cinsays 0 Posted February 17, 2016 Posted February 17, 2016 Two days ago a new account appeared upon booting up our PC and I made the mistake of clicking on it. I had thought it would ask for a password, but it did not, just brought up some applications, looking somewhat "normal". I then received an email indicating that ESET Anti-theft recorded suspicious activity on our device, with someone logging in using the phantom account, which I guess was triggered by what I had just done. The device is not lost, so I'm guessing the suggestion to confirm it as missing is not what I should do, but what do I do and how do I get the bogus account off of my computer. The new account is a mixture of jumbled letters, as seems to have been the experience of others in the forums. I tried deleting the account via windows explorer by deleting the user folder, but it would not work because it said a file in there was being used elsewhere. Since I did not boot up with this account this time, I am guessing the bogus account is permanently logged in (?). There is also another account that is the same name as our primary account but with a suffix number. I don't know if that one is new or if it has been there for a while. My computer died a couple of weeks ago so I am using my husband's and he does not remember setting up the anti-theft function when he installed this software back in November. He may have, we just don't know. My technical skills on this machine are not super deep. I just need to know what to do as we do our banking and other stuff on this box. thanks
Administrators Marcos 5,458 Posted February 17, 2016 Administrators Posted February 17, 2016 Do you mean that your regular account disappeared and only logging to the phantom account was possible? A phantom account is created automatically as soon as you enable Anti-Theft but all other accounts should be retained.
cinsays 0 Posted February 19, 2016 Author Posted February 19, 2016 No, the regular account is still there, but there are the 2 other accounts and I had not really looked carefully at the screen upon booting up the box and I hit enter before realizing I had clicked on the bogus/unknown account). We have not done anything recently in ESET to activate the anti-theft option, so if it was not something my husband did when he installed in November, we did not have it on. The only thing I have done recently is run a scan. Can we delete the account? (have been dealing with a sick husband so have not been online the last couple of days, Marcos, to see your response and to provide this info).
Administrators Marcos 5,458 Posted February 19, 2016 Administrators Posted February 19, 2016 If Anti-Theft is disabled, it shouldn't be a problem to delete the phantom account. To be honest, I for one don't see a reason why 2 phantom accounts would exist on a computer.
cinsays 0 Posted February 19, 2016 Author Posted February 19, 2016 Ok, I have deleted them via the control panel user account maintenance Other than checking our bank accounts to make sure nobody has done anything, is there anything I can do to see if the phantom account did any damage? thanks a lot for your help
cinsays 0 Posted February 19, 2016 Author Posted February 19, 2016 ok, I just ran another scan and see all these errors - here is a sample ... they are in orange LogBoot sector of disk C: - error opening [4]Boot sector of disk D: - error opening [4]Boot sector of disk E: - error opening [4]Boot sector of disk F: - error opening [4]C:\hiberfil.sys - error opening [4]C:\pagefile.sys - error opening [4]C:\ProgramData\Microsoft\Crypto\Keys\dc8ee6b1087d44ea2ed0cbcd8e9b1141_1c41ce0f-c2ba-442f-bb61-a7bec6219187 - error opening [4]C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0013ea9232bbb414789657bb5c0d292a_1c41ce0f-c2ba-442f-bb61-a7bec6219187 - error opening [4]C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\004bc88c8e64849a0c0116a9995072a7_1c41ce0f-c2ba-442f-bb61-a7bec6219187 - error opening [4]C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00550f1f8f4c9a7b2d69b9d37e80977a_1c41ce0f-c2ba-442f-bb61-a7bec6219187 - error opening [4]
cinsays 0 Posted February 20, 2016 Author Posted February 20, 2016 so, do those errors I sent the sample of yesterday indicate that ESET is not really scanning the computer as needed? and the jumbled letter account showed up again on the initial screen the system let me delete the accounts via the control panel but the directories still exist if I go to the control prompt and I can't delete them (access denied) any suggestions ?
vgarcia2301 0 Posted April 23, 2016 Posted April 23, 2016 My phantom account does not appear on my startup screen anymore. How do I get it back? According to my eset anti-theft settings I still have my phantom account but it just doesn't appear on my startup screen.
Recommended Posts