B
bbog
Hi,
I've asked here before about the event 4625 that kept showing up daily on my Event Viewer at nearly the same time every day, and, while I didn't get much help, I managed to partially "fix" this issue by changing my local IP address, which somehow made this event stop popping up. However, after a brief pause, I'm now getting a new variant of Event 4625 on my Event Viewer:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 9/9/2019 9:58:02 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: SKELETOR
Description:
An account failed to log on.
Subject:
Security ID: SKELETOR\Pichau
Account Name: Pichau
Account Domain: SKELETOR
Logon ID: 0x6BF80
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Convidado
Account Domain: SKELETOR
Failure Information:
Failure Reason: Account currently disabled.
Status: 0xC000006E
Sub Status: 0xC0000072
Process Information:
Caller Process ID: 0x1424
Caller Process Name: C:\Windows\explorer.exe
Network Information:
Workstation Name: SKELETOR
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Now, it seems explorer.exe is trying to log into my disabled Guest account, much like how my own IP(?) was trying to do the same thing before. This seems like a random occurrence - it happened three times one day, then it stopped happening for two full days, then happened once today. My question is: is this something I should be worried about? I've already ran three different malware/virus scans and couldn't find anything (my first suspicion was that this could be a virus/hacking attempt since a few months ago a family member managed to install a shady software on my machine, but I've gotten rid of it a long time ago and even used a Restore Point), and my computer seems to behave normally - I have no crashes, no freezes, nothing abnormal. I'm only a bit worried because this Event seems to be associated with Windows Servers/file sharing, but I don't even have Network Discovery turned on, and I'm just a regular Windows user. I've already read a lot about this Event, but I'm still unable to understand why it would happen on my personal computer. I've also tried repairing Windows and running chkdsk. I'm really worried about this and would appreciate any help.
Continue reading...
I've asked here before about the event 4625 that kept showing up daily on my Event Viewer at nearly the same time every day, and, while I didn't get much help, I managed to partially "fix" this issue by changing my local IP address, which somehow made this event stop popping up. However, after a brief pause, I'm now getting a new variant of Event 4625 on my Event Viewer:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 9/9/2019 9:58:02 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: SKELETOR
Description:
An account failed to log on.
Subject:
Security ID: SKELETOR\Pichau
Account Name: Pichau
Account Domain: SKELETOR
Logon ID: 0x6BF80
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Convidado
Account Domain: SKELETOR
Failure Information:
Failure Reason: Account currently disabled.
Status: 0xC000006E
Sub Status: 0xC0000072
Process Information:
Caller Process ID: 0x1424
Caller Process Name: C:\Windows\explorer.exe
Network Information:
Workstation Name: SKELETOR
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Now, it seems explorer.exe is trying to log into my disabled Guest account, much like how my own IP(?) was trying to do the same thing before. This seems like a random occurrence - it happened three times one day, then it stopped happening for two full days, then happened once today. My question is: is this something I should be worried about? I've already ran three different malware/virus scans and couldn't find anything (my first suspicion was that this could be a virus/hacking attempt since a few months ago a family member managed to install a shady software on my machine, but I've gotten rid of it a long time ago and even used a Restore Point), and my computer seems to behave normally - I have no crashes, no freezes, nothing abnormal. I'm only a bit worried because this Event seems to be associated with Windows Servers/file sharing, but I don't even have Network Discovery turned on, and I'm just a regular Windows user. I've already read a lot about this Event, but I'm still unable to understand why it would happen on my personal computer. I've also tried repairing Windows and running chkdsk. I'm really worried about this and would appreciate any help.
Continue reading...