I am the network administrator and every Friday afternoon I have to copy the DATA folder from the primary HDD to a backup HDD. A while ago when I was doing it, Server2003 reported that I can't copy the file (or folders) because I don't have the right to it or someone is using it. Then I right click on the folder -> properties -> security tab, and noticed that some other user accounts were added to this folder without me doing it! Then I checked some other folders and found out that many folders are having the same weird situation - unauthorized actions of random user account being added to the folder's permission. And often when I look at the user accounts, they will be changed to SID's - for a short period of time or stays there for a couple of hours.
This creates two problems
1. I as the administrator can't access the folder and contents of it, especially when the user account under the security tab is shown as SID's only.
2. Security issue - sensitive folders such as accounting or management have user accounts added to them and those users are not even related to either of those areas.
Note: We run Symantec Internet Client Security 3 (NAV 10) and Windows Defender, plus programs like Ad-Aware SE, Spy-bot, etc. and found not Trojans or virus.