You won't see an IP address in the security log but you should see a type
3 network logon if any other user has accessed your computer from the
network and the name of the computer. Since it sounds like you have no
other computers that need to access your computer I suggest that you
disable file and print sharing. You can use the command net sessions next
time you see that message to see if any user is connected via file and
print sharing and use netstat -an to see if it shows any other IP address
connected to your computer to one of your server services though that will
take some detective work to see what are established connections that you
have to another computer and what if any are connected to you. It is usual
to see your computer with an established connection to a foreign address
with well known ports after the IP xxx.xxx.xxx.xxx:80 such as ports 53,
80, 443, 119, 110, or 25.
Of course a firewall is needed to protect your network and the other
suggestions at the link below for Protect Your PC and be sure to do
malware and spyware scans using the latest definitions for whatever you
scan with and also scan with something like Ewido that may find trojans
that other malware programs do not. --- Steve
http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
http://www.ewido.net/en/ --- Ewido
http://www.sysinternals.com/Utilities/TcpView.html -- TCPView free GUI
port use program.
Fredrik Wahlgren said:
Just broadband connection. I have dsabled the Guest acoount and I don't
have any P2P software installed. Is it possible that this was caused by
some program using the Visual Studio Analyzer account or similar? I
wasn't using it at the time. BTW I have figured out how to log login
events? If there's a remote login, I hope it logs the IP address.
Regards,
Fredrik
Tom [Pepper] Willett said:
Are you on a network of any kind? File sharing enabled for
anything/anyone?
P2P software installed?
Tom
message Hi
Minutes ago, I wanted to shut down my computer when I was grreted by a
message saying that other users were logged on. This is *not* something
I expect. The security log was empty. How can I be alerted if someone
tries to login to my computer? I use Windos XP Professional.
Regards,
Fredrik