gregnvt
asked on
WIN XP security "unusual" USER created on my system
I have been monitoring my WIN XP security closely over the last week as it appeared we had a breach of security where we had a weird user appear in our MY Network/Security/ tab. I deleted the user name a week ago but it came back again. We have installed some failry tough security programs and measures as well changed user names IP addresses and passwords etetc.
As this user name came back it was a surprize???
Is there a way that we can prevent any more users being created in the MY NetworkSecurity section and is there a way we can trace back when it was created and if there is any related files doig this on the system?
As this user name came back it was a surprize???
Is there a way that we can prevent any more users being created in the MY NetworkSecurity section and is there a way we can trace back when it was created and if there is any related files doig this on the system?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You should enable auditing in the system and security logs so you'll have the option of seeing when changes were made to your system. By default, the logs themselves may alread give you some of that information. - Start, settings, control panel, administrative tools, event viewer.
ASKER
Thank you for the ideas....
Tried the ewido, spy sweeper and Trojan Hunter and did not discover any trogans.
Just the usual adware items....
Also checked with Symantec tools and they proclaim we are clean...
The user that was created on both occaisions was the same name where it was something like the letter S with numbers and dashes thru it, Sorry I did not note it down exactly...
Looked something like S543-233445-4467. This user also appeared after I changed the internal IP and upgraded security... So I have discovered it twice in the last 7 days...
EVENT VIEWER *****
I checked the event viewer and could see anything where a user had been created??? Does Win XP create one for any reason???
Any other ideas??
Tried the ewido, spy sweeper and Trojan Hunter and did not discover any trogans.
Just the usual adware items....
Also checked with Symantec tools and they proclaim we are clean...
The user that was created on both occaisions was the same name where it was something like the letter S with numbers and dashes thru it, Sorry I did not note it down exactly...
Looked something like S543-233445-4467. This user also appeared after I changed the internal IP and upgraded security... So I have discovered it twice in the last 7 days...
EVENT VIEWER *****
I checked the event viewer and could see anything where a user had been created??? Does Win XP create one for any reason???
Any other ideas??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Event viewer will only track items for which auditing has been enabled, for either the success of failure of that option, e.g. user creation.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.