Sign-in / Sign-up
Your question

User S-1-5-21 Nightmare

Tags:
  • Security
  • Windows 8
Last response: in Windows 8
May 5, 2012 11:59:24 PM

Installed Windows 8, deleted all partitions, first thing I do after that is check the registry, HKEY_USERS list S-1-5-(18,19,20,21-1940199146-3656370158-109400829-1001, 18,19,20,21-1940199146-3656370158-109400829-1001_Classes) are present.

Try to open any file, program, get error message - you do not have appropriate permission to view. Try to change permission, successful at original folder, then check files and other folders within original folder, USER S-1-5-21 ect. has either marked file as Archive, Read Only, or has auditing or special permission. I clear it all, only to reboot and it's back again.

It also likes corrupting the recycle bin. I set the properties on the recycle bin to delete directly, do not place in recycle bin. It still shows this message. Delete the recycle bin and get the new crash screen for Windows 8, blue screen with frowning face - :( , saying creating dump file, you're computer must restart.

Won't allow me to use cd drive. I have a Dell XPS 8300, i7 intel processer, 2TB hard drive, blu ray internal drive, 16GB Ram.

Anyone out there have any idea what this is?

I have read some articles indicating it may be a Trojan Horse Dropper.

When you install Windows 8 from .iso disk, delete all partitions, shouldn't the registry be reset as well?

Also, I have a feeling it is in C:\System Volume Files. Does deleting partitions and reinstalling OS clear this hidden folder?

How do I clean this from Registry? I do I clean System Volume Files? Should I install new bios UEFI? Could that possibly clear this?

Any help, greatly appreciated! Thanks in advance!

More about : user nightmare

June 26, 2012 1:13:54 AM

A lot of questions indeed. Lets see if I can help.

1. After installation is up, why check the reg... I ask this so that I can understand what it is that you are looking for?

2. As for the registry being wiped out then yes it should be. The System Volume Files folder is there only after re-installing Windows. What ever program you're using to wipe and format the HDD should wipe it totally clean. Replace the MBR if option is there to do so. It is (The System Volume Files folder) where your system info is and where system restore points are created.

3. As for upgrading your BIOS with UEFI... not needed currently. Mainly it is used in broadening user experience, from my understanding. I can tell you that my main rig has it and also a few of the other family rigs do not, yet Win8 is up and running with little or no problems apparent as of yet. Check this out, you might find it helpful in understanding better what it is and the true needs of the individual(s). http://www.hardwaresecrets.com/article/UEFI-Just-How-Im... Just caution that according the this Article, the "MUST" have is not something that is past,.....just a possible future.

4. As for it being a Trojan Horse Dropper, if you have a clean HDD and clean install of Windows (meaning that the install files have not be compromised) then chances are likely not. Not to say that it can't be corrupted by installing a third party program upon it's installation. Anytime that I do a fresh install of Windows, the first thing on my rigs is Antivirus (Norton's in my case). Even before installing updates and/or Service packs if at all possible.

5. Keep in mind that the bulk of Windows drivers at this point of Win8 Previews status are going to be either generic unless offered by Windows Update in co-operation with manufacturers or direct downloads from the manufacturers themselves. I'm seeing more and more drivers becoming available on a daily basis. Also, you could try Win7 or Vista drivers they may or may not work depending on what the hardware is.

6. Keep also in mind that Windows 8 is still a "Free" OS and not the final version. Individuals are going to find glitches independent to themselves and their configurations.


Hope this help you some, Good Luck.

Peace.
m
0
l
July 30, 2012 6:53:39 PM

here is some info on what those numbers mean
http://msdn.microsoft.com/en-us/library/windows/desktop...(v=vs.85).aspx

i i am not mistaken =S-1-5-21 (SECURITY_NT_NON_UNIQUE)
kinda like the files belong to all users group or one of the built in users to the os like the "system" user but its somthing generic it says.

SECURITY_NT_NON_UNIQUE
S-1-5-21
SIDS are not unique.


m
0
l