Event Viewer "Failure Audit"

abeesgram@aol.com · Jun 29, 2008

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 6/29/2008
Time: 4:02:12 PM
User: NT AUTHORITY\SYSTEM
Computer: MARY
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: administrator
Domain: 66.167.167.12
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: IPS102201
..

I get 6 or more of these messages every day. Obviously, the hacker is
not successful in logging into my system. Is there a reason he gets
even this far? Is there a site to which I should report him?

XP SP3 IE 7.0 AVG8.0
Thank you

Andrew E. · Jun 29, 2008

RE: Event Viewer "Failure Audit"

1st go to run,type:%Temp% Go to edit,select all,delete all,close out.Next
open
internet options,settings,view files,select all delete all,close out,open
browsing
history,delete files,delete temp files,close out,empty recycle-bin.As for
reporting,
if youre ISP is AOL,then contact them....

"abeesgram@aol.com" wrote:

> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> Date: 6/29/2008
> Time: 4:02:12 PM
> User: NT AUTHORITY\SYSTEM
> Computer: MARY
> Description:
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: administrator
> Domain: 66.167.167.12
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Workstation Name: IPS102201
> ..
>
> I get 6 or more of these messages every day. Obviously, the hacker is
> not successful in logging into my system. Is there a reason he gets
> even this far? Is there a site to which I should report him?
>
> XP SP3 IE 7.0 AVG8.0
> Thank you
>

Gerry · Jun 30, 2008

Re: Event Viewer "Failure Audit"

What are your anti-spyware and firewall arrangements? Are you using a
modem or a router with a hardware firewall?

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

abeesgram@aol.com wrote:
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> Date: 6/29/2008
> Time: 4:02:12 PM
> User: NT AUTHORITY\SYSTEM
> Computer: MARY
> Description:
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: administrator
> Domain: 66.167.167.12
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Workstation Name: IPS102201
> .
>
> I get 6 or more of these messages every day. Obviously, the hacker is
> not successful in logging into my system. Is there a reason he gets
> even this far? Is there a site to which I should report him?
>
> XP SP3 IE 7.0 AVG8.0
> Thank you

abeesgram@aol.com · Jun 30, 2008

Re: Event Viewer "Failure Audit"

On Jun 30, 2:51 am, "Gerry" <ge...@nospam.com> wrote:
> What are your anti-spyware and firewall arrangements? Are you using a
> modem or a router with a hardware firewall?
>
> --
>
> Hope this helps.
>
> Gerry
> ~~~~
> FCA
> Stourport, England
> Enquire, plan and execute
> ~~~~~~~~~~~~~~~~~~~
>
>
>
> abeesg...@aol.com wrote:
> > Event Type: Failure Audit
> > Event Source: Security
> > Event Category: Logon/Logoff
> > Event ID: 529
> > Date: 6/29/2008
> > Time: 4:02:12 PM
> > User: NT AUTHORITY\SYSTEM
> > Computer: MARY
> > Description:
> > Logon Failure:
> > Reason: Unknown user name or bad password
> > User Name: administrator
> > Domain: 66.167.167.12
> > Logon Type: 3
> > Logon Process: NtLmSsp
> > Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> > Workstation Name: IPS102201
> > .
>
> > I get 6 or more of these messages every day. Obviously, the hacker is
> > not successful in logging into my system. Is there a reason he gets
> > even this far? Is there a site to which I should report him?
>
> > XP SP3 IE 7.0 AVG8.0
> > Thank you- Hide quoted text -
>
> - Show quoted text -

Gerry, I am using AVG 8.0 Antivirus and Comodo Firewall. My computer
is not being harmed by these "attacks", but I just wonder if there is
anything more I should do for protection.
Thank you for responding.

Gerry · Jun 30, 2008

Re: Event Viewer "Failure Audit"

Is your computer purely a home computer or do you use it to log into
your employer's computer network?

This link gives comments on the Report from Event Viewer
http://snipurl.com/2ro8w [www_eventid_net]

http://en.wikipedia.org/wiki/NTLMSSP

The Knowledge Base Article in the link implies that this was a bug fixed
in the SP2 update so you should not be seeing this Report
Security Event 529 is logged for local user accounts
http://support.microsoft.com/?kbid=811082

How did you find out about these Reports?

You have not mentioned any anti-spyware protection. I suggest you look
at Spybot S & D (freeware version).

Download Spybot S & D from here
http://www.safer-networking.org/en/spybotsd/index.html

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

abeesgram@aol.com wrote:
> On Jun 30, 2:51 am, "Gerry" <ge...@nospam.com> wrote:
>> What are your anti-spyware and firewall arrangements? Are you using a
>> modem or a router with a hardware firewall?
>>
>> --
>>
>> Hope this helps.
>>
>> Gerry
>> ~~~~
>> FCA
>> Stourport, England
>> Enquire, plan and execute
>> ~~~~~~~~~~~~~~~~~~~
>>
>>
>>
>> abeesg...@aol.com wrote:
>>> Event Type: Failure Audit
>>> Event Source: Security
>>> Event Category: Logon/Logoff
>>> Event ID: 529
>>> Date: 6/29/2008
>>> Time: 4:02:12 PM
>>> User: NT AUTHORITY\SYSTEM
>>> Computer: MARY
>>> Description:
>>> Logon Failure:
>>> Reason: Unknown user name or bad password
>>> User Name: administrator
>>> Domain: 66.167.167.12
>>> Logon Type: 3
>>> Logon Process: NtLmSsp
>>> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
>>> Workstation Name: IPS102201
>>> .
>>
>>> I get 6 or more of these messages every day. Obviously, the hacker
>>> is not successful in logging into my system. Is there a reason he
>>> gets even this far? Is there a site to which I should report him?
>>
>>> XP SP3 IE 7.0 AVG8.0
>>> Thank you- Hide quoted text -
>>
>> - Show quoted text -
>
> Gerry, I am using AVG 8.0 Antivirus and Comodo Firewall. My computer
> is not being harmed by these "attacks", but I just wonder if there is
> anything more I should do for protection.
> Thank you for responding.

abeesgram@aol.com · Jul 1, 2008

Re: Event Viewer "Failure Audit"

On Jun 30, 1:44 pm, "Gerry" <ge...@nospam.com> wrote:
> Is your computer purely a home computer or do you use it to log into
> your employer's computer network?
>
> This link gives comments on the Report from Event Viewerhttp://snipurl.com/2ro8w [www_eventid_net]
>
> http://en.wikipedia.org/wiki/NTLMSSP
>
> The Knowledge Base Article in the link implies that this was a bug fixed
> in the SP2 update so you should not be seeing this Report
> Security Event 529 is logged for local user accountshttp://support.microsoft.com/?kbid=811082
>
> How did you find out about these Reports?
>
> You have not mentioned any anti-spyware protection. I suggest you look
> at Spybot S & D (freeware version).
>
> Download Spybot S & D from herehttp://www.safer-networking.org/en/spybotsd/index.html
>
> --
>
> Hope this helps.
>
> Gerry
> ~~~~
> FCA
> Stourport, England
> Enquire, plan and execute
> ~~~~~~~~~~~~~~~~~~~
>
>
>
> abeesg...@aol.com wrote:
> > On Jun 30, 2:51 am, "Gerry" <ge...@nospam.com> wrote:
> >> What are your anti-spyware and firewall arrangements? Are you using a
> >> modem or a router with a hardware firewall?
>
> >> --
>
> >> Hope this helps.
>
> >> Gerry
> >> ~~~~
> >> FCA
> >> Stourport, England
> >> Enquire, plan and execute
> >> ~~~~~~~~~~~~~~~~~~~
>
> >> abeesg...@aol.com wrote:
> >>> Event Type: Failure Audit
> >>> Event Source: Security
> >>> Event Category: Logon/Logoff
> >>> Event ID: 529
> >>> Date: 6/29/2008
> >>> Time: 4:02:12 PM
> >>> User: NT AUTHORITY\SYSTEM
> >>> Computer: MARY
> >>> Description:
> >>> Logon Failure:
> >>> Reason: Unknown user name or bad password
> >>> User Name: administrator
> >>> Domain: 66.167.167.12
> >>> Logon Type: 3
> >>> Logon Process: NtLmSsp
> >>> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> >>> Workstation Name: IPS102201
> >>> .
>
> >>> I get 6 or more of these messages every day. Obviously, the hacker
> >>> is not successful in logging into my system. Is there a reason he
> >>> gets even this far? Is there a site to which I should report him?
>
> >>> XP SP3 IE 7.0 AVG8.0
> >>> Thank you- Hide quoted text -
>
> >> - Show quoted text -
>
> > Gerry, I am using AVG 8.0 Antivirus and Comodo Firewall. My computer
> > is not being harmed by these "attacks", but I just wonder if there is
> > anything more I should do for protection.
> > Thank you for responding.- Hide quoted text -
>
> - Show quoted text -

Gerry, I do have Spybot as well as AVG8.0 and Comodo Pro Firewall.
Mine is a stand-alone system. All of the references you listed were
about server applications.

I found out about the problem because I check my Event Viewer on a
daily basis.
Thank you again.

abeesgram@aol.com · Jul 1, 2008

Re: Event Viewer "Failure Audit"

On Jun 30, 1:44 pm, "Gerry" <ge...@nospam.com> wrote:
> Is your computer purely a home computer or do you use it to log into
> your employer's computer network?
>
> This link gives comments on the Report from Event Viewerhttp://snipurl.com/2ro8w [www_eventid_net]
>
> http://en.wikipedia.org/wiki/NTLMSSP
>
> The Knowledge Base Article in the link implies that this was a bug fixed
> in the SP2 update so you should not be seeing this Report
> Security Event 529 is logged for local user accountshttp://support.microsoft.com/?kbid=811082
>
> How did you find out about these Reports?
>
> You have not mentioned any anti-spyware protection. I suggest you look
> at Spybot S & D (freeware version).
>
> Download Spybot S & D from herehttp://www.safer-networking.org/en/spybotsd/index.html
>
> --
>
> Hope this helps.
>
> Gerry
> ~~~~
> FCA
> Stourport, England
> Enquire, plan and execute
> ~~~~~~~~~~~~~~~~~~~
>
>
>
> abeesg...@aol.com wrote:
> > On Jun 30, 2:51 am, "Gerry" <ge...@nospam.com> wrote:
> >> What are your anti-spyware and firewall arrangements? Are you using a
> >> modem or a router with a hardware firewall?
>
> >> --
>
> >> Hope this helps.
>
> >> Gerry
> >> ~~~~
> >> FCA
> >> Stourport, England
> >> Enquire, plan and execute
> >> ~~~~~~~~~~~~~~~~~~~
>
> >> abeesg...@aol.com wrote:
> >>> Event Type: Failure Audit
> >>> Event Source: Security
> >>> Event Category: Logon/Logoff
> >>> Event ID: 529
> >>> Date: 6/29/2008
> >>> Time: 4:02:12 PM
> >>> User: NT AUTHORITY\SYSTEM
> >>> Computer: MARY
> >>> Description:
> >>> Logon Failure:
> >>> Reason: Unknown user name or bad password
> >>> User Name: administrator
> >>> Domain: 66.167.167.12
> >>> Logon Type: 3
> >>> Logon Process: NtLmSsp
> >>> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> >>> Workstation Name: IPS102201
> >>> .
>
> >>> I get 6 or more of these messages every day. Obviously, the hacker
> >>> is not successful in logging into my system. Is there a reason he
> >>> gets even this far? Is there a site to which I should report him?
>
> >>> XP SP3 IE 7.0 AVG8.0
> >>> Thank you- Hide quoted text -
>
> >> - Show quoted text -
>
> > Gerry, I am using AVG 8.0 Antivirus and Comodo Firewall. My computer
> > is not being harmed by these "attacks", but I just wonder if there is
> > anything more I should do for protection.
> > Thank you for responding.- Hide quoted text -
>
> - Show quoted text -

I should add that the "hotfix" refers to Event 529 appearing with the
owner's name.
The sample I included at the beginning of this thread, and others I
receive, are not my user name.

Event Viewer "Failure Audit"

abeesgram@aol.com

Guest

Andrew E.

Guest

Gerry

Guest

abeesgram@aol.com

Guest

Gerry

Guest

abeesgram@aol.com

Guest

abeesgram@aol.com

Guest

Similar threads