Jump to content

Recommended Posts

I have looked through Windows Event viewer, and found that my pc has been turned on and logged in on my windows profile.

 

After finding this out i changed my password last night and upon checking the logs on Windows event viewer there was a succesful Audit succes ID: 4624 / 4672 /  ( there was no audit failure so they knew the password instantly ) 

 

I have run malwarebytes and spybot in and out of Safemode and theyve both shown nothing. I am 100% sure there is a virus on my computer and someone who lives in my house with access to my pc must of put it on there. I also have logs showing the computer to be turned on seconds before being logged in, so it is without a doubt some who lives with me, but that problem is for me to deal with, I would just like your help in finding whatever virus has been put onto my pc.

 

 

Edit :  the Succeslful audits i am talking about are logged at times that i am not at home.

post-195491-0-48677200-1448042128_thumb.

Link to post
Share on other sites

Before one makes assumptions, one must do their homework before making conclusions.
 
Looking at the Security Event logs and seeing Audit events is not a sign of malware per se or specifically a key logging trojan.  In fact numerous Audit Success events are quite normal
 
This is my PC...
 
post-14644-0-70516300-1448043657_thumb.j
 
 
 
In my log it shows:  TargetDomainName  NT AUTHORITY

Which means it is the Operating System itself doing what one may consider "normal background operations"


Viewing the Security Log

Link to post
Share on other sites

That could be for other reasons such as Patch Tuesday updates.

 

Look at the full Audit Success information.

 

Your screen capture doesn't even show the "Event ID" and "Task Category".

 

A computer can be "turned on" simply by a setting in the BIOS as a scheduled function or it can be "turned on" by an over the LAN signal called a Magic Packet through what is called Wake on LAN ( aka; WoL )

 

Both of the above are OS independent.  That means it has nothing to do with a MS Operating System ( or MAC OS, Linux, Unix, etc ) and is enabled by a capable computer itself regardless of the OS or what is installed on it.

 

All of the above can happen and not be malware related and is not detectable by an anti malware application.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.