I got that from a website, I want to do the following instructions but I have NO fucking clue what a Server Mgmt Console is, this asshole couldn't just fucking say "open cmd prompt and type" no he had to make it frickin difficult.
And I searched google and cant find out what the fuck a server mgmt  console is!

---

I don't but the reason why I'm trying to turn it off is because I keep getting thousands of "success" audit entries.
That means that somebody hacked into my computer 1000 times if it says a random user made an audit right?

---

Visit this website:

https://www.grc.com/x/ne.dll?bh0bkyd2

It will attempt to access your computer and report back to you the findings. If it reports back as secure, then it's probably not a 'hack' attempt. If it says one thing or another is insecure, I suggest you fix what it says.

-------
╔╬╝ -- 1000 needles!
_╠╗
-------

---

Quote: from Dead Eyes at 9:24 am on July 2, 2008

---

I don't but the reason why I'm trying to turn it off is because I keep getting thousands of "success" audit entries.  
 That means that somebody hacked into my computer 1000 times if it says a random user made an audit right?

---

 Visit this website:

https://www.grc.com/x/ne.dll?bh0bkyd2

It will attempt to access your computer and report back to you the findings. If it reports back as secure, then it's probably not a 'hack' attempt. If it says one thing or another is insecure, I suggest you fix what it says.

---

I'm familiar with that site and I have done all the tests and it says my comp is good but why the hell do I keep getting "success audit" entries?
Are they normal??

---

I'm familiar with that site and I have done all the tests and it says my comp is good but why the hell do I keep getting "success audit" entries?  
Are they normal??

---

TBH, I'm not quite sure what a success audit is. Give me a minute.

Okay... success audit. Where is this term coming to you from? An antivirus program? Popup messages?

Post edited at 9:32 am on July 2, 2008 by Khadgar

-------
╔╬╝ -- 1000 needles!
_╠╗
-------

---

Quote: from Dead Eyes at 9:29 am on July 2, 2008

---

I'm familiar with that site and I have done all the tests and it says my comp is good but why the hell do I keep getting "success audit" entries?  
 Are they normal??

---

 TBH, I'm not quite sure what a success audit is. Give me a minute.

---

Click Start
Control Panel
Performance&Maintenance
Administrative tools
Event viewer

I am getting success audit entries in my security tab.

I'm not sure, I'm looking in to it.

-------
╔╬╝ -- 1000 needles!
_╠╗
-------

So it was an audit under the authority of SYSTEM on <computername>.

Post edited at 9:47 am on July 2, 2008 by Khadgar

-------
╔╬╝ -- 1000 needles!
_╠╗
-------

---

So, judging from this Microsoft article:

Success Audit (Security log)

An event that describes the successful completion of an audited security event. For example, a Success Audit event is logged when a user logs on to the computer.

That doesn't exactly sound too promising. Are these rapidly coming in? If so, I would suggest disconnecting your computer from all networks temporarily and see if they continue. If they do continue, that it's something internal on your computer acting funny. If it stops, then it was something involving the network and further research is required.

Maybe some program attempting to connect to a server for automatic updates?

I'm not sure, I'm looking in to it.

---

It cant be a program looking for updates, I turn off automatic update on everything I download, I prefer to do the updates manually.
I wouldn't say "rapidly" but there coming though, I'm looking at the times now and it looks like who ever is connecting is connecting every (5-10 mins 2-3 hours).
I will disconnect from the internet and see if I keep getting events coming in.
Be back in an hour.
Thanks for help.

---

Okay: what is the source of the success audits? I just induced a few on my computer, they don't seem as bad as it read from the article.

For example, the one I just induced reads:

 
Success Audit  |  7/2/2008  |  9:44:22 AM  |  Security  |  System  |  517  |  SYSTEM  |  <computername>

So it was an audit under the authority of SYSTEM on <computername>.

---

Here is one of the audits.
Date:7/3/2008
Source: Security
Time 10:16:56AM
Category:Privilege Use
Type: Success A
Event ID: 576
User:NT AUTHORITY\NETWORK SERVICE
Computer: HAULT0ACCESS

advapi.exe is considered to be a security risk, not only because antivirus programs flag AdvApi as a virus, but also because a number of users have complained about its performance.


-------
╔╬╝ -- 1000 needles!
_╠╗
-------

---

BZZT

advapi.exe (AdvApi) - Details

The process known as Advapi.exe is installed and started by a variant of the Netdevil virus (also known as netdevil12 and netdevil1.2). It should not be confused with the 'Advapi32' process (notice the '32').

advapi.exe is considered to be a security risk, not only because antivirus programs flag AdvApi as a virus, but also because a number of users have complained about its performance.

---

I searched my computer and found 3 results related to "advapi".
1.
Name
advapi32.dll  
In Folder  
C:\WINDOWS\System32

2.
Name
advapi32.dll
In Folder
C:\WINDOWS\System32\dllcache

Then there is one I'm suspicious of...
This file is just called "ADVAPI32" no .dll extension was at the end of it. Its in the folder C:\WINDOWS\I386 its registered as a "DL_File", this file is 325kb the first to up above are both 603kb.