Hi All, If you don't secure your computer correctly, hackers will use the above user account to access your computer. They also use MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 as a means to logon as administrator. From there, they would go and edit your SAM, SAM_SERVER, SAM_DOMAIN, to gain access all the time. They would also edit or replace the following files:LSASRV.dll,Kerberos.dll,msv1_0.dll,schannel.dll. Then they would try to make the following services (RASMAN,REMOTE_ACCESS,Protected Storage Service,scecli,LAN Manager Workstation Service,KSecDD) run without your permission to accept logon/connection request all the time. Just an input from someone who's been hack!

Were you running iis on the machine?

thanks for looking out, and yes were you using iis, how was your server exposed to the outside world??

Pretty much all viruses that just "get in" from the outside world enter through IIS. Go to www.cert.org and read about all the holes in iis. Security wise, it is a deeply flawed product. I got hit with nimda because iis was running on our mail server, and I didn't know it. It wasn't being used, the previous sysadmin did not turn it off after setting up the server. Lesson for new sysadmins- do you own documenation of servers, don't assume the last guy knew what he/she was doing.

Can LAN Admin use these tools to get inside your workstation, eventhough you have restricted to no one log on to your PC locally except you only? How do you defend urself?

My system keeps giving me this message, and I am not even hooked up to anything!! It shuts down. What can I do to make this stop??