1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Admin account was logged on via remote device

Discussion in 'Windows 7' started by Dnicco, Nov 28, 2018.

Thread Status:
Not open for further replies.
Advertisement
  1. Dnicco

    Dnicco Thread Starter

    Joined:
    Nov 28, 2018
    Messages:
    6
    While I was on my computer last night, I was logged off. It took me to my log in page which has an admin account that’s mine and also a log in option for another account which is also mine and labeled as admin. Under my original admin log in option it said: logged on remotely then it gave a desktop device name. I went to my other account to select log in and it said there are users logged on if you log on it will end their session, I backed out without logging in and Logged onto my original admin account, and I’m booted off yet again... this time it said both users were logged on. I use an LAN connection with no WiFi capabilities.
    I use a cisco modem model: dpq3212
    I am self employed, I work from home, therefor my system I use for work isn’t monitored by anyone higher than myself. ( it shouldn’t be anyways). How is this possible? Am I able to find out who used a remote log in? How do I ensure remote log in is not available.

    New
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, Intel64 Family 6 Model 15 Stepping 6
    Processor Count: 2
    RAM: 4031 Mb
    Graphics Card: NVIDIA Quadro NVS 285 (Microsoft Corporation - WDDM), 128 Mb
    Hard Drives: C: 145 GB (116 GB Free);
    Motherboard: Hewlett-Packard, 0A50h
    Antivirus: Microsoft Security Essentials, Enabled and Updated
     
    Last edited: Nov 28, 2018
  2. plodr

    plodr

    Joined:
    Jun 27, 2014
    Messages:
    19,088
    First Name:
    Liz
    Attached to what modem/router or gateway? We need to know the brand and exact model of hardware because even if you are using wifi, perhaps your router or gateway has wifi capabilities. (It is very hard to find a router that is NOT wifi).
     
  3. Dnicco

    Dnicco Thread Starter

    Joined:
    Nov 28, 2018
    Messages:
    6
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, Intel64 Family 6 Model 15 Stepping 6
    Processor Count: 2
    RAM: 4031 Mb
    Graphics Card: NVIDIA Quadro NVS 285 (Microsoft Corporation - WDDM), 128 Mb
    Hard Drives: C: 145 GB (116 GB Free);
    Motherboard: Hewlett-Packard, 0A50h
    Antivirus: Microsoft Security Essentials, Enabled and Updated

    if other info is needed let me know.
    I use Cisco DPQ3212 Modem
    I have a LAN connection to internet not Ethernet.
    default gateway is 174.64.166.1

    The tech who installed my internet had said this modem did not have a router built into it, nor did it posses WiFi abilities to connect to a different router or router extender. I had asked for this specifically as I wanted to be the only one with access to this internet since it was bought for my job. I use VoIP for my job, my call quality had been terrible to the point of being hung up on for 80 percent of my phone calls. I tried a few other options to remedy the call problem but nothing worked, so I ended up getting my own internet. I live in a house of people who have about 25 devices connected to our other internet which is hard wired in to two devices and then it has a built in router, we also have a wifi extender to reach the upstairs and side bedrooms.
     
    Last edited: Nov 28, 2018
  4. plodr

    plodr

    Joined:
    Jun 27, 2014
    Messages:
    19,088
    First Name:
    Liz
    If you have no wifi than where is the extender getting the signal? Are you hopping off of someone else's signal in the house because your modem has one ethernet port for a PC or a router. (I downloaded the manual to check it out)

    I'm going to bow out because I have zero experience with a home running two different networks with different ISPs.
     
  5. Dnicco

    Dnicco Thread Starter

    Joined:
    Nov 28, 2018
    Messages:
    6
    Sorry if I wasn’t clear. My computer that said my admin account was logged onto from another device is only connected via LAN. As far as I can tell my computer itself is not capable of WiFi. I was told my modem wasn’t capable of WiFi. I did state the home uses two different internet sources and that one of the internet sources does have WiFi. But again my computer is connected to the Cisco modem, wired in LAN connection.
     
  6. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
    I checked out your modem specifications. Your modem is a cable modem which has only 1 ethernet port. It does not have NAT, nor does it have a firewall. The gateway ip address you gave confirms this. Some of your PC's ports are publicly exposed to the internet, and can be connected to by anyone. Someone has gone past the login stage and accessed your files. Disconnect the internet now. Buy a router NOW and hook it up to the cable modem, then connect your PC to the router. I know you don't need additional ethernet ports on a router, but this is not about the number of available connections. It is about security. A router or router with firewall blocks direct access from the internet to your PC.

    First step: disconnect the intruder: done, by adding router.
    Next step: damage control. Since you are not a Incident first responder, you won't know if the attacker has installed anything. Skip this step.
    Next step: attackers may have installed a back door. Since you can't do step 2, you have to back up your data and re-install Windows. Takes about a morning's work. You can't skip this step. The attackers may have gotten in easily, but could have taken steps to install a back door in anticipation of discovery. A back door will connect out bound from your PC back to their PC. And it is hard to detect. Since they have administrative access, they could have named the back door file anything and placed it anywhere in the PC. This step must be done.
    Next step: set up a daily backup routine. It could be as simple as drag and drop of files and folders onto a USB external hard disk. Or you could purchase backup software to do this automatically. Preferably you would name each backup by day of the week - so that you have 5 versions of daily backups available. This step must be done.
     
    Last edited: Nov 29, 2018
    Dnicco likes this.
  7. Dnicco

    Dnicco Thread Starter

    Joined:
    Nov 28, 2018
    Messages:
    6
    Thank you thank you!
     
  8. Dnicco

    Dnicco Thread Starter

    Joined:
    Nov 28, 2018
    Messages:
    6
    Thank you!! I really thought I had replied to your post with thank you but I see I did not. Also how do I direct message you?
     
  9. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
    Click on Inbox on the top left of the screen, and select Start a Conversation
     
  10. Dnicco

    Dnicco Thread Starter

    Joined:
    Nov 28, 2018
    Messages:
    6
    i am not seeing the option to start one, can you send me a message please.
     
  11. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,567
    First Name:
    Terry
    "Inbox" is on the top right of my screen. Remember that all help is to remain here on the public forum.
     
  12. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
    In summary. The remote login is shown at eventID 4624. ( along with all normal logins ) Except that a Remote Desktop login will show an ip address in the details box. So locate the date and time when you saw the attacker online in your machine and work backwards until you find the login.

    With a internet ip address, you can file a police report, as they are the only ones who could link an ip to an ISP account. The OP's situation is unique here, because his machine was directly connected to the internet, and the logs will show the attackers real ip.

    I would backup your data first. Because you shouldn't use the machine as it disturbs their evidence collection. You can then restore your data onto another machine to continue work.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1219748

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice