1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Winlogon.exe Norton's Activity Log

Discussion in 'Virus & Other Malware Removal' started by snipe4mp, Feb 11, 2005.

Thread Status:
Not open for further replies.
  1. snipe4mp

    snipe4mp Thread Starter

    Joined:
    Nov 20, 2004
    Messages:
    6
    Hello,
    recently I had been attacked and had to reformat my computer. Recently, Norton has been getting a log activity alert nearly every time I restart, they go as follows:
    Time: 2/11/2005 3:43:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:43:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:43:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:43:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:43:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Norton AntiVirus\SAVScan.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:43:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:43:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\
    Program Files\Norton AntiVirus\navapsvc.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:43:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Norton Personal Firewall\ISSVC.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:43:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:43:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:42:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:42:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:42:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:42:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:42:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:42:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Norton AntiVirus\SAVScan.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:42:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Norton AntiVirus\navapsvc.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:42:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Norton Personal Firewall\ISSVC.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:42:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:42:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:41:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:41:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:41:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:41:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Time: 2/11/2005 3:41:43 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=584)
    Target: C:\Program Files\Norton AntiVirus\SAVScan.exe
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    And they keep on going, as you can see it's going directly after Norton. The only trouble is, Norton doesn't recognize any attackers, my firewall does not alert me, and in the activity logs there are no intrusion attempts detected. I have updated norton w/ LiveUpdate, and ran a full scan, nothing was found. I also ran Trend Micro's free online scan, it found nothing.

    The real trouble started today, now whenever my computer starts up, it forces me to press F1, also, I have not gotten any alerts since, is it possible that during the time my cpu is waiting for me to press F1, the hacker is taking advantage of a norton-free computer?

    Any suggestions would be very helpful, to sum it up:
    1) How am I being attacked, but virus scans are not picking up malware, and Norton is not registering outside intruders?
    2) Why do I have to press F1 at the restart of my comp every time?
    3) I am on a Windows XP Professional machine.

    Thank you for all of your time!!!!
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Sounds like your hard drive may be going bad if you have to press F1 at start. How old is the drive?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Winlogon Norton's Activity
  1. Talshere
    Replies:
    1
    Views:
    766
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/329510

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice