Help required, multiple 627 change password attempts?

By sinky ยท 4 replies
Oct 21, 2008
  1. Hi, I'm looking for some help / reasurrance about a potential security issue on my PC and found my way to this forum via Hijack this.

    After leaving my computer switched on overnight and finding it unexpectadly restarted i checked the system event log. I have noticed a large number of 627 change password failure audits from both NT AUTHORITY\SYSTEM and NT AUTHORITY\ANONYMOUS LOGON.
    there around 30 failed 627 events usually followed by a succesfull change all happening within a few seconds.
    In all cases the target account is mine( the only and administrator account).

    I'm not really sure what i'm looking at but its got me worried as i thought this message was only generated by a user attempting to change password.
    The other thing is that the large number of failed events seem to coocur every half hour or so. Is someone trying to hack my machine or is it a normal error message.

    I'm have attempted to scan / clean my system with all the suggest utilities.
    I have bitdefender 2009 and ZA installed and up to date.

    Some experienced help would really be appreciated, especially if someone has time to go over my hijack this log.

    thanks in advance
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

  3. sinky

    sinky TS Rookie Topic Starter

    Thanks for the advice. I hope that it will be possible for me to recover the system.

    Formatting my windows partition is a possibility but i hope i can at least understand the cause of the problem first.

    In the meantime i'm taking precations with my more sensative data.

    Any thoughts on my hijack this log?
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    I haven't looked still

    Because I want you to backup and then install Windows clean
    I think this is what you will eventually do anyway
    Therefore no need to put time on the log
  5. geekygirl63

    geekygirl63 TS Rookie Posts: 54

    And disconnect from the internet until you do because it sounds like someone has found an open port on your system and has exploited it. If running ZA for firewall you should look at the logs and you will be able to see the intrusions.

    Agree with Kimsland. Backup your data and build from scratch. I would suggest running a cleanup too before the backup so that you don't back up a bunch of unnecessary temporary files.

    I use Cleanup by Steven Gould. You can get it here.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...