Guest abeesgram@aol.com Posted June 30, 2008 Posted June 30, 2008 Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 6/29/2008 Time: 4:02:12 PM User: NT AUTHORITY\SYSTEM Computer: MARY Description: Logon Failure: Reason: Unknown user name or bad password User Name: administrator Domain: 66.167.167.12 Logon Type: 3 Logon Process: NtLmSsp Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: IPS102201 .. I get 6 or more of these messages every day. Obviously, the hacker is not successful in logging into my system. Is there a reason he gets even this far? Is there a site to which I should report him? XP SP3 IE 7.0 AVG8.0 Thank you
Guest Andrew E. Posted June 30, 2008 Posted June 30, 2008 RE: Event Viewer "Failure Audit" 1st go to run,type:%Temp% Go to edit,select all,delete all,close out.Next open internet options,settings,view files,select all delete all,close out,open browsing history,delete files,delete temp files,close out,empty recycle-bin.As for reporting, if youre ISP is AOL,then contact them.... "abeesgram@aol.com" wrote: > Event Type: Failure Audit > Event Source: Security > Event Category: Logon/Logoff > Event ID: 529 > Date: 6/29/2008 > Time: 4:02:12 PM > User: NT AUTHORITY\SYSTEM > Computer: MARY > Description: > Logon Failure: > Reason: Unknown user name or bad password > User Name: administrator > Domain: 66.167.167.12 > Logon Type: 3 > Logon Process: NtLmSsp > Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > Workstation Name: IPS102201 > .. > > I get 6 or more of these messages every day. Obviously, the hacker is > not successful in logging into my system. Is there a reason he gets > even this far? Is there a site to which I should report him? > > XP SP3 IE 7.0 AVG8.0 > Thank you >
Guest Gerry Posted June 30, 2008 Posted June 30, 2008 Re: Event Viewer "Failure Audit" What are your anti-spyware and firewall arrangements? Are you using a modem or a router with a hardware firewall? -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ abeesgram@aol.com wrote: > Event Type: Failure Audit > Event Source: Security > Event Category: Logon/Logoff > Event ID: 529 > Date: 6/29/2008 > Time: 4:02:12 PM > User: NT AUTHORITY\SYSTEM > Computer: MARY > Description: > Logon Failure: > Reason: Unknown user name or bad password > User Name: administrator > Domain: 66.167.167.12 > Logon Type: 3 > Logon Process: NtLmSsp > Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > Workstation Name: IPS102201 > . > > I get 6 or more of these messages every day. Obviously, the hacker is > not successful in logging into my system. Is there a reason he gets > even this far? Is there a site to which I should report him? > > XP SP3 IE 7.0 AVG8.0 > Thank you
Guest abeesgram@aol.com Posted June 30, 2008 Posted June 30, 2008 Re: Event Viewer "Failure Audit" On Jun 30, 2:51 am, "Gerry" <ge...@nospam.com> wrote: > What are your anti-spyware and firewall arrangements? Are you using a > modem or a router with a hardware firewall? > > -- > > Hope this helps. > > Gerry > ~~~~ > FCA > Stourport, England > Enquire, plan and execute > ~~~~~~~~~~~~~~~~~~~ > > > > abeesg...@aol.com wrote: > > Event Type: Failure Audit > > Event Source: Security > > Event Category: Logon/Logoff > > Event ID: 529 > > Date: 6/29/2008 > > Time: 4:02:12 PM > > User: NT AUTHORITY\SYSTEM > > Computer: MARY > > Description: > > Logon Failure: > > Reason: Unknown user name or bad password > > User Name: administrator > > Domain: 66.167.167.12 > > Logon Type: 3 > > Logon Process: NtLmSsp > > Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > > Workstation Name: IPS102201 > > . > > > I get 6 or more of these messages every day. Obviously, the hacker is > > not successful in logging into my system. Is there a reason he gets > > even this far? Is there a site to which I should report him? > > > XP SP3 IE 7.0 AVG8.0 > > Thank you- Hide quoted text - > > - Show quoted text - Gerry, I am using AVG 8.0 Antivirus and Comodo Firewall. My computer is not being harmed by these "attacks", but I just wonder if there is anything more I should do for protection. Thank you for responding.
Guest Gerry Posted June 30, 2008 Posted June 30, 2008 Re: Event Viewer "Failure Audit" Is your computer purely a home computer or do you use it to log into your employer's computer network? This link gives comments on the Report from Event Viewer http://snipurl.com/2ro8w [www_eventid_net] http://en.wikipedia.org/wiki/NTLMSSP The Knowledge Base Article in the link implies that this was a bug fixed in the SP2 update so you should not be seeing this Report Security Event 529 is logged for local user accounts http://support.microsoft.com/?kbid=811082 How did you find out about these Reports? You have not mentioned any anti-spyware protection. I suggest you look at Spybot S & D (freeware version). Download Spybot S & D from here http://www.safer-networking.org/en/spybotsd/index.html -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ abeesgram@aol.com wrote: > On Jun 30, 2:51 am, "Gerry" <ge...@nospam.com> wrote: >> What are your anti-spyware and firewall arrangements? Are you using a >> modem or a router with a hardware firewall? >> >> -- >> >> Hope this helps. >> >> Gerry >> ~~~~ >> FCA >> Stourport, England >> Enquire, plan and execute >> ~~~~~~~~~~~~~~~~~~~ >> >> >> >> abeesg...@aol.com wrote: >>> Event Type: Failure Audit >>> Event Source: Security >>> Event Category: Logon/Logoff >>> Event ID: 529 >>> Date: 6/29/2008 >>> Time: 4:02:12 PM >>> User: NT AUTHORITY\SYSTEM >>> Computer: MARY >>> Description: >>> Logon Failure: >>> Reason: Unknown user name or bad password >>> User Name: administrator >>> Domain: 66.167.167.12 >>> Logon Type: 3 >>> Logon Process: NtLmSsp >>> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 >>> Workstation Name: IPS102201 >>> . >> >>> I get 6 or more of these messages every day. Obviously, the hacker >>> is not successful in logging into my system. Is there a reason he >>> gets even this far? Is there a site to which I should report him? >> >>> XP SP3 IE 7.0 AVG8.0 >>> Thank you- Hide quoted text - >> >> - Show quoted text - > > Gerry, I am using AVG 8.0 Antivirus and Comodo Firewall. My computer > is not being harmed by these "attacks", but I just wonder if there is > anything more I should do for protection. > Thank you for responding.
Guest abeesgram@aol.com Posted July 1, 2008 Posted July 1, 2008 Re: Event Viewer "Failure Audit" On Jun 30, 1:44 pm, "Gerry" <ge...@nospam.com> wrote: > Is your computer purely a home computer or do you use it to log into > your employer's computer network? > > This link gives comments on the Report from Event Viewerhttp://snipurl.com/2ro8w [www_eventid_net] > > http://en.wikipedia.org/wiki/NTLMSSP > > The Knowledge Base Article in the link implies that this was a bug fixed > in the SP2 update so you should not be seeing this Report > Security Event 529 is logged for local user accountshttp://support.microsoft.com/?kbid=811082 > > How did you find out about these Reports? > > You have not mentioned any anti-spyware protection. I suggest you look > at Spybot S & D (freeware version). > > Download Spybot S & D from herehttp://www.safer-networking.org/en/spybotsd/index.html > > -- > > Hope this helps. > > Gerry > ~~~~ > FCA > Stourport, England > Enquire, plan and execute > ~~~~~~~~~~~~~~~~~~~ > > > > abeesg...@aol.com wrote: > > On Jun 30, 2:51 am, "Gerry" <ge...@nospam.com> wrote: > >> What are your anti-spyware and firewall arrangements? Are you using a > >> modem or a router with a hardware firewall? > > >> -- > > >> Hope this helps. > > >> Gerry > >> ~~~~ > >> FCA > >> Stourport, England > >> Enquire, plan and execute > >> ~~~~~~~~~~~~~~~~~~~ > > >> abeesg...@aol.com wrote: > >>> Event Type: Failure Audit > >>> Event Source: Security > >>> Event Category: Logon/Logoff > >>> Event ID: 529 > >>> Date: 6/29/2008 > >>> Time: 4:02:12 PM > >>> User: NT AUTHORITY\SYSTEM > >>> Computer: MARY > >>> Description: > >>> Logon Failure: > >>> Reason: Unknown user name or bad password > >>> User Name: administrator > >>> Domain: 66.167.167.12 > >>> Logon Type: 3 > >>> Logon Process: NtLmSsp > >>> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > >>> Workstation Name: IPS102201 > >>> . > > >>> I get 6 or more of these messages every day. Obviously, the hacker > >>> is not successful in logging into my system. Is there a reason he > >>> gets even this far? Is there a site to which I should report him? > > >>> XP SP3 IE 7.0 AVG8.0 > >>> Thank you- Hide quoted text - > > >> - Show quoted text - > > > Gerry, I am using AVG 8.0 Antivirus and Comodo Firewall. My computer > > is not being harmed by these "attacks", but I just wonder if there is > > anything more I should do for protection. > > Thank you for responding.- Hide quoted text - > > - Show quoted text - Gerry, I do have Spybot as well as AVG8.0 and Comodo Pro Firewall. Mine is a stand-alone system. All of the references you listed were about server applications. I found out about the problem because I check my Event Viewer on a daily basis. Thank you again.
Guest abeesgram@aol.com Posted July 1, 2008 Posted July 1, 2008 Re: Event Viewer "Failure Audit" On Jun 30, 1:44 pm, "Gerry" <ge...@nospam.com> wrote: > Is your computer purely a home computer or do you use it to log into > your employer's computer network? > > This link gives comments on the Report from Event Viewerhttp://snipurl.com/2ro8w [www_eventid_net] > > http://en.wikipedia.org/wiki/NTLMSSP > > The Knowledge Base Article in the link implies that this was a bug fixed > in the SP2 update so you should not be seeing this Report > Security Event 529 is logged for local user accountshttp://support.microsoft.com/?kbid=811082 > > How did you find out about these Reports? > > You have not mentioned any anti-spyware protection. I suggest you look > at Spybot S & D (freeware version). > > Download Spybot S & D from herehttp://www.safer-networking.org/en/spybotsd/index.html > > -- > > Hope this helps. > > Gerry > ~~~~ > FCA > Stourport, England > Enquire, plan and execute > ~~~~~~~~~~~~~~~~~~~ > > > > abeesg...@aol.com wrote: > > On Jun 30, 2:51 am, "Gerry" <ge...@nospam.com> wrote: > >> What are your anti-spyware and firewall arrangements? Are you using a > >> modem or a router with a hardware firewall? > > >> -- > > >> Hope this helps. > > >> Gerry > >> ~~~~ > >> FCA > >> Stourport, England > >> Enquire, plan and execute > >> ~~~~~~~~~~~~~~~~~~~ > > >> abeesg...@aol.com wrote: > >>> Event Type: Failure Audit > >>> Event Source: Security > >>> Event Category: Logon/Logoff > >>> Event ID: 529 > >>> Date: 6/29/2008 > >>> Time: 4:02:12 PM > >>> User: NT AUTHORITY\SYSTEM > >>> Computer: MARY > >>> Description: > >>> Logon Failure: > >>> Reason: Unknown user name or bad password > >>> User Name: administrator > >>> Domain: 66.167.167.12 > >>> Logon Type: 3 > >>> Logon Process: NtLmSsp > >>> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > >>> Workstation Name: IPS102201 > >>> . > > >>> I get 6 or more of these messages every day. Obviously, the hacker > >>> is not successful in logging into my system. Is there a reason he > >>> gets even this far? Is there a site to which I should report him? > > >>> XP SP3 IE 7.0 AVG8.0 > >>> Thank you- Hide quoted text - > > >> - Show quoted text - > > > Gerry, I am using AVG 8.0 Antivirus and Comodo Firewall. My computer > > is not being harmed by these "attacks", but I just wonder if there is > > anything more I should do for protection. > > Thank you for responding.- Hide quoted text - > > - Show quoted text - I should add that the "hotfix" refers to Event 529 appearing with the owner's name. The sample I included at the beginning of this thread, and others I receive, are not my user name.
Recommended Posts