I was trying to get a job as a PC repair from InHouseCIO. I answered the cell call from David Kakish on Jan 7 2010 around 4:40pm CST and during the cell phone interview David Kakish mentioned something about domian and workstation question & I answered the best I could. I was told to wait for a reply from him by cell phone on Fri Jan 15 2010 in the afternoon.
Just last Thursday Jan 14 2010 (evening) I wanted to get Windows Media Player for my Win XP Pro SP3
I went to the first website offered by Google using Firefox.
Downloading was fine.
When I installed Windows Media Player ver 11 to my Dell Dimension XPS Gen 5 PC, the installation was very slow and then it felt like it stopped momentarily and then it finished quickly.
I suspect something was amiss.
I tried playing one of the video file. It played OK.
Then I attempted to uninstall Windows Media Player 11 and it did not uninstall completely.
I used WinDirStat and I used Windows Search to remove the remaining Windows Media Player 11 folders, but it refused & then it displayed a popup window stating that I need to install a CD containing Windows XP with SP3!
I attempted to load the Dell CD with Windows XP & my PC refused.
I suspect that I was tricked into installing a hidden Gumbar program.
Then I when I exited from a website, I saw one of my files ~$ on my desktop.
I suspect that someone was attempting to copy/transfer my files and folders from my secondary internal hard drive.
I went Start - My Computer - double clicked my secondary HDD & went to the folder that contained the file (~$ that was on the desktop). it matched.
I then went a step further, on that file, I right clicked on the file & selected Properties & I saw an unknown user with a red (?) next to the user picture & was identified as
S-1-5-21-2976122918-2254641369-676893803-1006 & had Full Control, Modify, Read & Execute, Read, and Write permissions, but no Special Permission
So, what I did was the following:
I clicked on the Security tab, clicked the Advanced button, cleared Inherit from parent the permission entried that apply to child objects, clicked Copy button, made sure the S-1-5-21-22... was highlighted & clicked the remove button, the clicked the Owner tab & saw S-1-5-21-22... was the current owner!
So, I made sure that my name was highlighted & clicked OK twice.
I checked all of my files & folders on my secondary HDD, I saw that S-1-5-21-22... was on most of my files and folders, some files and folders was skipped by.
Whoever that S-1-5-21-22... was, was very selective in choosing which files & folders to get ownership and to transfer the data out of my PC & probably was thinking of making a CD/DVD copy of them.
I did a bit of reseach of who S-1-5-21 -x-x-x-1006 is.
It turns out that someone created S-1-5-21 from a remote domain/server & somehow using my e-mail address info to connect to my PC at home & probably using anonymous VPN via Firefox.
I then tried using Auslogic Disk defrag several times & noticed that my C:\SystemVolumeInformation\restore registries was taking a bit of time to defrag.
I used Malwarebytes' Anti-malware & spotted 3 trojan in the C:\SystemVolumeInformation\restore registries & have successfully deleted them.
But now I feel that that Gumbar is somehow still infecting my PC & I request a cure, plus I request to know how to track this S-1-5-21 user & I request to know how to block this S-1-5-21 user permanently from firefox connection.
This is NOT, I repeat NOT a joke!
I request immediate assistance.