It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

PC: "Users and Groups" question.

page: 1
0

log in

join
share:

posted on Aug, 18 2013 @ 06:32 PM
link   
Is it possible to have a user account that is invisible?

Recently I was checking into a process that I didn't recognize on my computer. An online website was looking for instances of the process and found one in C:UsersXXXX. The problem is I've never heard of XXXX and when I went to the C:Users folder, there was no XXXX subfolder.

Whoops: running Win 7 Home Prem. in Admin account.

All help appreciated, as usual.
edit on 18-8-2013 by ipsedixit because: (no reason given)



posted on Aug, 18 2013 @ 06:38 PM
link   
reply to post by ipsedixit
 


Some users don't always show up in the User Accounts area so you'll need to go to Computer Manager -> Local Users and Groups to see "all" accounts. Let me me know if you need more details.

Also, many applications run as a "service" which some times run with a built-in account like Local System or Network Service.
edit on 18-8-2013 by usertwelve because: (no reason given)



posted on Aug, 18 2013 @ 06:42 PM
link   
Its the NSA dont worry they keep you safe...



posted on Aug, 18 2013 @ 07:04 PM
link   

Originally posted by usertwelve
reply to post by ipsedixit
 


Some users don't always show up in the User Accounts area so you'll need to go to Computer Manager -> Local Users and Groups to see "all" accounts. Let me me know if you need more details.


This screen grab will show that there is no "Local Users and Groups" folder in the Computer Management folder.



??????? I know there is supposed to be one.

edit on 18-8-2013 by ipsedixit because: (no reason given)



posted on Aug, 18 2013 @ 07:18 PM
link   
I just found out the "Local Users and Groups" is not available in Windows 7 Home Premium. Maybe I need to upgrade.



posted on Aug, 18 2013 @ 07:20 PM
link   
reply to post by ipsedixit
 


Maybe the account you are logged in with does not have the rights to view/make changes to Local Users and Groups



edit on 18-8-2013 by PhoenixOD because: (no reason given)



posted on Aug, 18 2013 @ 07:23 PM
link   
Ah sorry i didnt spot you have win7 home premium. It not available in that version or lower in that GUI.

Though it is possible to view it. If you really want to mess around with your system.


edit on 18-8-2013 by PhoenixOD because: (no reason given)



posted on Aug, 18 2013 @ 07:30 PM
link   

Originally posted by PhoenixOD
Though it is possible to view it. If you really want to mess around with your system.


The idea is more along the lines of seeing if that has already been done.



posted on Aug, 18 2013 @ 07:33 PM
link   
reply to post by ipsedixit
 


well its not so much view it as use some of the functions with 'net user' through an elevated command prompt.


edit on 18-8-2013 by PhoenixOD because: (no reason given)



posted on Aug, 18 2013 @ 07:55 PM
link   
reply to post by ipsedixit
 


I haven't seen this done in particular, but it's just a set of files on a hard drive. If you know enough about how anything is constructed and have access to the CPU outside of the operating system itself, you can do pretty much anything you desire. On the programming side, you would probably want to write in assembly and use an assembler that does not enforce the operating system memory space and monitoring paradigm. An assembler like this may be hard to find these days, but they are certain to be out there somewhere.

Then, when you are given the CPU (usually requested by an interrupt when I used to write stuff like this), your little program can do literally anything you know how to do, understand the structure and protocols of, and know where the dedicated or shared memory is in terms of absolute addresses (relative addresses might work, in some cases). Once you are outside of the operating system, the entire computer and all connected hardware is yours and nothing but your own ignorance gets in your way. FYI: if you do something "bad" you can really screw things up too.

I used to write a lot of my own drivers for keyboard, video, mouse, and hard drives to enable dynamic debugging of software that was running that I didn't want to disturb because the run times were very, very long (days in some cases). I'd go scan register contents, shared video memory, hard disk buffers, keyboard buffers, printer buffers, etc. Generally peeking to see what was going on (monitoring) but occasionally poking new contents to see how the program reacted. It's basically trivial to do, with the right knowledge and a little experimentation.

So, yeah -- it should be possible. If I were doing something like that, I think I would try looking for a spot on the hard drive to leave a file outside of the file system (essentially lie to the allocation table). Then, when your little program begins running, if you want to expose it to the operating system, you could just correct the allocation table. I'm not sure why you would want to expose a hidden user account though, except perhaps to do something you don't quite understand yet or that takes too long to write in assembly?



posted on Aug, 18 2013 @ 08:59 PM
link   

Originally posted by BayesLike
I'm not sure why you would want to expose a hidden user account though, except perhaps to do something you don't quite understand yet or that takes too long to write in assembly?


Thanks for your post. I do get the jist of it but actually doing anything along the lines you describe is beyond my skill level and time constraints.

I want to delete the hidden user account, if it is there, or at the very least verify that it is there. It turned up in an online scan related to an .exe that I didn't recognize.

Could something like that crop up if a browser extension were installed? For example a user account was created in order to configure the installation and then the user account was deleted at the end of the installation process?

This might be related to my recent installation of the new piratebrowser addons to Internet Explorer.



posted on Aug, 18 2013 @ 11:12 PM
link   
The other possibility is that your Windows 7 install isn't a fresh install.
If you had a previous version of Windows, or even a previous version of Windows 7, it's quite possible to have user accounts, permissions or settings from the previous install left over.

For example...
if you installed Windows 7 over the top of another pre-existing installation, then ran software that had been installed while USING the previous installation, the username would show up in the task manager as... usually a sequence of numbers. Likewise with permissions and security settings.

Does that sound like the issue you're having?



posted on Aug, 19 2013 @ 05:01 AM
link   
reply to post by Awen24
 

No. This was the install that was on the computer when I bought it. The account doesn't show up when I go to Users and Groups in the control panel. I wonder if it might be from the install disk the store used to install the software on the computer, that it came with, which is similar to what you are saying.



posted on Aug, 19 2013 @ 10:48 AM
link   
reply to post by ipsedixit
 

Could be an account that was used by the manufacturer to setup the PC. Once they have it setup they may have removed the account but the Profile folder remained. I'd just move the folder somewhere else and then delete it completely after a week or so.



posted on Aug, 19 2013 @ 10:54 AM
link   
reply to post by usertwelve
 

The location of the folder is C: (backslash)Users(backslash)XXXX , but the folder is not there. There is no such folder XXXX. It only shows up when an online scan was looking for instances of a certain .exe.


edit on 19-8-2013 by ipsedixit because: (no reason given)



posted on Aug, 19 2013 @ 11:22 AM
link   
reply to post by ipsedixit
 

By "online scan" do you mean a virus scan of your hard drive? If so then it's probably just looking for known locations of existing viruses so if nothing is there then you're clean.



posted on Aug, 19 2013 @ 12:25 PM
link   
reply to post by usertwelve
 

I went to processchecker.com... to check on something called RaLink.exe. I found out that RaLink is usually called InstallShield. Ok, I've seen the term InstallShield before. It comes up every time you install something. Fine.

But the website said it found one instance of it:



I've never heard of IsaacAponte and there is no folder with his name on it in C: Users.


edit on 19-8-2013 by ipsedixit because: (no reason given)



posted on Aug, 19 2013 @ 01:16 PM
link   
reply to post by ipsedixit
 

I see. If I understand it correctly, what they are telling you is that is the location they have a record for that file in their database which was probably found on some guy named "Isaac Aponte's" PC. You might try to do a search for the RaLink.exe file on your file system but I'm guessing there's no need for concern.



posted on Aug, 19 2013 @ 05:29 PM
link   
reply to post by usertwelve
 

Yes that is probably it. Thanks.

Wish I'd thought of that.



posted on Aug, 19 2013 @ 05:30 PM
link   
reply to post by ipsedixit
 

My pleasure...




top topics



 
0

log in

join