Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ANONYMOUS LOGON


  • Please log in to reply
7 replies to this topic

#1 Steve1953

Steve1953

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 16 December 2008 - 10:37 AM

When I look at my security audit this is what I find.
Is this normal or do I have a problem?
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 12/16/2008
Time: 7:55:09 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: KORIA123
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x1DDD1)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:
Logon GUID: -

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:47 AM

Posted 16 December 2008 - 10:41 AM

Does this repeat at intervals - or is there only one of these entries?
Have you scanned for malware?

This can be a legitimate process or it can be malware - so a malware scan would be prudent.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 Steve1953

Steve1953
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 16 December 2008 - 10:48 AM

I'll try some other scans other than norton. to ee what come up.

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:47 AM

Posted 16 December 2008 - 11:00 AM

In case your onboard protection has been corrupted, try one of these free, online scans: http://www.bleepingcomputer.com/blogs/usas...?showentry=1252

From what I've been able to see in my searches, there's several processes which use this. The most common is the Computer Browser service and it's usually found by seeing these entries 12 minutes apart.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 StickDude101

StickDude101

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 16 December 2008 - 02:35 PM

The NT Authority account is legit and it comes with most Windows OS's. But the Anomouys login is not.. just delete the account using Command Promtpt. But just in case its not a bad account. Use the net user command in the CMD.EXE program. This will give you a list of accounts currently on your computer. Just copy it and post it on this forum and ill tell you if they're legit or not..

PS Is that even how to spell Anonymous? IDk im in the 9th grade...

~StickDude101--

Edited by StickDude101, 16 December 2008 - 02:36 PM.


#6 Steve1953

Steve1953
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 16 December 2008 - 04:06 PM

I could not do a copy and paste. So here is a screen shot.

Attached Files



#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:47 AM

Posted 16 December 2008 - 04:22 PM

Anonymous logins are legit - and are included in many different components of Windows operating systems. A search of the Microsoft Knowledge Base will show you this.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#8 Steve1953

Steve1953
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 17 December 2008 - 03:04 PM

Thanks, now I know that this is normal.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users