Jump to content

Phantom account

Recommended Posts

  Two days ago a new account appeared upon booting up our PC and I made the mistake of clicking on it.   I had thought it would ask for a password, but it did not, just brought up some applications, looking somewhat "normal".

  I then received an email indicating that ESET Anti-theft recorded suspicious activity on our device, with someone logging in using the phantom account, which I guess was triggered by what I had just done.

  The device is not lost, so I'm guessing the suggestion to confirm it as missing is not what I should do, but what do I do and how do I get the bogus account off of my computer.

  The new account is a mixture of jumbled letters, as seems to have been the experience of others in the forums.

   I tried deleting the account via windows explorer by deleting the user folder, but it would not work because it said a file in there was being used elsewhere.  Since I did not boot up with this account this time, I am guessing the bogus account is permanently logged in (?).

  There is also another account that is the same name as our primary account but with a suffix number.  I don't know if that one is new or if it has been there for a while.

  My computer died a couple of weeks ago so I am using my husband's and he does not remember setting up the anti-theft function when he installed this software back in November.  He may have, we just don't know.

  My technical skills on this machine are not super deep.  I just need to know what to do as we do our banking and other stuff on this box.



Link to comment
Share on other sites

  • Administrators

Do you mean that your regular account disappeared and only logging to the phantom account was possible? A phantom account is created automatically as soon as you enable Anti-Theft but all other accounts should be retained.

Link to comment
Share on other sites

No, the regular account is still there, but there are the 2 other accounts and I had not really looked carefully at the screen upon booting up the box and I hit enter before realizing I had clicked on the bogus/unknown account).

We have not done anything recently in ESET to activate the anti-theft option, so if it was not something my husband did when he installed in November, we did not have it on.

The only thing I have done recently is run a scan.

Can we delete the account?

(have been dealing with a sick husband so have not been online the last couple of days, Marcos, to see your response and to provide this info).

Link to comment
Share on other sites

  • Administrators

If Anti-Theft is disabled, it shouldn't be a problem to delete the phantom account. To be honest, I for one don't see a reason why 2 phantom accounts would exist on a computer.

Link to comment
Share on other sites

Ok, I have deleted them via the control panel user account maintenance

Other than checking our bank accounts to make sure nobody has done anything, is there anything I can do to see if the phantom account did any damage?

thanks a lot for your help

Link to comment
Share on other sites

ok, I just ran another scan and see all these errors - here is a sample ...

they are in orange


Boot sector of disk C: - error opening [4]
Boot sector of disk D: - error opening [4]
Boot sector of disk E: - error opening [4]
Boot sector of disk F: - error opening [4]
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\ProgramData\Microsoft\Crypto\Keys\dc8ee6b1087d44ea2ed0cbcd8e9b1141_1c41ce0f-c2ba-442f-bb61-a7bec6219187 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0013ea9232bbb414789657bb5c0d292a_1c41ce0f-c2ba-442f-bb61-a7bec6219187 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\004bc88c8e64849a0c0116a9995072a7_1c41ce0f-c2ba-442f-bb61-a7bec6219187 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00550f1f8f4c9a7b2d69b9d37e80977a_1c41ce0f-c2ba-442f-bb61-a7bec6219187 - error opening [4]

Link to comment
Share on other sites

so, do those errors I sent the sample of yesterday indicate that ESET is not really scanning the computer as needed?

and the jumbled letter account showed up again on the initial screen

the system let me delete the accounts via the control panel but the directories still exist if I go to the control prompt and I can't delete them (access denied)

any suggestions ?

Link to comment
Share on other sites

  • 2 months later...

My phantom account does not appear on my startup screen anymore.  How do I get it back?  According to my eset anti-theft settings I still have my phantom account but it just doesn't appear on my startup screen. 

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...