known Member
If a malware already got into your computer, disconnecting it from the internet won't help. Delete the new user account when being disconnected from the internet and restart the computer in safe mode. Now check if the user account is back or not. If yes, then it will be probably very difficult to find the malware. If no new user account is found after safe boot, then you should check all programs that run at computer start-up and try to identify the malware that runs and makes the new user account. It will not be easy to get rid of the malware, but you are lucky you found the user account which will probably enable a ransomware attack. In any case, until you will get rid of the malware, you shouldn't connect your computer to the internet. Take your laptop to a professional service if you are not sure about what you are doing.

Sent from my SM-N975F using Tapatalk


Windows Forum Team
Staff member
What was was the account name? It's fairly uncommon for malware to create and use another account for it to run under and somewhat less uncommon for legitimate programs to create and run as different accounts.


Well-Known Member
MiYarnStalker, I hope you have antimalware software. If not, you *may* have to factory reset the computer and download your added programs again, *after* adding such software. Look for recommendations from PC World.

If you do have to factory reset, make sure you only use sites that your antimalware doesn't flag.

Sent from my iPhone using Tapatalk


New Member
I did mention in my original post that I have ESET and we do have the NOD32 version. We did more looking around yesterday and discovered that this account is the phantom account created by ESET as part of the anti-theft feature. All is well.
Yes, I have malware software. My practice is that I never click on links sent to me in e-mails, never click on links even sent by friends who are in the habit of just sending anything they want to share. I've got a whole lot of extensions in my Firefox that really annoy websites who want to track me, fill my screen with ads, etc. and my new favorite Facebook Container.
My husband is in the aerospace industry as a program manager and software developer and I'm what I call a Geek-Nerd from way back. Normally, I figure it out on my own but this one was rather interesting.
The answer from ESET was that the phantom account should not be logged into as it will set off the anti-theft feature and disable my laptop as if I'm the actual thief. Got it and won't do it. The last thing I need to do is be disabled during an online final exam week.
Thanks everyone!