Mysterious user account

[nihil]

Hi,

I was updating a Windows XP SP3 box and happened to notice that I had a new user account in documents and settings, called "UpdatusUser".

It had shortcuts to Windows remote assistance and LG updater. The LG item is the DVD drive in this box.

I looked at user accounts in control panel and the account wasn't displayed there.

A bit of investigation revealed that it must have happened when I updated the nVidia management software and drivers for the GeForce 8400GS video card. I allowed the updater utility to be installed, as there was no warning that it would create a system account.

Apparently it will do the same thing in Vista and Windows 7.

I am no expert at malware authorship but it did occur to me that this could be a potential exploit vector?

I uninstalled the nVidia updater utility and noticed that this does not get rid of the phantom account.

I am still trying to figure out the LG DVD drive bit though, as I can't quite see the connection?

The driver was 270.61

[Wazz]

See this link, at the bottom of the page:

http://www-307.ibm.com/pc/support/si...IGR-76476.html

Here is the relevant content:

After the correctly installed Nvidia Optimus video driver, there will be a new account added to the system. The account is a System Service account that is used by the Nvidia Daemon update service to update the optimus profiles. The account will allow for the automatic download and installation of application profiles that the Optimus technology will use.

The account can be removed by changing it to use Local System, Set to Manual and then delete the UpdatusUser user account and folder.

It's a part of the Optimus video technology from NVidia....the article happens to be a reference from a Lenovo Page but the information applies to all installs of the Optimus Package.

[nihil]

Thanks Wazz!, that's a great find, and all is becoming clear to me now (doh!)

My wife bought the machine from her workplace. It has an Intel motherboard with integrated graphics. I added a 512MB nVidia GeForce 8400GS discrete card.

It would seem that the nVidia upgrade spotted the integrated chipset and applied this new application, so that the system can now use both the integrated and the discrete graphics. I think that this is similar to the Ati "Hybrid Crossfire" system?

It also appears that this nVidia application was developed with gaming and entertainment in mind. That would explain the apparently strange inclusion of the LG DVD drive update, as it also checks that the hardware drivers are up to date?

As I suspected, it should be run as Local System rather than World + dog

Thanks again, I believe that the mystery is now solved.

[Wazz]

Excellent!!! Glad I could help you out nihil! Nice of them to let us know they're creating accounts for us eh? Perhaps an Installwatch or Windows System State Analyzer is called for here to see what else is going on....Hmmmm. Cheers...

[bludgeon]

This is interesting...developers are now forced to open new accounts on a machine to make their product run?

Laziness, or not wanting the user to have to clicky click the buttons?

[nihil]

@ bludgeon,

Indeed! that's what made me suspicious at first. Now, thanks to Wazz and a bit of investigation I find that it doesn't even work on the machine in question.

It seems to have seen the nVidia card and the onboard Intel video chipset and assumed that it was a laptop? as this is an old machine (mid-2006) I have to turn off the onboard video to run the discrete card.

From what I can see this is aimed at laptops or portable desktops and will act as a power (battery) saving mechanism, reverting to the onboard chipset for low intensity graphics requirements. At the same time it seems to be aimed at gamers; as these "profiles" look like tweaks for specific games.

I would have thought it should be something deliberately initiated by the user, rather than globally applied?

[bludgeon]

Low level hardware control, more interesting...don't tell the Belgians.

[bludgeon]

Can't find much on your topic that's useful, this tho...

http://forums.nvidia.com/index.php?showtopic=178965

[joem11]

This is interesting...developers are now forced to open new accounts on a machine to make their product run?
What'd u mean? PR?

[donaldsmith]

These accounts are created when your normal user profile is damaged. Windows creates a new user profile for you then. Although I would not re-profile referenced in the article linked below (it is for Windows 2000 and not XP), MVP Ramesh has a good explanation of the situation and how to find what you are really profile with here:

Copy the profile folders under "Documents and Settings"