-
May 6th, 2011, 01:20 AM
#1
Mysterious user account
Hi,
I was updating a Windows XP SP3 box and happened to notice that I had a new user account in documents and settings, called "UpdatusUser".
It had shortcuts to Windows remote assistance and LG updater. The LG item is the DVD drive in this box.
I looked at user accounts in control panel and the account wasn't displayed there.
A bit of investigation revealed that it must have happened when I updated the nVidia management software and drivers for the GeForce 8400GS video card. I allowed the updater utility to be installed, as there was no warning that it would create a system account.
Apparently it will do the same thing in Vista and Windows 7.
I am no expert at malware authorship but it did occur to me that this could be a potential exploit vector?
I uninstalled the nVidia updater utility and noticed that this does not get rid of the phantom account.
I am still trying to figure out the LG DVD drive bit though, as I can't quite see the connection?
The driver was 270.61
-
May 6th, 2011, 07:40 PM
#2
See this link, at the bottom of the page:
http://www-307.ibm.com/pc/support/si...IGR-76476.html
Here is the relevant content:
After the correctly installed Nvidia Optimus video driver, there will be a new account added to the system. The account is a System Service account that is used by the Nvidia Daemon update service to update the optimus profiles. The account will allow for the automatic download and installation of application profiles that the Optimus technology will use.
The account can be removed by changing it to use Local System, Set to Manual and then delete the UpdatusUser user account and folder.
It's a part of the Optimus video technology from NVidia....the article happens to be a reference from a Lenovo Page but the information applies to all installs of the Optimus Package.
Last edited by Wazz; May 6th, 2011 at 07:44 PM.
"It is a shame that stupidity is not painful" - Anton LaVey
-
May 6th, 2011, 10:17 PM
#3
-
May 13th, 2011, 04:05 AM
#4
Excellent!!! Glad I could help you out nihil! Nice of them to let us know they're creating accounts for us eh? Perhaps an Installwatch or Windows System State Analyzer is called for here to see what else is going on....Hmmmm. Cheers...
"It is a shame that stupidity is not painful" - Anton LaVey
-
May 17th, 2011, 09:57 AM
#5
This is interesting...developers are now forced to open new accounts on a machine to make their product run?
Laziness, or not wanting the user to have to clicky click the buttons?
Every now and then, one of you won't annoy me.
-
May 17th, 2011, 10:26 AM
#6
@ bludgeon,
Indeed! that's what made me suspicious at first. Now, thanks to Wazz and a bit of investigation I find that it doesn't even work on the machine in question.
It seems to have seen the nVidia card and the onboard Intel video chipset and assumed that it was a laptop? as this is an old machine (mid-2006) I have to turn off the onboard video to run the discrete card.
From what I can see this is aimed at laptops or portable desktops and will act as a power (battery) saving mechanism, reverting to the onboard chipset for low intensity graphics requirements. At the same time it seems to be aimed at gamers; as these "profiles" look like tweaks for specific games.
I would have thought it should be something deliberately initiated by the user, rather than globally applied?
-
May 17th, 2011, 10:37 AM
#7
Low level hardware control, more interesting...don't tell the Belgians.
Every now and then, one of you won't annoy me.
-
May 17th, 2011, 03:47 PM
#8
Can't find much on your topic that's useful, this tho...
http://forums.nvidia.com/index.php?showtopic=178965
Every now and then, one of you won't annoy me.
-
August 17th, 2011, 10:31 AM
#9
Junior Member
This is interesting...developers are now forced to open new accounts on a machine to make their product run?
What'd u mean? PR?
-
August 20th, 2011, 06:41 AM
#10
These accounts are created when your normal user profile is damaged. Windows creates a new user profile for you then. Although I would not re-profile referenced in the article linked below (it is for Windows 2000 and not XP), MVP Ramesh has a good explanation of the situation and how to find what you are really profile with here:
Copy the profile folders under "Documents and Settings"
Similar Threads
-
By steve.milner in forum IDS & Scanner Discussions
Replies: 5
Last Post: August 12th, 2004, 12:23 PM
-
By Nokia in forum Tips and Tricks
Replies: 4
Last Post: June 18th, 2004, 04:24 PM
-
By mrleachy in forum *nix Security Discussions
Replies: 4
Last Post: October 18th, 2002, 01:27 PM
-
By Joey_Batch_File in forum The Security Tutorials Forum
Replies: 10
Last Post: September 20th, 2002, 09:03 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|