Bob turned on his computer and found a new account named "John" on it. Leo says that's cause for concern. It could be a form of malware that gave a hacker remote access to the system. Why they'd choose a standard account, vs. an administrator account is somewhat of a mystery. Steve Gibson talked about a new malware issue that's popped up recently. It's a really nasty flaw in routers that was just discovered last week that exploits universal plug n play. Bob should run GRCs Shields Up to see if his router has that flaw. It's a good idea to delete the account. He can also turn off Universal Plug 'n Play (UPnP).
From the chatroom, the "John" Account is a Phantom Account installed by ESET's Anti Theft Utility. So it's normal for ESET customers.