Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Understanding WINXP Home Event Viewer


  • Please log in to reply

#1
BairbreJ

BairbreJ

    Member

  • Member
  • PipPip
  • 34 posts
Hello,

After cleaning the trojans out of my machine with the help of CoachWife and thatman (Thanks Guys! :ph34r: Big Waves!!) I've been trying to get myself a little bit more "edumacated" about this beast I'm operating but I keep running into a brick wall with the language in the help files. :tazz:

In other words, I don't know what the heck MS is talking about when they tell me that my system has submitted a bad user logon ID or password when I get event ID codes in my security event viewer of 529 and 680 (and I get a lot of them). And who the heck are they talking about when they indicate Network Services or Local Services have logged on succesfully or made a policy change? Oh and BTW, just who is Anonymous logger? :) I haven't seen him/her/it lately but he's been around in the past.

That's just the tip of the iceberg of the questions I have about all this stuff. I'm overwhelmed with what I DON'T know. :) Any help at all will be appreciated.

Thanks,
B
  • 0

Advertisements


#2
darth_ash

darth_ash

    Member 1K

  • Member
  • PipPipPipPip
  • 1,382 posts
Try http://www.eventid.net/, it is a database of all events in the eventviewer and how to possibly resole them.
  • 0

#3
BairbreJ

BairbreJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi darth_ash,

Thank you for your reply.

Yes, it did shed some light. I've just pulled an all nighter sitting here mucking around pushing buttons and poking around in places I've never been before. I've discovered some interesting things.

I'm not sure I can make much sense right now but let me try. :tazz: I found something set up that was labeled NT Authority/Local System and password protected on a lot of my services. Particularly those that had to do with remote access. I also found three now defunct user accounts, two that I had had no knowledge of and one that I had discovered while I was getting rid of those trojans.

I simply deleted the "Local System" account *names* (I couldn't get rid of the accounts altogether because I don't have the password) and disabled everything I could disable. That eliminated the Local System error messages on the Security event viewer.

However, I am still getting logon error messages. First the Network server logs on successfully. Then the System tries to log in as owner and fails with an unknown user ID or password. Finally, 7 seconds later, I log on successfully with the owner account. Or at least that's the way I think/hope it happens--at least I *seem* to have control.

Any suggestions on where to look for that System program that is trying to log on or what it might be? I read of an error message showing up if the account name or password had been changed (both true in this case) but wouldn't it show up as being the same source (ie owner failing and owner succeeding)?

I can't think anymore. I'm going to bed. If anyone has any ideas, please throw them out. I've been dealing with this cursed mess for months. :)

Thanks again darth.

B
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP