• Unknown User Names in Log-in Screen List?

    Hi. I need some guidance with a strange/unnerving occurrence please.

    I logged out of my session to restart the desktop after some updates (Libre Office and a few others) and my log-in name was missing, so I clicked to enter it and there was a list of unknown user names:

    Pictures: http://imgur.com/a/bTumB

    Also my xfce session was not in the list but TWM and TinyWM were (see second picture).

    I restarted my computer and everything was back to normal and the unknown user names and desktops were gone.

    Is this something I should worry about in regards to my machine being compromised in some way?

    I’m posting for now from my back-up Ubuntu partition as I’m a bit concerned about what happened with my Antergos.

    Thoughts? guidance? 😕

  • This post is deleted!
  • @blinky do you have enabled remote login in some way? what is the DM you are using?
    Are you using public internet somwhere like inside university campus?
    Do you have tinyWM installed?

    It is possible that someone try to login remotly but as i think this will need a serious bad guy to do so…
    It can be simple also a failure from the DM you are using.

  • @joekamprad Thanks for taking the time to respond.

    I have not enable remote log-in to my knowledge.

    I am using a lightdm with the alternate antergos theme from the repo. I have been having trouble with the log-in screen being blank since way back when other users had posted a similar problem in the forums (but I hit “enter” it loads the fallback).

    This is a desktop at home (an apartment) with a wired connection

    I did NOT install TWN or TinyWM and I am the only user.

    The firewall is on

    I have been having trouble recently, like within the past week with the mouse clicks not registering and the whole system freezing and other general weirdness like having to click outside a confirmation box to get the button to work, like it’s not in focus, though it appears that it is.

    I don’t really do any risky behavior. The most risky thing is probably downloading pics for making wallpapers.

    I do have to admit though I’ve had the thought cross my mind over the past week if maybe I picked up malware in some way with the problems of crashing, Internet slowness, and clicks not registering etc. but being this is Linux most likely not.

    Edit: It was really just a fluke I saw these names as there was an update to Libre Office and I was wanting to use it so I thought I would log-out to make sure the updates were applied before I started and that’s when I ran into this strange problem.

  • This post is deleted!
  • It is not “Ransomeware”! 🔫

    Ransomware is a type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.

    What you encountered is most likely what is known as an “Easter Egg”. 🥚 Something programmers have fun with. An Easter egg will pop up when just the right conditions are met, which could be anything; a sequence of key strokes, starting a few applications in a pre defined order… You can tell by the silly names. An Easter egg can be an animated image, sounds or any kind of shenanigans. They are most common in games, but they can be anywhere. They are not dangerous. Sometimes doing exactly what you did to set it off, will do it again, but sometimes they disappear once activated, never to return again.

  • i just searched for 2 of the login names and found this (check the second option) https://duckduckgo.com/?q=basileusalex+napoleonib+archlinux&t=opera&ia=images

    the page won’t load but you can check the author https://github.com/CytoDev/
    and that there is a “LightDMMock”
    Maybe you replaced the lightdm or the greater for one in the AUR?

  • This post is deleted!
  • @Velkerk There is no such thing as rasonware! It is “Ransomware”


    a sum of money or other payment demanded or paid for the release of a prisoner.
    synonyms: payoff, payment, sum, price
    “they demanded a huge ransom”
    the holding or freeing of a prisoner in return for payment of ransom.
    “the capture and ransom of the king”***

    That’s why I used the gun, kidnappers do it for ransom. Its a crime, criminals use guns!

    Ransomware is not malicious in and of itself like viruses… but if you don’t pay to release your data, or give access to your computer back to you, then they can destroy it, or release incriminating evidence of a crime you have committed that you have or had stored on your computer to the public or authorities.

    Has anyone tried to force you to pay money to be able to logon to your computer? No. Did they encrypt your files and ask for money to get the encryption key? No. Has it destroyed your files… No, It just popped up a bunch of silly names, so it is most likely an Easter egg!

    You don’t have to take my word for it, you can always search google for “ransomware”, and “Easter egg in computing”.

  • This post is deleted!
  • rescate

    redimir, emancipar, rescatar

  • I Traveled (hitchhiked) from Germany through Switzerland, France and Spain to Africa (Tarifa, not Gibraltar) in 1979, I had a blast in Barcelona! Never learned much Spanish though.

  • Hey guys, I want to thank for your thoughts and taking the time to help.

    I don’t think it was ransom ware. I scanned with the clam and nothing turned up plus no lock screen or anything.

    My main concern was someone remotely logging in watching, logging my passwords and such.

    I try to be careful what and how I do things online and seeing that list of names and the low resource desktops installed ( like they were trying to be inconspicuous ), really kinda freaked me out.

    So I don’t think I would be comfortable with using it again, which means reinstall (and reset everything again… sigh) or try something else.

    I haven’t decided yet.

    I have some other things going on right now, so I’m just using my Ubuntu backup partition again for now.

    Thanks again for the input.

    Mr Mod., you may mark this and solved,


    I’m gonna nuke it from orbit. It’s the only way to be sure.

    Regards. 🙂

  • @fernandomaroto So those developers added code, so their usernames would pop up depending on a sequence of actions = Easter egg! since “The LightDMMock project is tightly based on the source C code of Antergos’ lightdm-webkit2-greeter”, then it makes sense, and you may be right, or it may be possible that he or they worked on the original Antergos greeter. I am not an insider, so I wouldn’t know that either way.

    So I would have to make an educated guess that it is in fact just a harmless Easter Egg, which was put there for fun. If it does involve some malicious code, then putting in their real user names would be a sure fire way to ensure that they get caught, and they would have to be pretty stupid to do that considering the possible consequences. In some countries you can go to jail for that.

    @blinky could isolate his personal data, or back it up to be safe, add some dummy files and folders, and run it for a while, just to see if something malicious does take place, as well as try to retrace his steps and find out just what sequence of events triggers it, if it has not been deactivated or auto destructed itself.

    Either way sounds like a mystery someone with the skills would love to crack.

    I have never run into an Easter egg myself by accident, but have read about them, and some were well documented once people figured out how to trigger them. In Microsoft products there were quite a few, that were put in with Bill Gates blessings. If you followed the steps correctly to invoke one, you could see them in action. One was animated and even had music. There was one on early mac pc’s that ran a funny Apple advertisement… It is very common to list developer and project team members handles.

    I have been messing with computers since 1978 (hardware side) and they are just a way of saying: “Hello world, we made this”.

  • So now this has me wondering… does anyone know of any Easter Eggs in Antergos, put there by the @developers?


  • It’s for them to know and us to find out!

  • I think it may be a good Idea for developers to include more of them!

    Imagine, a message pops up with penguins dancing on the screen and music in the background:

    “Congratulations: You successfully configured libglipedyglop to ungoop the gop! A very rare but powerful lib indeed! You have won an Antergos T-Shirt…”

    Now that would be cool!

  • @Zoidmo said in Unknown User Names in Log-in Screen List?:

    Now that would be cool!


  • I don’t know about all that easter egg business.

    All I did was log out and they were there nothing special.

    To me it was just creepy and it doesn’t explain the two desktop environments that I didn’t install nor the fact my main desktop (xfce) isn’t even in the list to log into so I HAD to restart the machine.

    I just wish it hadn’t happened to me.

  • typing “last” inside terminal to see login history ;)

Posts 22Views 2229
Log in to reply
Bloom Email Optin Plugin

Looks like your connection to Antergos Community Forum was lost, please wait while we try to reconnect.