How do i delete a strange Event Log?

hi,

After uninstalling McAfee Internet Security 2005 I had a few problems but I think I sorted them, but I have been left with a Event Log in Event viewer called 'ACEEventlog' that I think was created with the McAfee Privacy service and it has nothing in it. When I search for anything to do with this file its located in>

ACEEvent.evt C:\WINDOWS\system32\config

I would like to know how to remove this event log from the event viewer section if its possible.

Thanks for any help

Dreamcatcher

 

You should be able to right click that entry and select delete.

However....if you are using ATI Catalyst Control Center....you might want to reconsider not removing it

 

Hi, Bubba

I have a ATI Catalyst Control Center so I will leave it for now, I have some other problems that you maybe able to help me with, since remove mcAfee I have been getting perfnet errors in my application logs event id 2004, but if I reinstall file and print sharing it stops, but how can I disable file and print sharing without getting these errors?

Also I have for some reason started to get the odd event log:
NT AUTHORITY\ANONYMOUS LOGON

event id 540

Success Audit

Security

Logon/Logoff


I have looked on event id, but with no luck, so If you could provide some help it would be great,

Thank you

Dreamcatcher

 

***copy and paste**


Windows 2000 and Windows NT support anonymous logons that let users browse the servers on the network in Network Neighborhood and their shares' Network Neighborhood. When you double-click a computer in Network Neighborhood to view its shared folders, you usually haven't yet logged on to that computer. Your workstation connects anonymously to the server and queries the server for its shared folders. Then, when you actually map a drive to one of those shared folders, your workstation logs on to the server with your username and password. Contrary to popular belief, these anonymous logons don't provide access to any folders or
other objects. However, the anonymous logons do present a risk: They let potential intruders connect anonymously and enumerate all the shared folders, usernames, and SIDs on a computer. Intruders can use this information to launch an attack. For example, even if you rename the Administrator account to protect the account from attack, an intruder who uses the proper APIs can enumerate the users on the computer and look for one whose SID ends in 500 (the built-in Administrator account SID always ends in 500) and thus discover the new name for the Administrator account. A familiar intruder tool called (clip) can perform this search for you. . . .


http://www.windowsitpro.com/WindowsSecurity/Article/ArticleID/23067/23067.html

 

M$ says:


http://support.microsoft.com/default.aspx?scid=kb;EN-US;295255

 

Hi, Snowie

I have diaabled and uninstalled the file and print sharing, so I have stopped geting the anonymous logons, but Im left with errors for something like PerfNet was unable to open the server service, any idea how I can stop this without having to reinstall file and print sharing, which thens keeps giving me the annonymous logons. Its wso strange as it only begun happening recently,

thanks

Dreamcarcher

 

this is what im seeing;

Subject: Event Viewer Error: PerfNet - Event ID: 2004


I am getting the following RED Cross error message in
Event Viewer:

Unable to open the Server service. Server performance
data will not be returned. Error code returned is in data
DWORD 0.

The source is: PerfNet, the event is 2004.

There is no info on this error in Help & Support. I am on
Win XP Home with sp2.

 

Since you have now disabled File\Printer sharing....what is your Server service set to and have you been disabling in other services ?

 

Hi, bubba Im on a stand alone computer and due to file and print sharing being uninstalled I have stopped getting the anonymous logons, due to it being unistalled I have no server service in 'services'! I have downloaded a program called ''Fileexctrlst_setup.exe'' from the following link;

http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/exctrlst-o.asp

Using this I have disabled the performance counters for perfnet.dll, so hopefully I wil not get these errors. they only started after I removed McAfee from my system though maybe removing it changed some setting? suggest anything?

Thanks bubba and snowie for helping me out,

Dreamcatcher

 

Don't completely rule out that you may have been hacked.......you got those logons from somewhere (somebody) ....an the problem you experienced is very easy exploit........although this is the first mention of it I have seen on winXP...........

If you are no longer having those issues....best to leave well enough alone.......M$ did issue two patches for this "HOLE" way back in 2004.......but they should be part of sp2..or so I would think....??



You Are Most Welcomed

Snowie The Snowman


Pass It On