Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unauthorized Remote Access?


  • Please log in to reply
No replies to this topic

#1 Cyntil8ing

Cyntil8ing

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 PM

Posted 16 March 2011 - 06:49 AM

Hello,

I went to bed around 4am on 3/16 and left the comp on downloading files. When i awoke this morning, I found that my comp was turned off. I checked the Event Viewer and these notifications were listed:

Security Tab:

a. 5:23:47am: A trusted logon process has registered with the Local Security Authority. This logon process will be trusted to submit logon requests.
Logon Process Name: RASMAN

b. 5:39:02am Successful Logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name:
Logon GUID: -

c. 5:39:02am Special privileges assigned to new logon:
User Name: NETWORK SERVICE
Domain: NT AUTHORITY
Logon ID: (0x0,0x3E4)
Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege


System Tab:

5:23:46am The Telephony service entered the running state.

5:23:46am The Remote Access Connection Manager service was successfully sent a start control.

5:23:46am The Remote Access Connection Manager service entered the running state.


Perhaps I'm just being paranoid but I'd like to know if my comp was remote accessed while i was asleep. If i was, is there a way to check the logs for an IP address and what was accessed?
I'm using XP home with all the current security patches.

Thanks in advance

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users