A User ill advisedly switched off Anti-Virus and since then we see a failed logon (Type 4 - Batch)under Logon process Advapi every 15 minutes in his User Id. A search of the Web links this to possible virus infectection (Netdevil 1.2. We have scanned etc but can't track down what is generating the attempted logins - any ideas?
Have you looked for the process in the registry (usually HKLMSoftwareMicrosoftWindowsCurrent VersionRun or HKCU...)? Any of the big AV websites should give you a description of the manual removal process. Just a question - why does this user have rights to stop services?
Last Wiki Answer Submitted: August 24, 2005 9:48 am by Cptrelentless0 pts.