General discussion

  • Creator
  • #2317663

    Who is tring to get into my computer


    by dgoold ·

    I have several NT computers in my department that logon to NT Domain and Novell servers. I have changed Administrator account name and I?m auditing logons. I noticed that I was getting a lot of logon failures from computers. I contacted IS department about this and they told me that they were computers that had viruses and needed to be shut down cleaned of virus. I then noticed that they are trying to logon to the actual name I changed the administrator account to; this account has never been used to access the computer over network and was only know to me. Some of these computers are computers located over routed network overseas and do not show up in network neighborhood. My questions are 1. Could these be virus that can be getting actual user accounts names? 2. Can this possibly be some normal Nt service? 3. Is it possible that this could be unintentional computer user or someone intentionally trying to hack into computer and would this most likely be the person who uses computer or has their computer been hacked into and used. If this intentional I am going after them but my concerns need to be valid. This is not one or two times but, forty or sixty a week from four or five computers.

All Comments

  • Author
    • #3378732

      Reply To: Who is tring to get into my computer

      by robbi_ia ·

      In reply to Who is tring to get into my computer

      I guess the first thing I need to know is that you have antivirus on all of your machines and that it is updated regularly (at least once a week, recommended you do it more often). If you have a trojan or logger running on your network, an updated antivirus scan should pick it up.

      Do you have firewalls at your locations?

      I doubt you’re dealing with a normal NT operation.

    • #2742621

      Reply To: Who is tring to get into my computer

      by louis0015 ·

      In reply to Who is tring to get into my computer

      It sounds like whatever is attempting access your computer is reading the SID for the local admin account. You may want to disable the remote registry service on your computer (XP) or modify the advanced permissions on your W2K workstation to remove the permission for remote registry access, then rename the admin account again. Or you can download the Microsoft Baseline Security Analyzer from Microsoft to scan you local workstation and ensure that you patch all of the vulnerabilities listed. If you have admin access to the other workstations that attempting to get into your workstation, you can use the MBSA to scan them.

      Also, you may want to net send to the offending computers and have them call you, so you can make sure that they are properly patched and AV scanned, or remotely scan them from your workstation.

      if there is anything else, please post…

Viewing 1 reply thread