Many of my friends reflect that there seems to be a "third party" in their computers, but whether they directly open the account manager in the system, you still cannot find any clues through the "net user" command in the command prompt.
Does this mean that there are no other illegal accounts in the computer? No, because many hackers modify the HKEY_LOCAL_MACHINESAM of the Registry to create hidden accounts, which cannot be seen by conventional methods.
To check whether a hidden account exists on your computer, you must start from the source to view the corresponding key value of the registry. Open the "run" window, enter "regedit", and press enter to open the Registry Editor. On the left side, select HKEY_LOCAL_MACHINESAM, right-click the SAM sub-key, select "permission" in the pop-up menu, and click "add" in the open permission settings window to add the current account, set the permission to "full control" and click "OK" to return.
At this point, we can see two more sub-keys under the SAM sub-key, namely samdomains and samrxact. Expand SAMSAMDomainsAccountUsersNames in sequence. The subkeys under Names are the list of all accounts in the current system, including hidden accounts, if it is found that the list is inconsistent with the user that the system account management or net user sees, it turns out that it is an illegal secret account and you can directly Delete the corresponding sub-key.
In addition, if you are in trouble, you can directly open the registry, select HKEY_LOCAL_MACHINESAM, open the "file" menu, and select the "Export" command to export the key value, if you suspect that a hidden account has been illegally created, you only need to double-click the exported registry file and re-import it to the Registry to delete the hidden account.