Re: Weird Logins

From: asdf (asdf_at_asdf.com)
Date: 11/11/05


Date: Thu, 10 Nov 2005 18:24:35 -0500

she is already changing her pass once a week.
thats why i think that it's a keylogger or similar.

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:uGsxITi5FHA.2484@TK2MSFTNGP09.phx.gbl...
> Enable auditing of logon events on her computer in Local Security Policy
and
> then view logon entries in the security log to see what is going on and
> proceed from there. The events will have a logon type and a timestamp.
Type
> 7 shows the computer was unlocked. Make sure you reset her password ASAP
> and you may need to do a clean install of the operating system. ---
Steve
>
> http://www.windowsecurity.com/articles/Logon-Types.html
>
> "asdf" <asdf@asdf.com> wrote in message
> news:1NDcf.68289$rE2.11111@fe10.lga...
> > one of our users is complaining that someone is loging in to her
computer.
> > when she leaves she locks her computer but sometimes when she comes back
> > it is unlocked. Noone else knows her password. Even if i it was reset
> > through active
> > directory it would show since then she would know that someone changed
it.
> > To me that leaves only one option and that is that someone has installed
a
> > keylogger
> > like spector to get her password. System is running Symantec Corporate
> > Antivirus 9.1
> > but those keylogger have a way of avoiding detection. What are other
> > things
> > that could
> > be causing this. What are other ways of troubleshooting this problem.
> >
> > thanx a million for all the responses.
> >
> >
>
>



Relevant Pages

  • Re: Weird Logins
    ... thats why i think that it's a keylogger or similar. ... > Enable auditing of logon events on her computer in Local Security Policy ... Make sure you reset her password ASAP ...
    (alt.computer.security)
  • Re: Weird Logins
    ... Enable auditing of logon events on her computer in Local Security Policy and ... > but those keylogger have a way of avoiding detection. ...
    (alt.computer.security)
  • Re: Weird Logins
    ... Enable auditing of logon events on her computer in Local Security Policy and ... > but those keylogger have a way of avoiding detection. ...
    (microsoft.public.win2000.security)
  • RE: find on which computer is connected a user
    ... You may try to enable the policy "Audit Logon Events" and then audit the ... Write events to the event log of a specified server concerning the status ...
    (microsoft.public.windows.server.general)
  • RE: how can I see when the last time it was when a computer loged on
    ... You can try to enable the policy "Audit logon events" and then we can audit ... Events->Select Success and Failure. ...
    (microsoft.public.windows.server.sbs)