Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How Do I Get Rid Of Advapi


  • Please log in to reply
3 replies to this topic

#1 bluesjunior

bluesjunior

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 PM

Posted 22 November 2006 - 06:08 AM

I have had a couple of Audit failures on Start-up where the report mentions Advapi. I googled it and found it to be Malware. My question is how do I get rid of it.
I am running the following security programmes on my Pc but none of them picks it up. Comodo Firewall, Avast Anti-virus, Spybot S&D, Adaware, Spyware Blaster, AVG Antispyware.

I have also recently installed Start-up Inspector which is where I found Advapi while checking the security logs.

Can anyone tell me how to get rid of it or is it a Windows programme that should be left alone?.
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:46 AM

Posted 22 November 2006 - 01:35 PM

Are you sure you are not receiving Advapi32 errors? The 32 after advapi is important in determining the right solution.

#3 bluesjunior

bluesjunior
  • Topic Starter

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 PM

Posted 22 November 2006 - 07:06 PM

Thanks for your reply Grinler,

I was checking the security tag on the events log on my Startup Inspector Application. I share this computer with my daughter and noticed that every time we logged on to our respective accounts two Audit failures were reported.

The First One reads:

Date:
Source: Security
Time:
Failure Audit properties
Category: Logon/Logoff
Type: Failure Aud
Event id: 529
User: NT AUTHORITY \ SYSTEM
Logon Failure
Reason: Unknown user name or bad password
Username: George
Domain: BLUESJUNIOR
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: BLUESJUNIOR

For more Information see help and support centre at http://go.microsoft.com/fwlink/events.asp


The Second One Says:

Date:
Source: Security
Time:
Category: Account Logon
Type: Failure Aud
Event id: 680
User: NT AUTHORITY \ SYSTEM
Computer: BLUESJUNIOR

Description:

Logon Attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: George
Source Work Station: BLUESJUNIOR
Error Code: 0xC000006A

For more Information see help and support centre at http://go.microsoft.com/fwlink/events.asp

The same failures are reported each time my daughter logs in and out, the only change being the account names.


I have been to the Microsoft help and support centre but although it is a known issue I don't really understand the reply. I am using Windows XP Home with the SP2 update installed and I am signed up to automatic updates and up to date with that side of it.I have also googled these events and found a lot of info but no solution.

I would appreciate any advice/help offered in this matter and let me know if you need to know anything else.
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:46 AM

Posted 26 November 2006 - 09:33 AM

See if this matches your scenario:

http://support.microsoft.com/default.aspx?...kb;en-us;811082

Are you configured for a Windows domain?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users