Windows 10: Remote Login and New admin account created on my machine - hacked?

Discus and support Remote Login and New admin account created on my machine - hacked? in User Accounts and Family Safety to solve the problem; OK so a user named Lorenco was logged into my machine today when I went to login. This user account should not exist and was connected remotely I... Discussion in 'User Accounts and Family Safety' started by PeterFragon, Nov 24, 2016.

  1. PETERFRAGON
    PeterFragon Win User

    Remote Login and New admin account created on my machine - hacked?


    OK so a user named Lorenco was logged into my machine today when I went to login.
    This user account should not exist and was connected remotely I believe
    I captured all the event logs, what do I need to verify this was a hack or a legit login?
    Received user logon notification on session 4.
    shell\roaming\settingsync\settingprofilehandler.cpp(24)\SettingSync errors
    event log cleared the user
    The audit log was cleared.
    Subject:
    Security ID: GROD\Lorenco
    Account Name: Lorenco
    Domain Name: GROD
    Logon ID: 0x46D9E82
    A user's local group membership was enumerated.

    Subject:
    Security ID: GROD\Lorenco
    Account Name: Lorenco
    Account Domain: GROD
    Logon ID: 0x46D9EA0

    User:
    Security ID: GROD\Lorenco
    Account Name: Lorenco
    Account Domain: GROD

    Process Information:
    Process ID: 0x2618
    Process Name: C:\Users\Lorenco\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
    Much more in the logs..

    :)
     
    PeterFragon, Nov 24, 2016
    #1
  2. PETERFRAGON
    PeterFragon Win User

    Remote Login and New admin account created on my machine - hacked?

    WinLogonView shows me they are from EU.

    How they got in is beyond me, I am a network engineer not a dummy about security..

    Not sure what to do next.

    0x058a83a9

    Lorenco

    WORKGROUP GROD

    11/24/2016 4:26:23 PM

    11/24/2016 4:36:20 PM

    00:09:57 46.166.138.153 Remote Interactive (10)
     
    PeterFragon, Nov 24, 2016
    #2
  3. PETERFRAGON
    PeterFragon Win User
    Remote Login and New admin account created on my machine - hacked?

    OK so a user named Lorenco was logged into my machine today when I went to login.

    This user account should not exist and was connected remotely I believe

    I captured all the event logs, what do I need to verify this was a hack or a legit login?

    Received user logon notification on session 4.

    shell\roaming\settingsync\settingprofilehandler.cpp(24)\SettingSync errors

    event log cleared the user

    The audit log was cleared.

    Subject:

    Security ID: GROD\Lorenco

    Account Name: Lorenco

    Domain Name: GROD

    Logon ID: 0x46D9E82

    A user's local group membership was enumerated.

    Subject:

    Security ID: GROD\Lorenco

    Account Name: Lorenco

    Account Domain: GROD

    Logon ID: 0x46D9EA0

    User:

    Security ID: GROD\Lorenco

    Account Name: Lorenco

    Account Domain: GROD

    Process Information:

    Process ID: 0x2618

    Process Name: C:\Users\Lorenco\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe

    Much more in the logs..
     
    PeterFragon, Nov 24, 2016
    #3
  4. PETERFRAGON
    PeterFragon Win User

    Remote Login and New admin account created on my machine - hacked?

    WinLogonView shows me they are from EU.

    How they got in is beyond me, I am a network engineer not a dummy about security..


    Remote Login and New admin account created on my machine - hacked? [​IMG]
     
    PeterFragon, Nov 24, 2016
    #4
Thema:

Remote Login and New admin account created on my machine - hacked?

Loading...

  1. Remote Login and New admin account created on my machine - hacked? - Similar Threads - Remote Login admin

  2. Unable to login to admin account in a remote PC

    in Windows 10 Software and Apps
    Unable to login to admin account in a remote PC: I'm unable to login to admin account of our domain group on a remote laptop. No previous changes were made for the laptop, the only change is that that employee has been shifted to another geographical location and his device did not join our local network for the past 6...

  3. Unable to login to admin account in a remote PC

    in Windows 10 Gaming
    Unable to login to admin account in a remote PC: I'm unable to login to admin account of our domain group on a remote laptop. No previous changes were made for the laptop, the only change is that that employee has been shifted to another geographical location and his device did not join our local network for the past 6...

  4. Creating a new network account on a Windows 10 machine that is remote

    in Windows Hello & Lockscreen
    Creating a new network account on a Windows 10 machine that is remote: Hello AllI have a network user who works remotely she does the following to access our network: She logs into the laptop, because she has a cached account connects to her home internet, then connects to VPN and can then run all her programs on the network just finewe use...

  5. Creating a new network account on a Windows 10 machine that is remote

    in Windows 10 Gaming
    Creating a new network account on a Windows 10 machine that is remote: Hello AllI have a network user who works remotely she does the following to access our network: She logs into the laptop, because she has a cached account connects to her home internet, then connects to VPN and can then run all her programs on the network just finewe use...

  6. Creating a new network account on a Windows 10 machine that is remote

    in Windows 10 Software and Apps
    Creating a new network account on a Windows 10 machine that is remote: Hello AllI have a network user who works remotely she does the following to access our network: She logs into the laptop, because she has a cached account connects to her home internet, then connects to VPN and can then run all her programs on the network just finewe use...

  7. Create New Admin Account

    in Windows 10 Gaming
    Create New Admin Account: If I create new admin account, does my 2 hard disks and my game folder still appear? And can I play game from game folder if it still appear? https://answers.microsoft.com/en-us/windows/forum/all/create-new-admin-account/28b8f2f5-616a-4ebd-9456-4733b18f3b89

  8. Create New Admin Account

    in Windows 10 Software and Apps
    Create New Admin Account: If I create new admin account, does my 2 hard disks and my game folder still appear? And can I play game from game folder if it still appear? https://answers.microsoft.com/en-us/windows/forum/all/create-new-admin-account/28b8f2f5-616a-4ebd-9456-4733b18f3b89

  9. Admin account created on hacked email

    in Windows Hello & Lockscreen
    Admin account created on hacked email: Hi, my computer has been setup on an account that was hacked. How do I change the settings to link to my new account and password and not the old one? Thanks...

  10. How to create new Admin account

    in User Accounts and Family Safety
    How to create new Admin account: I am having a horrible problem with uninstalling a printer. Talked to MS and Canon with no remedy. Canon mentioned to create new admin account to create new registry. They feel something is deeply embedded and hanging up printer somehow. Pls advise on how to create new...

Users found this page by searching for:

  1. settingprofilehandler

    ,

  2. how to login as admin to windows machine remotely

    ,

  3. remotally create new account and login