Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Understanding WINXP Home Event Viewer

Started by BairbreJ , Aug 15 2005 04:27 PM

  • Please log in to reply

#1
BairbreJ
Posted 15 August 2005 - 04:27 PM

BairbreJ

    Member

  • Member
  • PipPip
  • 34 posts
Hello,

After cleaning the trojans out of my machine with the help of CoachWife and thatman (Thanks Guys! :ph34r: Big Waves!!) I've been trying to get myself a little bit more "edumacated" about this beast I'm operating but I keep running into a brick wall with the language in the help files. :tazz:

In other words, I don't know what the heck MS is talking about when they tell me that my system has submitted a bad user logon ID or password when I get event ID codes in my security event viewer of 529 and 680 (and I get a lot of them). And who the heck are they talking about when they indicate Network Services or Local Services have logged on succesfully or made a policy change? Oh and BTW, just who is Anonymous logger? :) I haven't seen him/her/it lately but he's been around in the past.

That's just the tip of the iceberg of the questions I have about all this stuff. I'm overwhelmed with what I DON'T know. :) Any help at all will be appreciated.

Thanks,
B
  • 0

Advertisements

#2
darth_ash
Posted 16 August 2005 - 01:09 AM

darth_ash

    Member 1K

  • Member
  • PipPipPipPip
  • 1,382 posts
Try http://www.eventid.net/, it is a database of all events in the eventviewer and how to possibly resole them.
  • 0

#3
BairbreJ
Posted 16 August 2005 - 04:17 AM

BairbreJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi darth_ash,

Thank you for your reply.

Yes, it did shed some light. I've just pulled an all nighter sitting here mucking around pushing buttons and poking around in places I've never been before. I've discovered some interesting things.

I'm not sure I can make much sense right now but let me try. :tazz: I found something set up that was labeled NT Authority/Local System and password protected on a lot of my services. Particularly those that had to do with remote access. I also found three now defunct user accounts, two that I had had no knowledge of and one that I had discovered while I was getting rid of those trojans.

I simply deleted the "Local System" account *names* (I couldn't get rid of the accounts altogether because I don't have the password) and disabled everything I could disable. That eliminated the Local System error messages on the Security event viewer.

However, I am still getting logon error messages. First the Network server logs on successfully. Then the System tries to log in as owner and fails with an unknown user ID or password. Finally, 7 seconds later, I log on successfully with the owner account. Or at least that's the way I think/hope it happens--at least I *seem* to have control.

Any suggestions on where to look for that System program that is trying to log on or what it might be? I read of an error message showing up if the account name or password had been changed (both true in this case) but wouldn't it show up as being the same source (ie owner failing and owner succeeding)?

I can't think anymore. I'm going to bed. If anyone has any ideas, please throw them out. I've been dealing with this cursed mess for months. :)

Thanks again darth.

B
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP