|
Posted by Frank Saunders, MS-MVP OE/WM on September 29, 2006, 4:57 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> We have Win2k Server SP4 with XP Pro SP2. Some of our DC servers have
> event
> ID 681 show up in the security log at random intervals during the night
> when
> no one is in the building. The event, according to the event description,
> is
> generated from a computer inside our office, not from an external host.
> This
> happens every night and we've looked at video from security cameras to
> verify
> no one is in the building. Here is an example of one of the events:
> The logon to account: useraccount
> by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> from workstation COMPUTER
> failed. The error code was: 3221225583
> I am aware that this error code means "user logon outside authorized
> hours".
> This is correct because this user is not allowed to log on during certain
> hours.
> What I don't understand is what is causing the event to be logged when no
> one is in the building and no one is attempting to log on at that station.
> I
> can only guess it is some process running on the PC. The PC is left on
> but
> the user is logged completely out - not simply a locked console. If
> anyone
> has any suggestions as to the cause of this I would be most grateful.
> Thanks in advance!
> flux
Check the user's computer for malware.
So How Did I Get Infected Anyway?
http://www.wilderssecurity.com/showthread.php?t=27971
Help with Hijackware
All MS - MVP Sites.
http://aumha.org/a/parasite.htm
(http://aumha.org/a/quickfix.htm)
http://www.elephantboycomputers.com/page2.html#Removing_Malware
(http://mvps.org/winhelp2002/unwanted.htm)
(http://inetexplorer.mvps.org/darnit.html)
(http://www.mvps.org/sramesh2k/Malware_Defence.htm)
Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315
--
Frank Saunders, MS-MVP OE/WM
http://www.fjsmjs.com
Answer in newsgroup. Don't send mail.
| 
XML site map