[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Possible hack attempt?

Posted on 2006-06-06
Medium Priority
Last Modified: 2012-08-13
Started checking logs & got this.   Any chance of a possible breach?  We have a pix but the logs are long gone for that timeframe.  Any ideas of how I can get that user's IP?

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/6/2006
Time:            1:04:03 AM
User:            NT AUTHORITY\SYSTEM
Computer:      EXCHANGE1
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      EMAIL2003$
       Domain:            NEWZSNAP
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      EMAIL2003
Question by:mentisgroup
  • 4
LVL 20

Expert Comment

ID: 16843389
LVL 20

Expert Comment

ID: 16843396
LVL 20

Expert Comment

ID: 16843435
i guess i should have asked if you are familiar with that domain newsnap and if you have any user listed as email2003 or a workstation email2003. Also is anyone in the office around 1:04am?
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.


Author Comment

ID: 16844957
No No No & hell No.
LVL 20

Expert Comment

ID: 16845394
Ok so we have an issue then. possibly a virus/trojan on one of your machines how many machines do  you have and do this machines have any anti-virus that is up to date we need to figure out if it was an attemp from inside or outside since you said that the logs are not there for that timeframe

Accepted Solution

Nerdx earned 2000 total points
ID: 16848180
Download HijackThis 1.9.9 by clicking on this link: http://download.hijackthis.eu/hijackthis_199.zip

Then copy and paste the log file here: http://www.hijackthis.de and click 'Analyse'. It should open up a new page saying what is bad/good in your log file.

Then, after doing this, paste the link to the log file in this question for more information on the analysed log.

~ Nerd

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question