Hi All,
I posted this question on the SBS side and just realised that I should have posted it here on the Server 2003 side, appologies for that.
I have an event showing up on my application events that I can't find a fix on.
Source: UserInit
Event ID: 1000
Computer PUMPKIN-2003 ( Our Server)
Description:
Could not execute the following script C:\WINDOWS\$NtUninstallKB945553$\spuninst\1.bat. The system cannot find the file specified.
Some history.
This server was being hacked by someone in China end of last year, I Formated the server and rebuilt it, I formatted all the workstations and reinstalled Windows XP Pro.
We are running Symantec AntiVirus and I usually check for malware and trojans (Malware Bytes)
Few weeks ago I lost some users out of Active Driectory, I recreated these two users, last weekend I lost all users except the administrator and my own login from the active directory, at that time I could see allot of (Events 1202 source SceCli, security policies were propogated with warning0x534. no mapping between account names and security IDs were done.
I think we might still be under attact, a couple of users use RDP to connect remotely, my intension is to install a second network card and configure VPN for remote access.
I would really appreciate some help with this event.
Many thanks in advance.
I posted this question on the SBS side and just realised that I should have posted it here on the Server 2003 side, appologies for that.
I have an event showing up on my application events that I can't find a fix on.
Source: UserInit
Event ID: 1000
Computer PUMPKIN-2003 ( Our Server)
Description:
Could not execute the following script C:\WINDOWS\$NtUninstallKB945553$\spuninst\1.bat. The system cannot find the file specified.
Some history.
This server was being hacked by someone in China end of last year, I Formated the server and rebuilt it, I formatted all the workstations and reinstalled Windows XP Pro.
We are running Symantec AntiVirus and I usually check for malware and trojans (Malware Bytes)
Few weeks ago I lost some users out of Active Driectory, I recreated these two users, last weekend I lost all users except the administrator and my own login from the active directory, at that time I could see allot of (Events 1202 source SceCli, security policies were propogated with warning0x534. no mapping between account names and security IDs were done.
I think we might still be under attact, a couple of users use RDP to connect remotely, my intension is to install a second network card and configure VPN for remote access.
I would really appreciate some help with this event.
Many thanks in advance.
