Who is getting "Remote Access" in my Event Viewer?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Who is (e-mail address removed)? And how and why are they gaining remote access? I
don't really know what all those "events" mean and I've got lots of
"information", "warning", "error", "remote access", and "X" ones. I've only
had this computer since early July. Any ideas?
 
In
Mary in Willis said:
Who is (e-mail address removed)? And how and why are they gaining remote
access? I don't really know what all those "events" mean and I've got
lots of "information", "warning", "error", "remote access", and "X"
ones. I've only had this computer since early July. Any ideas?
Click to expand...

Do you have your firewall enabled? And/or are you behind another firewall of
any sort (router appliance)?
Do you have Windows fully patched (SP2 and all critical updates)?

If the answer to either of those is 'no' then there's no telling what's
happening -
 
I've got firewalls out the .... and just did a thorough critical updating.
I don't even know what that whole "event viewer" is! Any basic layperson's
description available? Thanks.
 
Ted, MacAfee, MSN, etc. Which do you recommend I keep running?
And I couldn't find an answer at ask-leo.com and link to kb/308427 didn't
work.
And where did those responses come from? I'm getting even more confused.
 
If these are logon events for type 3 or 10 logon shown in the security log
then someone is connecting to your computer though I have never seen an
email address in the security log for logon events so I am not sure where
you are seeing that. You need to make sure you are using a properly
configured firewall and use strong passwords for any user accounts. If you
are using cable or DSL connection for the internet I consider the use of an
"internet router" or firewall device an absolute must to protect your
computer/network even if you are using a software firewall that can be prone
to becoming disabled or misconfigured by user interaction or even malware.
You should also be sure to scan your computer for malware and spyware using
the latest definitions for whatever you use to try to get your computer as
clean as possible without a reinstall of the operating system. Also an
insecure wireless network will allow other users to access your
computer/network. WEP is considered very insecure for protecting a wireless
network these days for non 802.1X installations.

Steve

http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
--- Protect Your PC tips
 
Thanks, Steve, however I'm and MSN dial-up user of Windows XP Media Edition -
the very latest version which I've updated. How this whole thing came up was
I was just exploring the Admin. Tools. (I'm the only user of this
stand-alone laptop.) I'd never noticed a tab for Event Viewer so I clicked on
it. There was a chart showing columns of date, time, etc and one column had
"Remote Access" entries going back to the day I bought this machine. And
that "email address" was in the body of the message. I guess I should do a
print-screen to tell y'all what else was in this chart. I just don't know
what that chart is trying to tell me and what is it's purpose.
 
OK, I found something....This is all showing up in the "System" section of
"Event Viewer" of "Administrative Tools" (thru Conrol Panel). The Remote
Access Event ID's are all 20158 which reads: "The user (e-mail address removed)
successfully established a connection to MSN using the device COM3". Then
sometimes within a few minutes and sometimes after an hour or more another
Remote Access Event shows ID 20159 which says the same (e-mail address removed) has
disconnected. It sure sounds like somebody other than me is in here. I've
reduced my firewall to only the MacAffee one (since I'm paying for it). but
there was an event after that as recently as 20 minutes ago. Any suggestions?
 
If you could post a copy of the event in a reply it might help. I have not
used a dial up modem in a long time but I believe that you will see a remote
access event in the system log when you dial up to the internet and
disconnect. Does your computer's modem answer the phone when that phone
number is dialed?? If not I don't think anyone is accessing your computer
remotely via the modem which would be using a com port.

Steve
 
You were right, Steve, that a Remote Access event was recorded every time I
logged in or out. Sorry for taking up y'all's time. Thanks.
 
Back
Top