Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Strange events on reboot, infection?

  • Please log in to reply
No replies to this topic

#1 quickq


  • Members
  • 1 posts
  • Local time:03:15 AM

Posted 28 April 2017 - 05:54 PM

Hello. I've recently noticed strange issues when I restart my computer. I looked through the event logs and found something under system saying that remote calls to the SAM database were being restricted. No other information than that. Even though I just noticed the event a few days ago, according to Event Viewer it's been happening every restart since April 11th, which is also the first restart since downloading this month's Windows updates.


The Windows Malicious Software Removal Tool install failed according to update history, but it did download and run. Error Report says it crashed, and has crashed numerous times since even though it ran completely and seemed to close without problem. According to MRT's log, it's up to date and has run several times since, all reporting clean scans, but I'm not sure why it's running multiple times a week instead of once.


I googled the event ID (16962), Microsoft's website says it happens when a remote unauthorized attempt to log onto Windows Server (I'm on Windows 8.1). The thing is, I'm not running any version Windows Server. Another strange thing is that at the time of the event, I have no network connectivity, router/wifi is off so I'm not sure how anything remote can be attempting to log in. It happens during the boot, according to the time before I even log into the computer.


I've scanned with Malwarebytes, Malwarebytes Anti-Rootkit, HitmanPro, McAfee, Rkill, RogueKiller, Sophos, and all of them come up clean. My anti-virus/firewall is working, and I've been monitoring traffic with CurrPorts and not finding anything suspicious. I rarely download anything, a


I'm not sure if it's some well hidden infection, something gone wrong during the Windows update, a driver or service error, or what.


I hope someone here can give me some insight and help. I also hope this is the correct section to post, if not, please feel free to move it to the correct one.


Thank you!

Edited by quickq, 28 April 2017 - 06:57 PM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users