 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows XP / Security and Administration / November 2005c:\Documents and Settings\NetworkService
Hello! Ad-Aware found cookies in a cache below a directory/user I did not know existed: c:\Documents and Settings\NetworkService. What is the directory NetworkService used for? The directory is not seen in Windows Explorer even when folder options is set to show everything. One of these cookies was from a gaming web that I did not visit at the time of the cookie creation. A few hours earlier my eventlogger shut down for three seconds and som windows popped on my screen. I visited www.adelphia.net just before this and it went kind of slow there. I do not know if these things are connected with each other. Ad-Aware did not find any other stuff than cookies. I use Windows XP. From sys eventlog 2005-11-28,01:11:06,EventLog,Information,None,6005,N/A,mycomputer,The Event log service was started. 2005-11-28,01:11:06,EventLog,Information,None,6009,N/A,mycomputer,Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free. 2005-11-28,01:10:03,EventLog,Information,None,6006,N/A,mycomputer,The Event log service was stopped. 2005-11-28,00:19:31,Tcpip,Warning,None,4226,N/A,mycomputer,TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. I use firewall and anti-virus and the firewall stopped logging at 00:44 Has something bad happened to my computer? Intrusion? Thanks in advance. The networkservice is a profile created by the operating system as explained in the text below from Microsoft documentation at the link below. If you look at your services using services.msc you will see that some services use the network service account for logon which is much more secure than "system" that was probably used for the same service in Windows 2000. System is all powerful on the computer while network service is much more limited. What may have happened is that cookies were written there in an attempt to hide them from removal tools or using IE to delete cookies. Administrators has full control to the networkservice profile and those cookies may have been written there while you were logged on as an administrator and browsing the internet. It is good idea to create a regular user account for internet browsing and reading email. In addition to using AdAware you should scan for viruses with a quality antivirus program using the latest definitions form the vendors website. Spyware would not be able to stop the EventLog service but a virus could or if someone installed a backdoor/trojan on your computer they may be doing it to prevent events from being written to the security log. --- Steve http://www.microsoft.com/windowsserver2003/community/centers/management/manage_f aq.mspx http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx --- Protect Your PC http://www.microsoft.com/athome/security/viruses/default.mspx --- info on viruses and worms. NetworkService and LocalService. The LocalService and NetworkService profiles are automatically created by Windows XP for two new built in user accounts that are used by the Service Control Manager to host services that do not need to run as the local system account. These profiles are required by the system to run and should not be modified. Both of these profiles are hidden by default > Hello! > [quoted text clipped - 30 lines] > > Thanks in advance. Thanks. >What may have happened is that cookies were written there in an attempt to >hide them from removal tools or using IE to delete cookies. Administrators [quoted text clipped - 7 lines] >backdoor/trojan on your computer they may be doing it to prevent events >from being written to the security log. --- Steve My anti virus software was updated. It is high rated. I have a separate administrator account that I use for administrive tasks including windowsupdate. That account have a name of their own and do not surf outside sites used by microsoft update and that is not where the cookies came from. How can a site save cookies in a cache apart from the current user? I have a regular account with lesser privileges for everyday use. This "2005-11-28,00:19:31,Tcpip,Warning,None,4226,N/A,mycomputer,TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts." happened just before the event log stopped logging. Any suggestions why? Regards The article in the link below explains the tcp/ip error message and you may want to modify that setting to up the limit from the default of ten [which used to be unlimited]. Offhand I don't know why there are cookies found in that folder. If you check the creation date and the owner of those files that may give you a clue as to when they were created and by what user. If it shows administrators then they were written there when an administrator was logged on. You may also want to verify permissions to that folder to make sure only networkservice, administrators, and system have access which would be full control by default. http://www.speedguide.net/read_articles.php?id=1497 Remove the limit on TCP connection attempts Windws XP SP2 introduces a few new twists to TCP/IP in order to babysit users and "reduce the threat" of worms spreading fast without control. In one such attempt, the devs seem to have limited the number of possible TCP connection attempts per second to 10 (from unlimited in SP1). This argumentative feature can possibly affect server and P2P programs that need to open many outbound connections at the same time. > Thanks. > [quoted text clipped - 28 lines] > > Regards Thanks! |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.