Event 4625 on a personal computer

B

bbog

Hi,


I've asked here before about the event 4625 that kept showing up daily on my Event Viewer at nearly the same time every day, and, while I didn't get much help, I managed to partially "fix" this issue by changing my local IP address, which somehow made this event stop popping up. However, after a brief pause, I'm now getting a new variant of Event 4625 on my Event Viewer:


Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 9/9/2019 9:58:02 PM

Event ID: 4625

Task Category: Logon

Level: Information

Keywords: Audit Failure

User: N/A

Computer: SKELETOR

Description:

An account failed to log on.



Subject:

Security ID: SKELETOR\Pichau

Account Name: Pichau

Account Domain: SKELETOR

Logon ID: 0x6BF80



Logon Type: 3



Account For Which Logon Failed:

Security ID: NULL SID

Account Name: Convidado

Account Domain: SKELETOR



Failure Information:

Failure Reason: Account currently disabled.

Status: 0xC000006E

Sub Status: 0xC0000072



Process Information:

Caller Process ID: 0x1424

Caller Process Name: C:\Windows\explorer.exe



Network Information:

Workstation Name: SKELETOR

Source Network Address: -

Source Port: -



Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0



Now, it seems explorer.exe is trying to log into my disabled Guest account, much like how my own IP(?) was trying to do the same thing before. This seems like a random occurrence - it happened three times one day, then it stopped happening for two full days, then happened once today. My question is: is this something I should be worried about? I've already ran three different malware/virus scans and couldn't find anything (my first suspicion was that this could be a virus/hacking attempt since a few months ago a family member managed to install a shady software on my machine, but I've gotten rid of it a long time ago and even used a Restore Point), and my computer seems to behave normally - I have no crashes, no freezes, nothing abnormal. I'm only a bit worried because this Event seems to be associated with Windows Servers/file sharing, but I don't even have Network Discovery turned on, and I'm just a regular Windows user. I've already read a lot about this Event, but I'm still unable to understand why it would happen on my personal computer. I've also tried repairing Windows and running chkdsk. I'm really worried about this and would appreciate any help.

Continue reading...
 
Back
Top Bottom