Windows 10: Remote Login and New admin account created on my machine - hacked?

Discus and support Remote Login and New admin account created on my machine - hacked? in User Accounts and Family Safety to solve the problem; OK so a user named Lorenco was logged into my machine today when I went to login. This user account should not exist and was connected remotely I... Discussion in 'User Accounts and Family Safety' started by PeterFragon, Nov 24, 2016.

  1. PETERFRAGON
    PeterFragon Win User

    Remote Login and New admin account created on my machine - hacked?


    OK so a user named Lorenco was logged into my machine today when I went to login.
    This user account should not exist and was connected remotely I believe
    I captured all the event logs, what do I need to verify this was a hack or a legit login?
    Received user logon notification on session 4.
    shell\roaming\settingsync\settingprofilehandler.cpp(24)\SettingSync errors
    event log cleared the user
    The audit log was cleared.
    Subject:
    Security ID: GROD\Lorenco
    Account Name: Lorenco
    Domain Name: GROD
    Logon ID: 0x46D9E82
    A user's local group membership was enumerated.

    Subject:
    Security ID: GROD\Lorenco
    Account Name: Lorenco
    Account Domain: GROD
    Logon ID: 0x46D9EA0

    User:
    Security ID: GROD\Lorenco
    Account Name: Lorenco
    Account Domain: GROD

    Process Information:
    Process ID: 0x2618
    Process Name: C:\Users\Lorenco\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
    Much more in the logs..

    :)
     
    PeterFragon, Nov 24, 2016
    #1
  2. PETERFRAGON
    PeterFragon Win User

    Remote Login and New admin account created on my machine - hacked?

    WinLogonView shows me they are from EU.

    How they got in is beyond me, I am a network engineer not a dummy about security..

    Not sure what to do next.

    0x058a83a9

    Lorenco

    WORKGROUP GROD

    11/24/2016 4:26:23 PM

    11/24/2016 4:36:20 PM

    00:09:57 46.166.138.153 Remote Interactive (10)
     
    PeterFragon, Nov 24, 2016
    #2
  3. PETERFRAGON
    PeterFragon Win User
    Remote Login and New admin account created on my machine - hacked?

    OK so a user named Lorenco was logged into my machine today when I went to login.

    This user account should not exist and was connected remotely I believe

    I captured all the event logs, what do I need to verify this was a hack or a legit login?

    Received user logon notification on session 4.

    shell\roaming\settingsync\settingprofilehandler.cpp(24)\SettingSync errors

    event log cleared the user

    The audit log was cleared.

    Subject:

    Security ID: GROD\Lorenco

    Account Name: Lorenco

    Domain Name: GROD

    Logon ID: 0x46D9E82

    A user's local group membership was enumerated.

    Subject:

    Security ID: GROD\Lorenco

    Account Name: Lorenco

    Account Domain: GROD

    Logon ID: 0x46D9EA0

    User:

    Security ID: GROD\Lorenco

    Account Name: Lorenco

    Account Domain: GROD

    Process Information:

    Process ID: 0x2618

    Process Name: C:\Users\Lorenco\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe

    Much more in the logs..
     
    PeterFragon, Nov 24, 2016
    #3
  4. PETERFRAGON
    PeterFragon Win User

    Remote Login and New admin account created on my machine - hacked?

    WinLogonView shows me they are from EU.

    How they got in is beyond me, I am a network engineer not a dummy about security..


    Remote Login and New admin account created on my machine - hacked? [​IMG]
     
    PeterFragon, Nov 24, 2016
    #4
Thema:

Remote Login and New admin account created on my machine - hacked?

Loading...

  1. Remote Login and New admin account created on my machine - hacked? - Similar Threads - Remote Login admin

  2. Create NON-ADMIN Microsoft login account

    in Windows Hello & Lockscreen
    Create NON-ADMIN Microsoft login account: I have Win10 Pro & 11 boxes with a local admin account only. We are moving to Azure so I need to create a user using a Microsoft account on the machine. When I try and create a user through Settings-Accounts-Access Work or School to create the user, it does just that and that...

  3. Create NON-ADMIN Microsoft login account

    in Windows 10 Gaming
    Create NON-ADMIN Microsoft login account: I have Win10 Pro & 11 boxes with a local admin account only. We are moving to Azure so I need to create a user using a Microsoft account on the machine. When I try and create a user through Settings-Accounts-Access Work or School to create the user, it does just that and that...

  4. Create NON-ADMIN Microsoft login account

    in Windows 10 Software and Apps
    Create NON-ADMIN Microsoft login account: I have Win10 Pro & 11 boxes with a local admin account only. We are moving to Azure so I need to create a user using a Microsoft account on the machine. When I try and create a user through Settings-Accounts-Access Work or School to create the user, it does just that and that...

  5. Create New Admin Account

    in Windows 10 Gaming
    Create New Admin Account: If I create new admin account, does my 2 hard disks and my game folder still appear? And can I play game from game folder if it still appear? https://answers.microsoft.com/en-us/windows/forum/all/create-new-admin-account/28b8f2f5-616a-4ebd-9456-4733b18f3b89

  6. Create New Admin Account

    in Windows 10 Software and Apps
    Create New Admin Account: If I create new admin account, does my 2 hard disks and my game folder still appear? And can I play game from game folder if it still appear? https://answers.microsoft.com/en-us/windows/forum/all/create-new-admin-account/28b8f2f5-616a-4ebd-9456-4733b18f3b89

  7. How to create a new admin user account

    in AntiVirus, Firewalls and System Security
    How to create a new admin user account: I'm an administrator. I want to create a new administrator account. Control Panel User Account doesn't show an Add User. https://answers.microsoft.com/en-us/windows/forum/all/how-to-create-a-new-admin-user-account/cbf0d022-3fee-4615-8c67-d5f1038ed86d

  8. "We can't login into your account" problem reemerge after creating a new admin account

    in Windows 10 Installation and Upgrade
    "We can't login into your account" problem reemerge after creating a new admin account: Hello, I follow the method described here https://support.microsoft.com/en-us/windows/fix-a-corrupted-user-profile-in-windows-1cf41c18-7ce3-12f9-8e1d-95896661c5c9 and create a new admin account to login, which works. Then I linked up my new admin account to my microsoft...

  9. Admin account created on hacked email

    in Windows Hello & Lockscreen
    Admin account created on hacked email: Hi, my computer has been setup on an account that was hacked. How do I change the settings to link to my new account and password and not the old one? Thanks...

  10. How to create new Admin account

    in User Accounts and Family Safety
    How to create new Admin account: I am having a horrible problem with uninstalling a printer. Talked to MS and Canon with no remedy. Canon mentioned to create new admin account to create new registry. They feel something is deeply embedded and hanging up printer somehow. Pls advise on how to create new...

Users found this page by searching for:

  1. settingprofilehandler

    ,

  2. how to login as admin to windows machine remotely

    ,

  3. remotally create new account and login