Mysterious user account
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Mysterious user account

Hybrid View

  1. #1
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    Mysterious user account

    Hi,

    I was updating a Windows XP SP3 box and happened to notice that I had a new user account in documents and settings, called "UpdatusUser".

    It had shortcuts to Windows remote assistance and LG updater. The LG item is the DVD drive in this box.

    I looked at user accounts in control panel and the account wasn't displayed there.

    A bit of investigation revealed that it must have happened when I updated the nVidia management software and drivers for the GeForce 8400GS video card. I allowed the updater utility to be installed, as there was no warning that it would create a system account.

    Apparently it will do the same thing in Vista and Windows 7.

    I am no expert at malware authorship but it did occur to me that this could be a potential exploit vector?

    I uninstalled the nVidia updater utility and noticed that this does not get rid of the phantom account.

    I am still trying to figure out the LG DVD drive bit though, as I can't quite see the connection?

    The driver was 270.61
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #2
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    See this link, at the bottom of the page:

    http://www-307.ibm.com/pc/support/si...IGR-76476.html

    Here is the relevant content:

    After the correctly installed Nvidia Optimus video driver, there will be a new account added to the system. The account is a System Service account that is used by the Nvidia Daemon update service to update the optimus profiles. The account will allow for the automatic download and installation of application profiles that the Optimus technology will use.

    The account can be removed by changing it to use Local System, Set to Manual and then delete the UpdatusUser user account and folder.

    It's a part of the Optimus video technology from NVidia....the article happens to be a reference from a Lenovo Page but the information applies to all installs of the Optimus Package.
    Last edited by Wazz; May 6th, 2011 at 08:44 PM.
    "It is a shame that stupidity is not painful" - Anton LaVey

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Thanks Wazz!, that's a great find, and all is becoming clear to me now (doh!)

    My wife bought the machine from her workplace. It has an Intel motherboard with integrated graphics. I added a 512MB nVidia GeForce 8400GS discrete card.

    It would seem that the nVidia upgrade spotted the integrated chipset and applied this new application, so that the system can now use both the integrated and the discrete graphics. I think that this is similar to the Ati "Hybrid Crossfire" system?

    It also appears that this nVidia application was developed with gaming and entertainment in mind. That would explain the apparently strange inclusion of the LG DVD drive update, as it also checks that the hardware drivers are up to date?

    As I suspected, it should be run as Local System rather than World + dog

    Thanks again, I believe that the mystery is now solved.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    Excellent!!! Glad I could help you out nihil! Nice of them to let us know they're creating accounts for us eh? Perhaps an Installwatch or Windows System State Analyzer is called for here to see what else is going on....Hmmmm. Cheers...
    "It is a shame that stupidity is not painful" - Anton LaVey

  5. #5
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    This is interesting...developers are now forced to open new accounts on a machine to make their product run?

    Laziness, or not wanting the user to have to clicky click the buttons?
    Every now and then, one of you won't annoy me.

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    @ bludgeon,

    Indeed! that's what made me suspicious at first. Now, thanks to Wazz and a bit of investigation I find that it doesn't even work on the machine in question.

    It seems to have seen the nVidia card and the onboard Intel video chipset and assumed that it was a laptop? as this is an old machine (mid-2006) I have to turn off the onboard video to run the discrete card.

    From what I can see this is aimed at laptops or portable desktops and will act as a power (battery) saving mechanism, reverting to the onboard chipset for low intensity graphics requirements. At the same time it seems to be aimed at gamers; as these "profiles" look like tweaks for specific games.

    I would have thought it should be something deliberately initiated by the user, rather than globally applied?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    Low level hardware control, more interesting...don't tell the Belgians.
    Every now and then, one of you won't annoy me.

  8. #8
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    Can't find much on your topic that's useful, this tho...

    http://forums.nvidia.com/index.php?showtopic=178965
    Every now and then, one of you won't annoy me.

  9. #9
    Junior Member
    Join Date
    Aug 2011
    Posts
    1
    This is interesting...developers are now forced to open new accounts on a machine to make their product run?
    What'd u mean? PR?

  10. #10
    Banned
    Join Date
    Jul 2011
    Posts
    24
    These accounts are created when your normal user profile is damaged. Windows creates a new user profile for you then. Although I would not re-profile referenced in the article linked below (it is for Windows 2000 and not XP), MVP Ramesh has a good explanation of the situation and how to find what you are really profile with here:

    Copy the profile folders under "Documents and Settings"

Similar Threads

  1. Logwatch
    By steve.milner in forum IDS & Scanner Discussions
    Replies: 5
    Last Post: August 12th, 2004, 01:23 PM
  2. Windows XP Tips
    By Nokia in forum Tips and Tricks
    Replies: 4
    Last Post: June 18th, 2004, 05:24 PM
  3. creating a user account in redhat 7.1 (command line stuff)
    By mrleachy in forum *nix Security Discussions
    Replies: 4
    Last Post: October 18th, 2002, 02:27 PM
  4. Network Vulnerabilities and Countermeasures
    By Joey_Batch_File in forum The Security Tutorials Forum
    Replies: 10
    Last Post: September 20th, 2002, 10:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •