Author Topic: Homeland Security Alert - Event Viewer not capturing remote login attempts and  (Read 5649 times)

0 Members and 1 Guest are viewing this topic.

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
While using my user account; not the administrator account; system always makes a noise as if to ask for the administrators permissions to do some task, but does not show the window to enter the administrator password, seems to bypass this window and continue what it was doing;

I will change my administrator password…

Should have done long ago when it started up…

-rick

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Hi, Rick,
               What is the problem. If you could access anything without Admin Password, then it is a standard user account accessing the file.
               when are you getting this Homeland alert?. If anything could be logged it will be stored in the event viewer.
                  If you want to see the boot log, then you have to go to msconfig and then tick the bootlog. Accept the alert and boot, and you will find the result of the bootlog in c: windows,ntbtlog.txt, which could be opened with notepad. See what drivers and otherfiles, When booting is done.
Update: There is one more way ,by command prompt
netstat -ano. This will list the existing connection that your computer have. Go to the Task Manager, view menu, enable PID, and then close. Go to command prompt, and type netstat -ano,you will know all the connections the computer has at the point of time, open the task manager and note the connected PIDs, then check that with the processes in the task manager. Kill those processes  ID which you think that it is accessing remotely
« Last Edit: November 29, 2014, 04:20:07 am by jraju »
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Rick

  • Hero Member
  • *****
  • Join Date: May 2013
  • Posts: 829
  • Karma: 2
    • View Profile
Hi, Rick,
               What is the problem. If you could access anything without Admin Password, then it is a standard user account accessing the file.
               when are you getting this Homeland alert?. If anything could be logged it will be stored in the event viewer.
                  If you want to see the boot log, then you have to go to msconfig and then tick the bootlog. Accept the alert and boot, and you will find the result of the bootlog in c: windows,ntbtlog.txt, which could be opened with notepad. See what drivers and otherfiles, When booting is done.
Update: There is one more way ,by command prompt
netstat -ano. This will list the existing connection that your computer have. Go to the Task Manager, view menu, enable PID, and then close. Go to command prompt, and type netstat -ano,you will know all the connections the computer has at the point of time, open the task manager and note the connected PIDs, then check that with the processes in the task manager. Kill those processes  ID which you think that it is accessing remotely

Please also note; as if some device is being plugged too, when in fact nothing is?