Anonymous characters S-1-5-21-1935655697-1060284298-839522115-1003 found in my XP
December 18, 2010
Edit
Last month, I was stuck troubleshooting with my windows
XP and found out something strange. When I have tried to delete a file an error message
appear like “Access denied / you don't have enough permission to delete this
file....blah..blah..".What's wrong? I login as administrator and I have
the Full permissions but I am not able to delete those files.
I click the Security Tab and click the Advanced button to
check permission settings and I was shock. I found out that these anonymous
characters S-1-5-21-1935655697-1060284298-839522115-1003 with question mark. I don't create
any username like this and how come it has a Full Control permission inherited
like an Administrator?
It's so weird and I check the Owner menu then I spotted
the same anonymous character(S-1-5-21-1935655697-1060284298-839522115-1003)
owns specific files and system control. I miss the screenshot where you can see
that this anonymous character becomes the owner the system files.
Based on my experiences, this
S-1-5-21-1935655697-1060284298-839522115-1003 can be associated as companion of
recycler and most of the time you will notice this characters on Recycler virus
infected files.
So what happen? I delete the anonymous
character(S-1-5-21-1935655697-1060284298-839522115-1003) and change the Owner
to my account then I successfully deleted the files. But beware changing PC
ownership is dangerous and you might encounter serious problems later. It’s
better to create first a System Restore before doing any action related to
Permissions.
Some people think that this S-1-5-21-1935655697-1060284298-839522115-1003 is normal like what you have seen your HKEY_Users in the Registry as shown in the image below:
S-1-5-21-1275210071-1202660629-1801674531-500 this characters is called SID. SID stands for Security Identifier and is used within NT/2000 as a value to uniquely identify an object such as a user or a group. The SID under normal operation will be unique and will identify an individual object such as a user, group or a machine. Read more here about SID http://www.windowsitpro.com/article/john-savills-windows-faqs/what-is-a-sid-security-id-.aspx
While reading the whole post about SID sombody as there says" What SID is this S-1-5-21-1935655697-1060284298-839522115-1003? nobody answer the question.Seems everybody got a proble about this.
I have made a wrong conclusion before but I think I have falsely see things about S-1-5-21-1935655697-1060284298-839522115-1003. Although I have solve the problem on my machine I am still confuse how those characters works to own my PC.
Final thought: After a month of research I found out that the anonymous characters above is just an SID.It's not a virus but a rare known SID.Maybe, in my case it was just a system error that makes my system complicated.
Some people think that this S-1-5-21-1935655697-1060284298-839522115-1003 is normal like what you have seen your HKEY_Users in the Registry as shown in the image below:
S-1-5-21-1275210071-1202660629-1801674531-500 this characters is called SID. SID stands for Security Identifier and is used within NT/2000 as a value to uniquely identify an object such as a user or a group. The SID under normal operation will be unique and will identify an individual object such as a user, group or a machine. Read more here about SID http://www.windowsitpro.com/article/john-savills-windows-faqs/what-is-a-sid-security-id-.aspx
While reading the whole post about SID sombody as there says" What SID is this S-1-5-21-1935655697-1060284298-839522115-1003? nobody answer the question.Seems everybody got a proble about this.
I have made a wrong conclusion before but I think I have falsely see things about S-1-5-21-1935655697-1060284298-839522115-1003. Although I have solve the problem on my machine I am still confuse how those characters works to own my PC.
Final thought: After a month of research I found out that the anonymous characters above is just an SID.It's not a virus but a rare known SID.Maybe, in my case it was just a system error that makes my system complicated.