Windows 2K PC being Hacked? HELP!!!

  • Thread starter Thread starter Sam Jones
  • Start date Start date
S

Sam Jones

I have a user who it seems is logging onto my Win 2K
workstation, even though they have no access. They do not
have local account and are not a Domain Admin. They are
just a user. The user says that they are not connecting to
my PC.

Could this be a virus on their PC and it is then hacking
other systems without their knowledge? or are they not
being truthful and are hacking my PC somehow?

See Event log entries below. Names altered for security
reasons.

I would appreciate some help on this. I want to be sure
before reporting the problem as a security breach.

Below are the events:

Event 1: connection established to my pc

Success Audit Security Privilege Use 576
JOE USER COMPUTERNAME

Special privileges assigned to new logon:
User Name:
Domain:
Logon ID: (0x0,0x114022)
Assigned: SeChangeNotifyPrivilege

Event 2: Successful Logon

Success Audit Security Logon/Logoff 540

JOE USER COMPUTERNAME


Successful Network Logon:
User Name: JOEUSER
Domain: ACME
Logon ID: (0x0,0x114022)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: \\COMPUTERNAME

Event 3: Logoff

Success Audit Security Logon/Logoff 538

JOE USER COMPUTERNAME


User Logoff:
User Name: JOEUSER
Domain: ACME
Logon ID: (0x0,0x114022)
Logon Type: 3
 
Sam Jones said:
I have a user who it seems is logging onto my Win 2K
workstation, even though they have no access. They do not
have local account and are not a Domain Admin. They are
just a user. The user says that they are not connecting to
my PC.

Could this be a virus on their PC and it is then hacking
other systems without their knowledge? or are they not
being truthful and are hacking my PC somehow?

My guess .. JOE is not trying to get into your computer .. he gets there !
And he is succesful ! Somewhere he has to give a password so I guess he is
just kidding -:).
 
Back
Top