Is user "sys" in active directory a hacker's account?

A client of mine is using Windows Server 2003. Under the list of users in active directory there's a mysterious account called "sys" (without the quotes of course). They have been hacked in the past and I'm wondering if this is a remnant of the hacker's account or if this is some kind of default user.