Tweaking.com Support Forums

Main Forum => General Computer Support => Topic started by: Rick on November 24, 2014, 12:13:14 am

Title: Homeland Security Alert - Event Viewer not capturing remote login attempts and
Post by: Rick on November 24, 2014, 12:13:14 am

While using my user account; not the administrator account; system always makes a noise as if to ask for the administrators permissions to do some task, but does not show the window to enter the administrator password, seems to bypass this window and continue what it was doing;

I will change my administrator password…

Should have done long ago when it started up…

-rick

Title: Re: Homeland Security Alert - Event Viewer not capturing remote login attempts and
Post by: jraju on November 29, 2014, 03:12:25 am

Hi, Rick,
               What is the problem. If you could access anything without Admin Password, then it is a standard user account accessing the file.
               when are you getting this Homeland alert?. If anything could be logged it will be stored in the event viewer.
                  If you want to see the boot log, then you have to go to msconfig and then tick the bootlog. Accept the alert and boot, and you will find the result of the bootlog in c: windows,ntbtlog.txt, which could be opened with notepad. See what drivers and otherfiles, When booting is done.
Update: There is one more way ,by command prompt
netstat -ano. This will list the existing connection that your computer have. Go to the Task Manager, view menu, enable PID, and then close. Go to command prompt, and type netstat -ano,you will know all the connections the computer has at the point of time, open the task manager and note the connected PIDs, then check that with the processes in the task manager. Kill those processes  ID which you think that it is accessing remotely

Title: Re: Homeland Security Alert - Event Viewer not capturing remote login attempts and
Post by: Rick on December 22, 2014, 03:31:19 am

Quote from: jraju on November 29, 2014, 03:12:25 am

Hi, Rick,
               What is the problem. If you could access anything without Admin Password, then it is a standard user account accessing the file.
               when are you getting this Homeland alert?. If anything could be logged it will be stored in the event viewer.
                  If you want to see the boot log, then you have to go to msconfig and then tick the bootlog. Accept the alert and boot, and you will find the result of the bootlog in c: windows,ntbtlog.txt, which could be opened with notepad. See what drivers and otherfiles, When booting is done.
Update: There is one more way ,by command prompt
netstat -ano. This will list the existing connection that your computer have. Go to the Task Manager, view menu, enable PID, and then close. Go to command prompt, and type netstat -ano,you will know all the connections the computer has at the point of time, open the task manager and note the connected PIDs, then check that with the processes in the task manager. Kill those processes  ID which you think that it is accessing remotely

Please also note; as if some device is being plugged too, when in fact nothing is?