Event Viewer "Failure Audit"

A

abeesgram

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 6/29/2008
Time: 4:02:12 PM
User: NT AUTHORITY\SYSTEM
Computer: MARY
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: administrator
Domain: 66.167.167.12
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: IPS102201
..

I get 6 or more of these messages every day. Obviously, the hacker is
not successful in logging into my system. Is there a reason he gets
even this far? Is there a site to which I should report him?

XP SP3 IE 7.0 AVG8.0
Thank you
 
A

Andrew E.

1st go to run,type:%Temp% Go to edit,select all,delete all,close out.Next
open
internet options,settings,view files,select all delete all,close out,open
browsing
history,delete files,delete temp files,close out,empty recycle-bin.As for
reporting,
if youre ISP is AOL,then contact them....
 
G

Gerry

What are your anti-spyware and firewall arrangements? Are you using a
modem or a router with a hardware firewall?


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
A

abeesgram

What are your anti-spyware and firewall arrangements? Are you using a
modem or a router with a hardware firewall?

--

Hope  this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~







- Show quoted text -
Click to expand...

Gerry, I am using AVG 8.0 Antivirus and Comodo Firewall. My computer
is not being harmed by these "attacks", but I just wonder if there is
anything more I should do for protection.
Thank you for responding.
 
G

Gerry

Is your computer purely a home computer or do you use it to log into
your employer's computer network?

This link gives comments on the Report from Event Viewer
http://snipurl.com/2ro8w [www_eventid_net]

http://en.wikipedia.org/wiki/NTLMSSP

The Knowledge Base Article in the link implies that this was a bug fixed
in the SP2 update so you should not be seeing this Report
Security Event 529 is logged for local user accounts
http://support.microsoft.com/?kbid=811082

How did you find out about these Reports?

You have not mentioned any anti-spyware protection. I suggest you look
at Spybot S & D (freeware version).

Download Spybot S & D from here
http://www.safer-networking.org/en/spybotsd/index.html

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
A

abeesgram

Is your computer purely a home computer or do you use it to log into
your employer's computer network?

This link gives comments on the Report from Event Viewerhttp://snipurl.com/2ro8w [www_eventid_net]

http://en.wikipedia.org/wiki/NTLMSSP

The Knowledge Base Article in the link implies that this was a bug fixed
in the SP2 update so you should not be seeing this Report
Security Event 529 is logged for local user accountshttp://support.microsoft.com/?kbid=811082

How did you find out about these Reports?

You have not mentioned any anti-spyware protection. I suggest you look
at Spybot S & D (freeware version).

Download Spybot S & D from herehttp://www.safer-networking.org/en/spybotsd/index.html

--

Hope  this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~



Gerry, I am using AVG 8.0 Antivirus and Comodo Firewall.  My computer
is not being harmed by these "attacks", but I just wonder if there is
anything more I should do for protection.
Thank you for responding.- Hide quoted text -
Click to expand...

- Show quoted text -
Click to expand...

Gerry, I do have Spybot as well as AVG8.0 and Comodo Pro Firewall.
Mine is a stand-alone system. All of the references you listed were
about server applications.

I found out about the problem because I check my Event Viewer on a
daily basis.
Thank you again.
 
A

abeesgram

Is your computer purely a home computer or do you use it to log into
your employer's computer network?

This link gives comments on the Report from Event Viewerhttp://snipurl.com/2ro8w [www_eventid_net]

http://en.wikipedia.org/wiki/NTLMSSP

The Knowledge Base Article in the link implies that this was a bug fixed
in the SP2 update so you should not be seeing this Report
Security Event 529 is logged for local user accountshttp://support.microsoft.com/?kbid=811082

How did you find out about these Reports?

You have not mentioned any anti-spyware protection. I suggest you look
at Spybot S & D (freeware version).

Download Spybot S & D from herehttp://www.safer-networking.org/en/spybotsd/index.html

--

Hope  this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~



Gerry, I am using AVG 8.0 Antivirus and Comodo Firewall.  My computer
is not being harmed by these "attacks", but I just wonder if there is
anything more I should do for protection.
Thank you for responding.- Hide quoted text -
Click to expand...

- Show quoted text -
Click to expand...

I should add that the "hotfix" refers to Event 529 appearing with the
owner's name.
The sample I included at the beginning of this thread, and others I
receive, are not my user name.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event Viewer - Security - Reports "Failure Audit" 2
Who's trying to logon? 3
failure audit 6
Event Viewer? Another Example AM I under attack? 4
Failure Audit 5
How to disable "ANONYMOUS LOGON" in XP Home? 1
Login/Logoff 1
anonymous logon 5

Top