Hacking attempt

Discussion in 'Server Security' started by sura2k, Jul 30, 2012.

  1. sura2k

    sura2k

    Joined:
    Jul 30, 2012
    Messages:
    1
    Likes Received:
    0
    I'm seeing some hacking attempts on my office PC. Last Friday my PC restarted twice suddenly and when I logged in, some of my important documents were not there. Just deleted.
    So I checked the Event Viewer to find the reason about this restart.
    I got these logs and I see someone's PC name on that logs. Can anybody explain this to me?
    This is the exact time it was restarted.

    Thank you!

    --------------------------------------------------------------
    Date:7/27/2012 Source:Secirity
    Time:2.35.26 PM Category:Account Logon
    Type:Success A Event ID:680
    User:MyPC/Administrator
    Computer: MyPC
    Description:
    Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Logon Account:Administrator
    Source Workstation:OtherPC
    Error Code:0x0
    -------------------------------------------------------------------------

    Date:7/27/2012 Source:Secirity
    Time:2.35.26 PM Category:Logon/Logoff
    Type:Success A Event ID:576
    User:MyPC/Administrator
    Computer: MyPC
    Description:
    Special privileges assigned to new logon:
    User Name:Administrator
    DOMAIN: MyPC
    Logon ID: (0x0, 0x251E985)
    Privileges:SeSecurityPrivilege
    SeBackupPrivilege
    ...
    -------------------------------------------------------------------------------

    Date:7/27/2012 Source:Secirity
    Time:2.35.26 PM Category:Logon/Logoff
    Type:Success A Event ID:540
    User:MyPC/Administrator
    Computer: MyPC
    Description:
    Successful Network Logon:
    User Name:Administrator
    DOMAIN: MyPC
    Logon ID: (0x0, 0x251E985)
    Logon Type:3
    Logon Process:NtLmSsp
    Authentication Package:NTLM
    Workstation Name:OtherPC
    Logon GUID:-
    Caller User Name:-
    Caller Domain:-
    Caller Logon ID:-
    Caller Process ID:-
    Transited services:-
    Source Network Address:192.168.x.x
    Source Port:0
    ----------------------------------------------------------------------

    Date:7/27/2012 Source:Secirity
    Time:2.35.26 PM Category:Logon/Logoff
    Type:Success A Event ID:540
    User:MyPC/Administrator
    Computer: MyPC
    Description:
    User initiated logoff:
    User Name:Administrator
    DOMAIN: MyPC
    Logon ID: (0x0, 0x2059c)
    --------------------------------------------------------------------
     
    sura2k, Jul 30, 2012
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.