Results 1 to 5 of 5

Thread: anonymous logon, tcp/ip netbios helper password

  1. #1
    stupidnet Guest

    Default anonymous logon, tcp/ip netbios helper password

    Hello. I recently switched to Windows XP SP2 (switched to it from 98 'cause my mobo wouldn't work with anything 2000).
    From what I've seen/read, XP has more holes than a collander.
    But I've closed up those holes that I've read about, and use so many different security utilities that it's annoying.
    Anyway, here's my question. I was browsing around in my computer, forget why originally, and I noticed a bunch of anonymous logon entries in computer management-event viewer-security.
    I've never been online with this computer without ZA running and at fairly restrictive settings. They're not constant, but they appear to happen once or twice a day. I've included the properties information from one such instance.

    Event Type: Success Audit
    Event Source: Security
    Event Category: Logon/Logoff
    Event ID: 540
    Date: 8/1/2006
    Time: 8:10:48 PM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: NONE-4A5A44BD02
    Description:
    Successful Network Logon:
    User Name:
    Domain:
    Logon ID: (0x0,0x1319D)
    Logon Type: 3
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Workstation Name:
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    Any ideas what this is about? Are people still able to gain remote access to my computer despite ZA?

    I regularly run spybot and adware, as well as ZA's built in spyware scanner, my antivirus software, and rootkit revealer, none of which find anything beyond logs.
    The only odd program occurences I get with ZA are one saying Netzero may be monitoring keystrokes, mouse movements, etc, which happens after it updates...Which I take to either be a misinterpretation on ZA's part, or the result of this being 1984. But I just delete it and reinstall whenever that happens.

    My second question is that I was looking in services- TCP/IP Netbios helper-properties-log on, and there's a password! And I've never messed with it besides trying to disable it, let alone put a password in place. I did notice, however, that the password is the same length as the account name...But I don't know why Windows would enable a password by default and have it be the same as the account name. If it is fishy, it seems that the two things may be connected.
    Any ideas? Any feedback is appreciated. My computer behaves fine...Only remotely unusual behavior is Galactic Civilizations II randomly crashing when I save...But Lord knows that's far from unusual on Windows. But yeah, the anonymous logon and mysterious password irk me. Thanks for your help.

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.1

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: anonymous logon, tcp/ip netbios helper password

    Hi and welcome to the forum!

    I think this just means that the network connection has been established by Windows. "Anonymous" I think just implies that the logon was performed automatically without any administrator or user interventions.



    <blockquote><hr> information from one such instance.

    Event Type: Success Audit
    Event Source: Security
    Event Category: Logon/Logoff
    Event ID: 540
    Date: 8/1/2006
    Time: 8:10:48 PM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: NONE-4A5A44BD02
    Description:
    Successful Network Logon:
    User Name:
    Domain:
    Logon ID: (0x0,0x1319D)
    Logon Type: 3
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Workstation Name:
    Logon GUID: {00000000-0000-0000-0000-000000000000}



    So I would venture to say that these are not threats indicated from these recorded events.


    Is NetZero your internet provider? Do you have any of their software installed?

    RE: TCP/IP NetBIOS Helper Services has a password. This is okay. Quite normal. It is part of the Windows XP enhanced security measures. You will see these type of steps taken in various other places- including the registry. you probably are accessing this in the Administrator Account and this is why it is filled out and ready for the master's touch.

    When your Galatic Civilization II is about to be saved, could you check the Task Manager just before and see if there is sufficent RAM remaining?
    This maybe the reason for this happening. I really am not sure about this issue. But if the RAM is not enough, perhaps increasing it maybe the cure.

    Windows XP is definitely a collander compared to the 98 or the 2000.Good that you take interest in the OS details and have stopped to ask!

    Oldsod

    Message Edited by Oldsod on 08-02-2006 09:00 AM

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Anti-Spyware
    Software Version:6.1
    Best regards.
    oldsod

  3. #3
    stupidnet Guest

    Default Re: anonymous logon, tcp/ip netbios helper password

    Thanks for the reply. But in regards to the anonymous logon issue, if that message only appeared because windows had established a network connection, shouldn't there be an anonymous logon listing each and everytime I sign online, rather than just sporadically? And when you say that anonymous implies that the logon was performed automatically, do you mean like in a instance where someone has their computer set up to automatically connect to the internet when they turn on their computer? Because I don't have anything like that set up...Whenever I sign online, it's deliberate.

    ...But actually, I just now thought of something. Could it be from my internet software automatically reconnecting me when I get knocked offline? That's the only instance where I'm connected to the internet without any intervention on my part, and it would also explain why the entry only shows up occasionally.

    Yes, NetZero is my internet provider and I use their software. It's entirely possible that the ZA message I get about keylogging, etc. indicates something that's actually harmless...I know I've gotten that message when using utilities that monitor certain aspects of my system (think WinPatrol may have generated it before). And in that context, you know, if I'm using a program to monitor and prevent changes to critical system files or something, it makes sense that ZA would warn me that the behavior is potentially malicious, when in fact it's intentional and helpful. But since I don't know what it is that NetZero's doing that sets off ZA in that way, and since corporations are so keen to dig into our business, I prefer to just reinstall the software when it updates to the point that I get that message.

    I wondered if the netbios password was automatic or not, and I'm glad to hear that it is. 'Cause yeah, that bugged me...Didn't understand why a hacker would password-protect it anyway...But better safe than sorry.

    My ram should be up to the task, as I more than exceed the recommended requirement and I usually shut off any unnecessary programs when I play it, but I'll give that a shot next time.

    Once again, thanks for taking the time to respond to my questions. You've been very helpful.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: anonymous logon, tcp/ip netbios helper password

    Yes Windows XP SP2 is very different from Windows 98.It does things differently and is full of holes as you said.

    The events happening are all okay. All is good.
    Many times safe software and hardware are declared to be keyloggers or having hooks. Items like CCleaner, touchpads, laptop keyboards, registry cleaners, antispyware are actually safe, but are called as threats by the security applications.


    As for the game crashing- I saw something, on the net, about this type pf occurance the other day before your posting. It was involving a minor change in the OS to remedy it.What and where is gone completely from my mind. Perhaps an answer from a gamer's forum or the software maker has a patch?

    I am smiling. Very glad to see your interest in PC and security!

    Oldsod
    Best regards.
    oldsod

  5. #5
    ai_tak Guest

    Default Re: anonymous logon, tcp/ip netbios helper password

    I think this is the windows security sub-system initializing at system boot. Do the entries correspond with system startup times?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •