Archived from groups: microsoft.public.windowsxp.basics (
More info?)
Thanks for the information, glad you got it sorted out.
--
Michael Solomon MS-MVP
Windows Shell/User
Backup is a PC User's Best Friend
DTS-L.Org: http://www.dts-l.org/
"Lorne" <Lorne_Anderson@hotmail.com> wrote in message
news:uXGgTtmlEHA.1244@TK2MSFTNGP15.phx.gbl...
> In case you are interested I have now traced it - it seems to be mapped
> drives on other computers on my home network.
>
>
> "Michael Solomon (MS-MVP Windows Shell/User)" <user@#notme.com> wrote in
> message news:%232nxO6UlEHA.3432@TK2MSFTNGP14.phx.gbl...
>> The firewall in your router won't tell you if anything is trying to phone
>> home and what that application is. You need a software firewall as well.
>> XP's built in firewall doesn't handle outgoing requests but there are
>> several free firewalls with this capability:
>> www.agnitum.com
>> www.zonelabs.com
>> www.sygate.com
>>
http://www.tinysoftware.com/home/tiny2?la=EN
>>
http://www.kerio.com/kerio.html
>>
>> Also check for any malware on your system, download, install and run Ad
>> Aware:
>> www.lavasoftusa.com.
>>
>> Also check your applications for options that automatically check for
>> updates as this could be the issue as well.
>>
>>
>> --
>> Michael Solomon MS-MVP
>> Windows Shell/User
>> Backup is a PC User's Best Friend
>> DTS-L.Org: http://www.dts-l.org/
>>
>> "Lorne" <Lorne_Anderson@hotmail.com> wrote in message
>> news:uXUluuSlEHA.1652@TK2MSFTNGP09.phx.gbl...
>>> Its not Media Player - I got another anonymous logon 10 minutes ago when
>>> it was not playing. Also I just started it and invoked a request for
>>> album information but got no entry in the event log.
>>>
>>> The KB article was the one I read myself, but as far as I can tell I
>>> have installed the relevant update. I tried posting this to the network
>>> group as you suggested so maybe one of them can help but if you can
>>> suggest how I can find out what is invoking this I would be grateful. I
>>> am connected to the web 24/7 so a hacker may have an opportunity but
>>> then I have firewall in my router as well as McAfee & Spy Sweeper
>>> running so the lack of any other signs suggest it is innocent, but never
>>> the less a bit concerning.
>>>
>>> Lorne
>>>
>>>
>>> "Michael Solomon (MS-MVP Windows Shell/User)" <user@#notme.com> wrote in
>>> message news:u39sVmSlEHA.596@TK2MSFTNGP11.phx.gbl...
>>>> Media Player does check the web periodically though usually it needs to
>>>> be invoked to do so. Was it open when this happened?
>>>>
>>>> You might also want to check the following Knowledge Base Article:
>>>>
http://support.microsoft.com/?kbid=321677
>>>>
>>>> --
>>>> Michael Solomon MS-MVP
>>>> Windows Shell/User
>>>> Backup is a PC User's Best Friend
>>>> DTS-L.Org: http://www.dts-l.org/
>>>>
>>>> "Lorne" <Lorne_Anderson@hotmail.com> wrote in message
>>>> news:O7hT2bSlEHA.3876@TK2MSFTNGP15.phx.gbl...
>>>>> Just one more thing. I have now seen that in the application tab WMDM
>>>>> PMSP Service is starting 2 seconds before every anonymous login.
>>>>> There is an article about a security hole related to Media Player &
>>>>> this service but I do have all the critical updates installed as far
>>>>> as I know.
>>>>>
>>>>>
>>>>> "Lorne" <Lorne_Anderson@hotmail.com> wrote in message
>>>>> news:u%23GlmUSlEHA.2340@TK2MSFTNGP11.phx.gbl...
>>>>>>I just found the event viewer in the program menu under admin tools.
>>>>>>When I click the Security tab it lists what looks like a series of
>>>>>>network events. User is shown as me, system, network services, local
>>>>>>service or guest most of the time. Guest appears to be when another
>>>>>>computer on my network (2 other family members) accesses my disk.
>>>>>>Event numbers are usually 528 or 576 or 850 or 849 or 680 plus a few
>>>>>>others.
>>>>>>
>>>>>> My concern is that every few hours there is an entry of event 540
>>>>>> with user Anonymous Logon ! Properties says logon type = 3 and
>>>>>> windows help says that is somebody on the network logging in, but
>>>>>> this is happening when only me is using the computer and nothing else
>>>>>> on the network is switched on.
>>>>>>
>>>>>> I have not noticed anything going on that is suspicious but this
>>>>>> entry in the event viewer certainly does look suspicious.
>>>>>>
>>>>>> Have I been hacked or is there an innocent explanation?
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>