Multiple security audit events, Is my sytem compromised?

Z

Zakarro

New Member
Messages
36
Heres a few sample of what im seeing in event viewer

An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 0
Impersonation Level: -
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
_____________



Special privileges assigned to new logon.



Subject:


Security ID: NETWORK SERVICE


Account Name: NETWORK SERVICE


Account Domain: NT AUTHORITY


Logon ID: 0x3E4



Privileges: SeAssignPrimaryTokenPrivilege


SeAuditPrivilege


SeImpersonatePrivilege

______________________



Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.



File Name: \Device\HarddiskVolume2\Windows\System32\guard64.dll
__________________


And the one that troubles me the most is this one:



An attempt was made to query the existence of a blank password for an account.
Subject:
Security ID: LOCAL SERVICE
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3E5
Additional Information:
Caller Workstation: xxxx
Target Account Name: xxxxxxxx
Target Account Domain: xxxxx

_________________

This last event I found a post about it here when googling it, could be system compromised or nasty rootkit malware. WTF is going on?
Im getting tired of this and about to cleanly install a Linux distro to have peace of mind. Someone please help me before I do so.
 

My Computer

System One

  • OS
    Windows 8.1 Enterprise x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    AMD based
    Motherboard
    AMD based
    Memory
    16 GB DDR3
    Graphics Card(s)
    Radeon based
    Sound Card
    onboard
    Monitor(s) Displays
    Asus VX238
    Screen Resolution
    1920x1080
    Hard Drives
    120 GB SSD
    1TB storage
    PSU
    Thermaltake Toughpower XT 775W
    Case
    Thermaltake Dokker
    Cooling
    Xigametek Darknight II
    Keyboard
    Logitech gaming
    Mouse
    Roccat gaming
    Internet Speed
    30 mb
    Browser
    IE :D
    Antivirus
    Huh?
I would download and run MalwareBytes, using a rootkit scan and a reboot, running in "safe mode with networking" enabled.
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
Did that help?
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
Sorry for taking so long to respond, but Im afraid malware bytes or any typical AV would not have been able to resolve this issue.

Upon the time of this happening I talked to a computer security forensics expert and from what I explained to him, looks like my entire network was compromised. They had got in through wifi. Had to RMA all computer parts and start from scratch, since I believe I was infected by a hardware based BIOS rootkit which are not detectable by AVs.
 

My Computer

System One

  • OS
    Windows 8.1 Enterprise x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    AMD based
    Motherboard
    AMD based
    Memory
    16 GB DDR3
    Graphics Card(s)
    Radeon based
    Sound Card
    onboard
    Monitor(s) Displays
    Asus VX238
    Screen Resolution
    1920x1080
    Hard Drives
    120 GB SSD
    1TB storage
    PSU
    Thermaltake Toughpower XT 775W
    Case
    Thermaltake Dokker
    Cooling
    Xigametek Darknight II
    Keyboard
    Logitech gaming
    Mouse
    Roccat gaming
    Internet Speed
    30 mb
    Browser
    IE :D
    Antivirus
    Huh?
You must log in or register to reply here.
Back
Top