Removed unauthorize user access!

From: Thanh J (tpham@insight.rr.com)
Date: 12/14/02


From: "Thanh J" <tpham@insight.rr.com>
Date: Sat, 14 Dec 2002 15:57:51 -0500

I am having problem with unknow user or Ananymous Logon who has changed some
of my previlege ownership in my registry. I wonder if anyone can help me.

My Operating System is Windows XP Home Edition and Personal Fire Wall
(sygate.com). But I am still having Attacker log on my System as Ananymous.

With my curiosity, I download Baseline Security Analyzer from my Microsoft
and test my system to find out any security leak on my system, and the
report tells me there are more than 2 administrators were found on my pc:
X Owner ( which is me)
X S-1-5-21-3242847100-1439906313-590260106-1003 (Unknown)

My question is how can I remove this SID user? This user does not appear in
Control Panel-User Accounts. I also searched through my registry and found
and removed some of this SID was set as SPECIAL/Administrator. But after
Scan through my system again with Baseline Security Analyzer. I still see
the same results before changed registry.

Any advice I would appreciate,

THANH J.



Relevant Pages

  • Re: Removed unauthorize user access!
    ... Group permissions aren't exactly kept in the registry, ... Usually those SID numbers refer to a user that has been deleted from the ... NetBIOS or Windows networking to see how it is set up. ... I download Baseline Security Analyzer from my Microsoft ...
    (microsoft.public.security)
  • MBSA problem?
    ... I just ran the Microsoft Baseline Security Analyzer and was informed that the scanner couldn't get access to my registry. ...
    (microsoft.public.security)
  • Re: MBSA problem?
    ... > the scanner couldn't get access to my registry. ...
    (microsoft.public.security)