Re: What is the event Viewer telling me?

From: Michael Solomon \(MS-MVP Windows Shell/User\) (user_at_#notme.com)
Date: 09/09/04 

Date: Thu, 9 Sep 2004 12:29:11 -0700

Thanks for the information, glad you got it sorted out. 

-- 
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/
"Lorne" <Lorne_Anderson@hotmail.com> wrote in message 
news:uXGgTtmlEHA.1244@TK2MSFTNGP15.phx.gbl...
> In case you are interested I have now traced it - it seems to be mapped 
> drives on other computers on my home network.
>
>
> "Michael Solomon (MS-MVP Windows Shell/User)" <user@#notme.com> wrote in 
> message news:%232nxO6UlEHA.3432@TK2MSFTNGP14.phx.gbl...
>> The firewall in your router won't tell you if anything is trying to phone 
>> home and what that application is.  You need a software firewall as well. 
>> XP's built in firewall doesn't handle outgoing requests but there are 
>> several free firewalls with this capability:
>> www.agnitum.com
>> www.zonelabs.com
>> www.sygate.com
>> http://www.tinysoftware.com/home/tiny2?la=EN
>> http://www.kerio.com/kerio.html
>>
>> Also check for any malware on your system, download, install and run Ad 
>> Aware:
>> www.lavasoftusa.com.
>>
>> Also check your applications for options that automatically check for 
>> updates as this could be the issue as well.
>>
>>
>> -- 
>> Michael Solomon MS-MVP
>> Windows Shell/User
>> Backup is a PC User's Best Friend
>> DTS-L.Org: http://www.dts-l.org/
>>
>> "Lorne" <Lorne_Anderson@hotmail.com> wrote in message 
>> news:uXUluuSlEHA.1652@TK2MSFTNGP09.phx.gbl...
>>> Its not Media Player - I got another anonymous logon 10 minutes ago when 
>>> it was not playing.  Also I just started it and invoked a request for 
>>> album information but got no entry in the event log.
>>>
>>> The KB article was the one I read myself, but as far as I can tell I 
>>> have installed the relevant update.  I tried posting this to the network 
>>> group as you suggested so maybe one of them can help but if you can 
>>> suggest how I can find out what is invoking this I would be grateful.  I 
>>> am connected to the web 24/7 so a hacker may have an opportunity but 
>>> then I have firewall in my router as well as McAfee & Spy Sweeper 
>>> running so the lack of any other signs suggest it is innocent, but never 
>>> the less a bit concerning.
>>>
>>> Lorne
>>>
>>>
>>> "Michael Solomon (MS-MVP Windows Shell/User)" <user@#notme.com> wrote in 
>>> message news:u39sVmSlEHA.596@TK2MSFTNGP11.phx.gbl...
>>>> Media Player does check the web periodically though usually it needs to 
>>>> be invoked to do so.  Was it open when this happened?
>>>>
>>>> You might also want to check the following Knowledge Base Article:
>>>> http://support.microsoft.com/?kbid=321677
>>>>
>>>> -- 
>>>> Michael Solomon MS-MVP
>>>> Windows Shell/User
>>>> Backup is a PC User's Best Friend
>>>> DTS-L.Org: http://www.dts-l.org/
>>>>
>>>> "Lorne" <Lorne_Anderson@hotmail.com> wrote in message 
>>>> news:O7hT2bSlEHA.3876@TK2MSFTNGP15.phx.gbl...
>>>>> Just one more thing.  I have now seen that in the application tab WMDM 
>>>>> PMSP Service is starting 2 seconds before every anonymous login. 
>>>>> There is an article about a security hole related to Media Player & 
>>>>> this service but I do have all the critical updates installed as far 
>>>>> as I know.
>>>>>
>>>>>
>>>>> "Lorne" <Lorne_Anderson@hotmail.com> wrote in message 
>>>>> news:u%23GlmUSlEHA.2340@TK2MSFTNGP11.phx.gbl...
>>>>>>I just found the event viewer in the program menu under admin tools. 
>>>>>>When I click the Security tab it lists what looks like a series of 
>>>>>>network events. User is shown as me, system, network services, local 
>>>>>>service or guest most of the time.  Guest appears to be when another 
>>>>>>computer on my network (2 other family members) accesses my disk. 
>>>>>>Event numbers are usually 528 or 576 or 850 or 849 or 680 plus a few 
>>>>>>others.
>>>>>>
>>>>>> My concern is that every few hours there is an entry of event 540 
>>>>>> with user Anonymous Logon !  Properties says logon type = 3 and 
>>>>>> windows help says that is somebody on the network logging in, but 
>>>>>> this is happening when only me is using the computer and nothing else 
>>>>>> on the network is switched on.
>>>>>>
>>>>>> I have not noticed anything going on that is suspicious but this 
>>>>>> entry in the event viewer certainly does look suspicious.
>>>>>>
>>>>>> Have I been hacked or is there an innocent explanation?
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>