1. Join Date : Apr 2015
    United States
    Posts : 38
    WIN10/WIN7ULT
       1 Week Ago #1

    Remote Login and New admin account created on my machine - hacked?


    OK so a user named Lorenco was logged into my machine today when I went to login.
    This user account should not exist and was connected remotely I believe
    I captured all the event logs, what do I need to verify this was a hack or a legit login?
    Received user logon notification on session 4.
    shell\roaming\settingsync\settingprofilehandler.cpp(24)\SettingSync errors
    event log cleared the user
    The audit log was cleared.
    Subject:
    Security ID: GROD\Lorenco
    Account Name: Lorenco
    Domain Name: GROD
    Logon ID: 0x46D9E82

    A user's local group membership was enumerated.

    Subject:
    Security ID: GROD\Lorenco
    Account Name: Lorenco
    Account Domain: GROD
    Logon ID: 0x46D9EA0

    User:
    Security ID: GROD\Lorenco
    Account Name: Lorenco
    Account Domain: GROD

    Process Information:
    Process ID: 0x2618
    Process Name: C:\Users\Lorenco\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe

    Much more in the logs..
      My System SpecsSystem Spec


  2. Join Date : Apr 2015
    United States
    Posts : 38
    WIN10/WIN7ULT
       1 Week Ago #2

    WinLogonView shows me they are from EU.

    How they got in is beyond me, I am a network engineer not a dummy about security..

    Click image for larger version. 

Name:	2016_11_25_03_01_091.png 
Views:	9 
Size:	10.1 KB 
ID:	111323
      My System SpecsSystem Spec


 


Similar Threads
Thread Forum
Repeatedly having my Windows 10 Account Passwords Hacked.
Wondering if anyone here knows high-security ways to secure the Windows SAM (Security Accounts Manager) file from being hacked via remote network access or physical access to an unattended machine. Have already informed the police (though they...
AntiVirus, Firewalls and System Security
No Admin Access /Cannot change existing user accounts to admin account
Hello All, I'm delighted to have found you and after a long day of trying to help myself i am now requiring your much appreciated assistance please!:cry: I'm not a techy person at all and am hoping someone can help:) Last week my husband purchased...
User Accounts and Family Safety
ASP.NET Machine account is my Admin now
So I made a lot of mess on my new Windows 10.I wanted to play FarmVille 2.Because its free on Windows 10.Microsoft wanted from me to make an account.I did it.And then when I turn off my PC .It wanted for me password from my account to log in to my...
User Accounts and Family Safety
Domain admin account as built-in admin account
I just upgraded two brand new pc's from Win 7 to Win 10. Computers were already added to the domain in Win 7 and I was logged into the domain administrator account when I did the upgrade to Win 10. Now when I am logged in with the domain...
User Accounts and Family Safety
Solved Unable to log into Admin account even though no password was created
Good day all I followed these instructions this morning to try to install software for my wifi adapter that windows 10 keeps on blocking. Administrator account - Enable or Disable in Windows 10 - Windows 10 Forums=User%20Accounts I logged out...
User Accounts and Family Safety
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:43.
Find Us
Twitter Facebook Google+



Windows 10 Forums