Possible hack attempt?

Posted on 2006-06-06
Last Modified: 2012-08-13
Started checking logs & got this.   Any chance of a possible breach?  We have a pix but the logs are long gone for that timeframe.  Any ideas of how I can get that user's IP?

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/6/2006
Time:            1:04:03 AM
User:            NT AUTHORITY\SYSTEM
Computer:      EXCHANGE1
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      EMAIL2003$
       Domain:            NEWZSNAP
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      EMAIL2003
Question by:mentisgroup
    LVL 20

    Expert Comment

    LVL 20

    Expert Comment

    LVL 20

    Expert Comment

    i guess i should have asked if you are familiar with that domain newsnap and if you have any user listed as email2003 or a workstation email2003. Also is anyone in the office around 1:04am?

    Author Comment

    No No No & hell No.
    LVL 20

    Expert Comment

    Ok so we have an issue then. possibly a virus/trojan on one of your machines how many machines do  you have and do this machines have any anti-virus that is up to date we need to figure out if it was an attemp from inside or outside since you said that the logs are not there for that timeframe
    LVL 5

    Accepted Solution

    Download HijackThis 1.9.9 by clicking on this link:

    Then copy and paste the log file here: and click 'Analyse'. It should open up a new page saying what is bad/good in your log file.

    Then, after doing this, paste the link to the log file in this question for more information on the analysed log.

    ~ Nerd

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now