ZippyDo Posted April 29, 2003 Share Posted April 29, 2003 Hi everyone, Hope someone can clear this up for me, I have daily incidences of security log entries (Event Id 529) which show the same repeating usernames, Domains and Workstations. it cycles through them regularly and then repeats again a few hours later. When I identify the pc through workstation name, and examine it, there is no indication of virus. My questions are, can it <spoof> the \\workstation name recorded in the event logs (maybe pull it from Domain list) and second what virus(es) would this be typical of? I have found several Klez type on other machines, but this is baffling me. Thanks Link to comment Share on other sites More sharing options...
red8Rain Posted April 29, 2003 Share Posted April 29, 2003 technet doc. - http://www.microsoft.com/technet/treeview/.../server/518.asp Event ID 529 Logon failure. A logon attempt was made with an unknown user name or a known user name with a bad password. are you behind a firewall? From that event id provided by MS, it looks like someone is trying to add their computer to your domain using the wrong username and password? Link to comment Share on other sites More sharing options...
+primortal Subscriber² Posted April 29, 2003 Subscriber² Share Posted April 29, 2003 we get that a lot here. Software is installed (basically software accessing the internet) and they use their current username/password. Few weeks later and their password changes, the software still using the old password locks the account out. You might want to see if there is software that is using username/password to access something. Link to comment Share on other sites More sharing options...
Recommended Posts