Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

3 posts

Wannabe Geek

#115880 10-Apr-2013 15:41
Send private message


Does anyone know what application causes this account to appear in C:\users\ on workstations occasionally, and in some AD environments?

I'm having a problem where i'm getting close to 30MB/hr of ntlm auth attempts per workstation due to an incorrect username or password but no idea what is generating them.

Using various tools such as netstat, processexplorer and wireshark i've found it's coming from the SYSTEM process.

Note the 9 numbers seem to be randomly generated and i've found it across only a couple of environments which I manage.

Create new topic
4077 posts

Uber Geek

  #797229 10-Apr-2013 16:21
Send private message

Stab in the dark, but my google-fu Suggestions point to an intrim authentication between Apache and possibly SQL dbases.

Those sort of things in the environment?

(lots of hits on sql injection exploits on WordPress and similar usin fs-admin.php)

The alternate, was a McAfee service account :)


11545 posts

Uber Geek

Lifetime subscriber

  #798362 12-Apr-2013 13:12
Send private message

Coming from each workstation and going where? To a particular machine or just trying to access standard network shares and failing?

Is the account a local account (does it appear in local machine user management) or an AD account?

Create new topic

News »

Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35

UFB hits more than one million connections
Posted 6-Aug-2020 09:42

D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01

New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35

Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21

Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11

Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05

Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26

Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07

Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45

Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48

Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50

Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00

Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51

QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.