a couple days ago i moved my desktop back to the dorm and left it on overnight. i went back the next day to get books and i had 6 alerts from norton about nimda files on my computer... i got this around september too because of the idiots on the network that dont use antivirus even tho the university provides corporate norton AV with free updates to download for free for students
but i digress... it quarantined those files and i deleted them... then i went to microsoft.com and searched for stuff on nimda, and i found a nice little guide about securing windows against these network viruses... one of the steps was enabling audit logging. that was less than 48 hours ago...
about 30 mins i remote desktop'ed into my desktop from home, and got this nice message that the security log was already full... so i open up the event viewer and i see this.
thats right 2,146 events... about 90% of those are failed logins that say this:
some user names are listed as administrator, others are wwwadmin or IUSR_DESKTOP.
is this nimda still trying to sneak into my system over the network? or is it something else?
but i digress... it quarantined those files and i deleted them... then i went to microsoft.com and searched for stuff on nimda, and i found a nice little guide about securing windows against these network viruses... one of the steps was enabling audit logging. that was less than 48 hours ago...
about 30 mins i remote desktop'ed into my desktop from home, and got this nice message that the security log was already full... so i open up the event viewer and i see this.
thats right 2,146 events... about 90% of those are failed logins that say this:
some domain/workstation names say COMP1, others say ENIGMA5-MAIN...
some user names are listed as administrator, others are wwwadmin or IUSR_DESKTOP.
is this nimda still trying to sneak into my system over the network? or is it something else?
Facebook
Twitter