Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMicrosoft WindowsFSAdmin123456789
sammnz

3 posts

Wannabe Geek


#115880 10-Apr-2013 15:41
Send private message

Hi

Does anyone know what application causes this account to appear in C:\users\ on workstations occasionally, and in some AD environments?

I'm having a problem where i'm getting close to 30MB/hr of ntlm auth attempts per workstation due to an incorrect username or password but no idea what is generating them.

Using various tools such as netstat, processexplorer and wireshark i've found it's coming from the SYSTEM process.

Note the 9 numbers seem to be randomly generated and i've found it across only a couple of environments which I manage.

Create new topic
Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #797229 10-Apr-2013 16:21
Send private message

Stab in the dark, but my google-fu Suggestions point to an intrim authentication between Apache and possibly SQL dbases.

Those sort of things in the environment?

(lots of hits on sql injection exploits on WordPress and similar usin fs-admin.php)

The alternate, was a McAfee service account :)



gzt

gzt
18679 posts

Uber Geek
+1 received by user: 7809

Lifetime subscriber

  #798362 12-Apr-2013 13:12
Send private message

Coming from each workstation and going where? To a particular machine or just trying to access standard network shares and failing?

Is the account a local account (does it appear in local machine user management) or an AD account?

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright