hackers logons

TheMSsForum.com: The Microsoft Software Forum

Everytime I logon my computer my sistem (my security
sistem)registre six more Logons under NT authority/
Sistem.In only one second my Pc registre this movemets:

An Autentification Package has been loaded by the local
Secuity Autority. This A.P. will be used to authenticate
logon attemps.
Authentification package name: c/Winsdows/System
32/LSASRV.dll.Negotiate.

After this message there is diferent Succes audit(logons,
I think) with diferent Authentification names like:
kerberos,ntlm,Schannel,Wdigest, V1_0.
And the next message says:

A trusted logon process has registered with the local
authority.This logon process will be trusted to submit
logon request.Logon Process Name: KSecDD.
and the same with Winlogon and winlogon/MsGina.

The next mesagge has a Policy change category.
Id 612.
User: NT AUTHORITY /SYSTEM.
COMPUTER:(MINE)
AND says CHANGE BY. User name:myname$
Domain name:MSHOME.
Logon Id: (0x03E7)

What can I do to stop this logons?
Sorry for the long text.
thank you.
one second later on a anonimous user logon to.
Top

hackers logons by anonymous

anonymous
Wed Apr 21 07:49:02 CDT 2004

It's that nobody knows anything about this of have I done
anything wrong with my explanation?
Thank you.
>-----Original Message-----
>Everytime I logon my computer my sistem (my security
>sistem)registre six more Logons under NT authority/
>Sistem.In only one second my Pc registre this movemets:
>
>An Autentification Package has been loaded by the local
>Secuity Autority. This A.P. will be used to authenticate
>logon attemps.
>Authentification package name: c/Winsdows/System
>32/LSASRV.dll.Negotiate.
>
>After this message there is diferent Succes audit
(logons,
>I think) with diferent Authentification names like:
>kerberos,ntlm,Schannel,Wdigest, V1_0.
>And the next message says:
>
>A trusted logon process has registered with the local
>authority.This logon process will be trusted to submit
>logon request.Logon Process Name: KSecDD.
>and the same with Winlogon and winlogon/MsGina.
>
>The next mesagge has a Policy change category.
>Id 612.
>User: NT AUTHORITY /SYSTEM.
>COMPUTER:(MINE)
>AND says CHANGE BY. User name:myname$
>Domain name:MSHOME.
>Logon Id: (0x03E7)
>
>What can I do to stop this logons?
>Sorry for the long text.
>thank you.
>one second later on a anonimous user logon to.
>
>.
>
Top

Re: hackers logons by N

N
Wed Apr 21 18:40:26 CDT 2004

In article <221801c4279f$05dfe8a0$a501280a@phx.gbl>,
anonymous@discussions.microsoft.com says...

> It's that nobody knows anything about this of have I done
> anything wrong with my explanation?

I don't quite know what advice to offer, but only because I am not at all
familiar with the NT family of OSes. Your description seems to be sufficient
that I probably could offer some help, if I knew the OS. I would guess that
your question is, if anything, a tad more advanced than most of the readers
in this group. Wait just a bit longer; somebody who knows what you asked
will surely be along shortly.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
Top

Re: hackers logons by Brian

Brian
Wed Apr 21 22:25:37 CDT 2004


"Gregory martinez" <anonymous@discussions.microsoft.com> wrote in message
news:18f701c426e1$ab3bb310$a101280a@phx.gbl...
> Everytime I logon my computer my sistem (my security
> sistem)registre six more Logons under NT authority/
> Sistem.In only one second my Pc registre this movemets:

> A trusted logon process has registered with the local
> authority.This logon process will be trusted to submit
> logon request.Logon Process Name: KSecDD.
> and the same with Winlogon and winlogon/MsGina.
SMB authentication.

> What can I do to stop this logons?

Stop sharing, you might want to block netbios. Change your admin password
and power users. Force password changes for users on the domain.

Regards,
Brian.


Top

Re: hackers logons by Ian

Ian
Thu Apr 22 02:47:43 CDT 2004

In message <MPG.1af0a6484e85efa7989ee1@msnews.microsoft.com>, N. Miller
<nsm@blackhole.aosake.net> writes

>Wait just a bit longer; somebody who knows what you asked
>will surely be along shortly.
>

Bingo! Now I know who you are. You are George W's scriptwriter, and I
claim my $5 :-))

--
Ian
Top