I have another user than root with UID 0

I'm running a VPS which I have forogtten for quite a while. It was still running Ubuntu 18. I logged in today an saw that apparently the server was hacked, it was running a cryptominer and stuff.

So I changed passwords, hardened SSH with 2fa, upgraded to ubuntu 22, removed the cryptominer service, ran different malware detection softwares

There is a user with the uid 0

$ cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
...
intell:x:0:0::/root:/bin/bash

When I try to delete it I get warned that I'll remove the root user

$ deluser intell
WARNING: You are just about to delete the root account (uid 0)
Usually this is never required as it may render the whole system unusable
If you really want this, call deluser with parameter --force
Stopping now without having performed any action

Ugh. Okay lets try to change the UID then

$ usermod -u 2005 intell
usermod: user intell is currently used by process 1

Well that doesn't work either.

There is no home directory

So what do I do now? Just remove it from /etc/passwd and /etc/shadow ?

First, setup sudoedit:

In your ~/.bashrc, add:

export EDITOR=$(type -p editor_of_choice)
export VISUAL=$(type -p editor_of_choice)

Then source ~/.bashrc.

This completes sudoedit setup.

sudoedit /etc/{passwd,shadow} and delete ONLY the intell lines. You don't want to delete ~intell's homedir, it's /root. BUT:

An extra UID 0 userid is only one sign of "being hacked". There about a million other things to check/fix. It would be simpler to backup user data and reinstall your system.