ParanoidanLloyd
New Member
Hi, have a bit of an issue, afraid i have only just signed up, so not sure if this is the 100% correct place to post but here goes. I think someone has gained remote access of some kind to my computer, and retrieved a file. Originally based on what i heard through the very thin floor of my room. I.e. i think my housemates got at it and i would like to know for definite as it contains rather sensitive and personal information.
I am not an expert with IT but i will try to explain a little, and will try to answer any further questions to get to the bottom of it. Around 2 months back i noticed a small brown or red icon on my toolbar at the bottom of the screen (perhaps someone might be able to recognise a method from this scrappy description?), this read something along the lines of "connected to ?????-PC", ????? being the name of a housemate. I terminated the link and confronted them but they deny this.
Secondly i have noticed that windows remote access has been enabled, and after some reading up i have found that this is not enabled by default, and as i know very little about software, and know i havent touched it, then this cant be me?
Thirdly i have been looking through the event log, and within the WLAN-Autoconfig i found an Event ID 11004 which reads:
Adapter Broadcom 802.11g Network Adapter
DeviceGuid {B4FD2D99-F15B-4BAC-A591-180E23218228}
LocalMac 00:1F:C6:8C:AB:6E
SSID SKY97932
BSSType Infrastructure
PeerMac 00:1B:2F:41:CA:B6
SecurityHint The operation succeeds.
SecurityHintCode 0
ConnectionId 0x1Perhaps it is me being paranoid but the security hint strikes me as odd, but then i dont really know what it means.
4th DFS Replication, i have only 6 entries under DFS Replication, all relate to a date that falls within the period i believe the document to have been taken, lasting only 5 mins.
5th Terminal Services - Remote Connection Manager Log has been or is disabled.
6th all Windows Error Reports found through the tree: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\ are post 18/5/2009, there are a fair few, but i bought my computer last summer, so would have expected there to be some prior to 18/5/2009 as well?
It could just be me being very paranoid, but its just that the document covers a wide variety of topics, many of which have been introduced in to conversation between us soon after i had confronted them over gaining access the first time. I would be very greatful for any assistance that can be offered, as it is actually driving me insane.
Cheers,
Lloyd
Also there appear to be Microsoft Visual Source Safe events, and events through WMI Event ID:10???
I am not an expert with IT but i will try to explain a little, and will try to answer any further questions to get to the bottom of it. Around 2 months back i noticed a small brown or red icon on my toolbar at the bottom of the screen (perhaps someone might be able to recognise a method from this scrappy description?), this read something along the lines of "connected to ?????-PC", ????? being the name of a housemate. I terminated the link and confronted them but they deny this.
Secondly i have noticed that windows remote access has been enabled, and after some reading up i have found that this is not enabled by default, and as i know very little about software, and know i havent touched it, then this cant be me?
Thirdly i have been looking through the event log, and within the WLAN-Autoconfig i found an Event ID 11004 which reads:
Adapter Broadcom 802.11g Network Adapter
DeviceGuid {B4FD2D99-F15B-4BAC-A591-180E23218228}
LocalMac 00:1F:C6:8C:AB:6E
SSID SKY97932
BSSType Infrastructure
PeerMac 00:1B:2F:41:CA:B6
SecurityHint The operation succeeds.
SecurityHintCode 0
ConnectionId 0x1Perhaps it is me being paranoid but the security hint strikes me as odd, but then i dont really know what it means.
4th DFS Replication, i have only 6 entries under DFS Replication, all relate to a date that falls within the period i believe the document to have been taken, lasting only 5 mins.
5th Terminal Services - Remote Connection Manager Log has been or is disabled.
6th all Windows Error Reports found through the tree: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\ are post 18/5/2009, there are a fair few, but i bought my computer last summer, so would have expected there to be some prior to 18/5/2009 as well?
It could just be me being very paranoid, but its just that the document covers a wide variety of topics, many of which have been introduced in to conversation between us soon after i had confronted them over gaining access the first time. I would be very greatful for any assistance that can be offered, as it is actually driving me insane.
Cheers,
Lloyd
Also there appear to be Microsoft Visual Source Safe events, and events through WMI Event ID:10???
