J
Jon Raman
I have a dual processor Win2k Server machine that may have been
compromised. When I ran Sysinternals Filemon and there is a file
called c:\WINNT\system32\config\SecEvents32.dll that is often being
accessed. I Googled the file and did not even get one hit returned.
It is usually accessed by either ntkrnlpa.exe or the system process.
C:\WINNT\System32\config\SecEvent.Evt is a common file for event
logging but I find nothing on SecEvents32.dll. I am afraid to delete
the file if it is supposed to be useful and am just wondering what the
readers of this group think.
compromised. When I ran Sysinternals Filemon and there is a file
called c:\WINNT\system32\config\SecEvents32.dll that is often being
accessed. I Googled the file and did not even get one hit returned.
It is usually accessed by either ntkrnlpa.exe or the system process.
C:\WINNT\System32\config\SecEvent.Evt is a common file for event
logging but I find nothing on SecEvents32.dll. I am afraid to delete
the file if it is supposed to be useful and am just wondering what the
readers of this group think.