SOLVED Mystery account

[fungus1948]

‘llo,

Problem:
I have a mystery local account on my laptop called “dsauotdhuwa” .
I can delete this account but the next day it is back …
‘I’ve tried to find the “perpetrator” by disconnecting some gear like Chrome cast etc… but no result.
Neither there is a security warning from my Security software.
The laptop is always at home; there is no other network connection (as far as I know …)

Is there a way I can find a link to determine the origin of this account (there are some “mystery account” posts on the Internet but none with an answer for this situation).
Thanks in advance.

 

[Regedit32]

What security software are you using?

ESET for example has an anti-theft measure which creates a phantom account, with which you can permanently disable the machine remotely in the event you lose or have your laptop stolen.

Does this account appear on the Sign-in or Lockscreen?

Is your computer connected to a Workgroup or Domain?

The Registry stores all users Security ID as SID hives. With some more information from you we could explore removing the account via the Registry rather than the Command Prompt console via net user <username> /delete

 

[fungus1948]

@ Regidit32 ,Thanks for the reaction.

I do have ESET as security software and I know the anti-theft account name ( is not dsauo...etc).
The mystery account appears in the Sign-In screen.
The Laptop has no connection with an other Workgroup or Domain ( if relevant: excepted a Samsung J5 )
The Registry via Command Prompt gives this result ( notice that I found this as a result/interpretation of your answer/reaction about the Registry ; is not my wisdom )

Is it possible this way, to find out the "creator" of dsaoutdwuha ?
and/or
Is it recommended to make a copy on notepad of the "dsaoutdhuwa" SID numbering and then delete this line in the Registry and wait for the results in the future. Or is there a beter /safer way ?

Other information you like to to know?

 

[fungus1948]

addendum:

I found out, there is a difference in the ProfileList
The SID from "dsaoutdhuwa" is not on the list

A normal situation or ...?

 

[fungus1948]

@Regedit32 - Quote
The Registry stores all users Security ID as SID hives. With some more information from you we could explore removing the account via the Registry rather than the Command Prompt console via net user <username> /delete

At first I thought that New Years headache afterwards, had something to do with the “silence “ on the front line. But after 10 days... that can't be the case any more ( hopefully ). So I'm going to try it again once more to get an answer for my questions and to avoid doing something stupid in the registry.

So concerning my posts from december 25; is there something abnormal with the fact that the “dsauotdwuha” account is in the SID - list but not in the ProfileList ?

If this is not abnormal; what's the best /safes way to delete this account ?
Is it possible to determine the creator of this account ?

Thanks in advance.