Tens of Thousands of Logon/Logoff events in Security Log

July 19, 2012 at 09:26:22
Specs: Windows XP Pro SP3, Pentium 3.0 GHz / 2GB RAM
User was complaining about their Desktop PC freezing up for a few minutes, then recovering. Claims it happens around the same time every day. After their last complaint (yesterday, 7/18/2012), a check of the Security Event log on one of our servers shows 45,268 logon/logoff (838 & 840) events for the users machine over a 3 minute period (certainly explains why they were "frozen")
Desktop PC runs Win XP Pro, Service Pack 3 with SQL Native Client ver. 9
Server runs Windows Server 2003 R2 with SQL Server 2005
Server is neither primary, nor backup domain controller, however it does host our enterprise software that uses SQL databases

See More: Tens of Thousands of Logon/Logoff events in Security Log

Report •

#1
July 20, 2012 at 10:26:56
If this isn't happening with any other clients, then that narrows the problem down to that particular client. Having never run into this particular situation before myself, this makes me think that computer has possibly been compromised or could have some kind of corruption in the operating system.

I would immediately run an antivirus scan followed by an antispyware scan to see if that reveals any trojans or anything else on this unit that doesn't belong there that could be causing this.

If you find nothing, I would give serious thought to removing it from AD and doing a clean install after wiping it....just to be safe.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •
Related Solutions


Ask Question