Very disturbing experience

Discussion in 'privacy problems' started by mark_z, Mar 3, 2013.

Thread Status:
Not open for further replies.
  1. mark_z

    mark_z Registered Member

    Joined:
    Mar 3, 2013
    Posts:
    4
    Location:
    US
    This morning I was searching the internet for information about an event in my system event log. I navigated to an AVG forum that came up in the search results. What I saw is in the attached screen shot.

    Someone (not me) had gained access to my computer and was posting information from in on an AVG forum.

    Needless to say, I am disturbed.

    The following information is relevant:
    1. I use wireless, a new Belkin which is password protected, using WEP/WPA, whichever is the newer one.
    2. “Allow Remote Assistance” was checked, but is now unchecked, but Remote Desktop is set to “Don’t allow connections to this computer”.
    3. I am not Chinese, but I visit Chinese websites such as Sina news and CCTV.
    4. On the date of the forum post shown, I had just moved into a new apartment.

    How did this happen?

    I can think of a few possibilities:
    • Someone broke into my wireless in spite of the password (but can they access my computer that way?)
    • Someone gained remote access to my computer (wouldn’t they have to know both the dynamic IP of my wireless and also the private IP of my computer?)
    • The Chinese put some kind of Trojan into a video or something, but why me and why would they be asking questions about it on an AVG forum?
    • Somebody from management or who otherwise has access to a key came into my apartment and booted up my computer (which is always shut down when I go out for the day).

    Does anyone have any ideas or suggestions? Naturally, I want my PC to be secure.
     

    Attached Files:

  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    The event viewer information in that screen shot is rather generic, meaning a lot of people could have the same event info logged when that condition is hit on their computer. As for the computer name, well, couldn't there be more than one person using "Mark-PC" as their computer name? (My laptop is "Mike-Laptop". If my name was Mark, I could have easily chosen Mark-PC for my desktop system.)

    Is it only the computer name that makes you think it's referencing your PC?
     
  3. mark_z

    mark_z Registered Member

    Joined:
    Mar 3, 2013
    Posts:
    4
    Location:
    US
    Thanks for looking at this. So you think it could just be a coincidence?

    How widespread is the provider GUID? Is that the same for every Windows 7 installation? It's exactly the same as my system is using.

    I see now one indication that you could be right: the Event Record ID, if that's like a database ID. The same event that occurred on my computer today, 3/3/2013, is 5386340, one that occurred on 12/25/2012 is 5330186 (3 months). The one showing in the forum post is 7238 (5 months to 12/25/2012). So I guess that's a long way to go in 5 months, assuming the IDs are sequential and occur with a relatively even distribution. Are those assumptions correct?
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    I do think it's a coincidence. The GUID {555908d1-a6d7-4695-8e1e-26931d2012f4} is extremely common in search result on event log records. When checking on this, I found nearly 100,000 hits in google. When reduced by using the EventID qualifier 49152, it was still nearly 80,000 results.

    Clicking through the results, many were nearly identical except computer name. Though it is interesting to see how many people name their computers "first name PC" or "Pc name" and so on. And, the record ID is an incremental counter, and stays unique within a log.
     
  5. mark_z

    mark_z Registered Member

    Joined:
    Mar 3, 2013
    Posts:
    4
    Location:
    US
    Looking at it now, I guess I overreacted. Even so, it leaves me feeling a little creepy, probably a lingering aftereffect to my initial reaction. It's not like I was looking around and stumbled on that post; it was the first one I saw!

    In any case, I appreciate your efforts to look into it and respond.
     
  6. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    More then 50% of Windows users use their name in their windows login/computer name.

    How many marks are in the western world? :p
     
  7. mark_z

    mark_z Registered Member

    Joined:
    Mar 3, 2013
    Posts:
    4
    Location:
    US
    There probably are several. I will bear that in mind.

    I'm considering changing:
    1. My computer name
    2. My windows login
    3. My name
    but the risk is that I will forget all three whenever it is important not to do so.
     
  8. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    545
    Location:
    USA
    When you install Windows or go through the OOBE, the PC name defaults to the user name followed by "-PC", and I doubt many people bother to change it. That could be anybody named Mark (well, except you ;)).

    If you were going to use different login information, I would suggest KeePass for managing passwords. The notes section for each entry is handy for entering things like fake names, fake birthdates, etc.

    BTW, use WPA2 on the router if you can. Most recent computers should work with it.
     
Thread Status:
Not open for further replies.