?
Solved

Is advapi spyware or a hacking tool?

Posted on 2009-07-16
4
Medium Priority
?
882 Views
Last Modified: 2012-06-27

Does anyone know how to get rid of this error in my SBS server seceurity log ?

Logon Failure:Reason:Unknown user name or bad password User Name:anonymous Domain:Logon Type:3Logon Process:Advapi Athentication Package:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 
0
Comment
Question by:cap7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 1600 total points
ID: 24876457
Advapi is known as part of the Netdevil trojan/backdoor.
See: http://www.processlibrary.com/directory/files/advapi/
Scan all your workstations and servers with a good antivirus.
These are the manual removal instructions: http://www.exterminate-it.com/malpedia/remove-net-devil
Also, to be absolutely sure: if you find the advapi.exe or shellapi32.exe you can also have it scanned at virustotal. They use all virusscanners known to mankind at once;-)

kr, J.
0
 
LVL 8

Assisted Solution

by:jako
jako earned 400 total points
ID: 24876659
It's prolly not what you fear. But to get rid of these messages you need to track this access attempt to its source process and fix it there - use the tools from Sysinternals Suite (http://google.com/search?q=sysinternals+suite). Apply logic: if it were malware trying to brute force its way in, it wouldn't be wise to start with anonymous but rather an Administrator, right?
maybe you unnecessarily run a ftp server (where anonymous is often used for public access).
0
 
LVL 8

Expert Comment

by:jako
ID: 24876675
and please, search the experts-exchange before asking questions: http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_24550402.html ;)
0
 

Author Closing Comment

by:cap7
ID: 31604360
I search the registy and removed a software key search assistant with the advapi.exe , this resolved my login errors.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question