Hi,
I'm using windows server 2008 R2. I'm using it for learning purpose in my
PC.
I've listed some problem I'm experiencing. Please tell me whether it is a
virus attack or is someone trying to hack my system.
1. Server summary in server manager is not displaying its contents.
2. My system hangs(Even caplock key or ctrl alt del didn't work).
3. When I double click a file or folder it opens the property of the file or
folder(fixed it with regsvr32 /i shell32).
4. My internet connection was blocked and I've did a bare metal recovery(2
times)(Actually first it was blocked for some minutes and then was ok. After
a week it was entirely blocked).
5. A suspicious login in my system. I found it in my Event log. My system
hanged after 11.01 pm.
I also found some events that occurs at 11 pm and I've noticed "Logon
Process: Advapi" which is a virus.
/////////////////////////////////////////////////////////////////////////////////////
Special privileges assigned to new logon.
Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
/////////////////////////////////////////////////////////////////////
An account was successfully logged on.
Subject:
Security ID: SYSTEM
Account Name: MyserverName$
Account Domain: myWorkgroup
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x260
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name: Source
Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi (I've found this page when I googled:
http://www.auditmypc.com/process/advapi.asp)
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////
Special privileges assigned to new logon.
Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
////////////////////////////////////////////////////////////////////////////////////////////////
An account was successfully logged on.
Subject:
Security ID: SYSTEM
Account Name: MyServername$
Account Domain: MyWORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x260
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name: Source
Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Thanks in Advance.
Vijay chandar
Similar Threads
Linear Mode
