Solved

Is advapi spyware or a hacking tool?

Posted on 2009-07-16
4
870 Views
Last Modified: 2012-06-27

Does anyone know how to get rid of this error in my SBS server seceurity log ?

Logon Failure:Reason:Unknown user name or bad password User Name:anonymous Domain:Logon Type:3Logon Process:Advapi Athentication Package:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 
0
Comment
Question by:cap7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 400 total points
ID: 24876457
Advapi is known as part of the Netdevil trojan/backdoor.
See: http://www.processlibrary.com/directory/files/advapi/
Scan all your workstations and servers with a good antivirus.
These are the manual removal instructions: http://www.exterminate-it.com/malpedia/remove-net-devil
Also, to be absolutely sure: if you find the advapi.exe or shellapi32.exe you can also have it scanned at virustotal. They use all virusscanners known to mankind at once;-)

kr, J.
0
 
LVL 8

Assisted Solution

by:jako
jako earned 100 total points
ID: 24876659
It's prolly not what you fear. But to get rid of these messages you need to track this access attempt to its source process and fix it there - use the tools from Sysinternals Suite (http://google.com/search?q=sysinternals+suite). Apply logic: if it were malware trying to brute force its way in, it wouldn't be wise to start with anonymous but rather an Administrator, right?
maybe you unnecessarily run a ftp server (where anonymous is often used for public access).
0
 
LVL 8

Expert Comment

by:jako
ID: 24876675
and please, search the experts-exchange before asking questions: http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_24550402.html ;)
0
 

Author Closing Comment

by:cap7
ID: 31604360
I search the registy and removed a software key search assistant with the advapi.exe , this resolved my login errors.
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question