Solved

Is advapi spyware or a hacking tool?

Posted on 2009-07-16
4
848 Views
Last Modified: 2012-06-27

Does anyone know how to get rid of this error in my SBS server seceurity log ?

Logon Failure:Reason:Unknown user name or bad password User Name:anonymous Domain:Logon Type:3Logon Process:Advapi Athentication Package:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 
0
Comment
Question by:cap7
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 400 total points
ID: 24876457
Advapi is known as part of the Netdevil trojan/backdoor.
See: http://www.processlibrary.com/directory/files/advapi/
Scan all your workstations and servers with a good antivirus.
These are the manual removal instructions: http://www.exterminate-it.com/malpedia/remove-net-devil
Also, to be absolutely sure: if you find the advapi.exe or shellapi32.exe you can also have it scanned at virustotal. They use all virusscanners known to mankind at once;-)

kr, J.
0
 
LVL 8

Assisted Solution

by:jako
jako earned 100 total points
ID: 24876659
It's prolly not what you fear. But to get rid of these messages you need to track this access attempt to its source process and fix it there - use the tools from Sysinternals Suite (http://google.com/search?q=sysinternals+suite). Apply logic: if it were malware trying to brute force its way in, it wouldn't be wise to start with anonymous but rather an Administrator, right?
maybe you unnecessarily run a ftp server (where anonymous is often used for public access).
0
 
LVL 8

Expert Comment

by:jako
ID: 24876675
and please, search the experts-exchange before asking questions: http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_24550402.html ;)
0
 

Author Closing Comment

by:cap7
ID: 31604360
I search the registy and removed a software key search assistant with the advapi.exe , this resolved my login errors.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question