Solved

Files & events Id like to understand better

Posted on 2013-06-04
3
278 Views
Last Modified: 2013-06-14
I seem to be "sharing" my computer with ...well, I dont know who...or maybe its just that I dont understand totally, I like to think Im computer saavy, but...well, maybe thats being a lil too proud.
I have unexplained events I see in Event Viewer, at times when Im not even home, success audits & failures as well.
I only have AVG free right now as it has always served me well, but when I reinstalled it last night it did finally pick up on some "locked files" & PW protected too, but it wouldnt let me do anything with them. My "Fix Issues" button doesnt function when click, its greyed out. Superantispyware used to help me alot too, but it never finds a thing anymore & its just strange.
 Im not familiar with the events its recording & would like to know more. What is being accessed, what my firewall is detecting"listening for traffic", who is making new profiles  etc. What is a "temp.vir" file? "sqlite" file & "little" file because I cant open them to see & not sure I want to...lol  & why do I have PW protected files on MY PC I did not make.
If you could let me know what you need to see, I will do my best to comply.
TYVM
0
Comment
Question by:anjulz
  • 2
3 Comments
 
LVL 63

Expert Comment

by:btan
ID: 39221223
Probably to show the actual screenshot of the alert from av on those file name and also the event view log for that period specifically on the eventid. If those files are not yours you can can even submit online to virustotal for scan by AVs.  Windows has list of event id xls will be easily good. But typical login failure attempt and succes will state also source host and ip
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39222380
I am also recommend to check on AV log or event and the "temp.vir" may be renamed or quarantine type - ot sure though.

Below are good reference to surface top security event id and whole summary list:

Windows Security Log Quick Reference Chart
http://www.ultimatewindowssecurity.com/securitylog/quickref/default.aspx

Windows Security Log Events (online)
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx

Security audit events for Microsoft Windows Server 2008 and Microsoft Windows Vista
http://www.microsoft.com/en-us/download/details.aspx?id=17871

Security Audit Events for Windows 7 and Windows Server 2008 R2
http://www.microsoft.com/en-us/download/details.aspx?id=21561

Windows 8 and Windows Server 2012 Security Event Details
http://www.microsoft.com/en-us/download/details.aspx?id=35753
0
 

Author Closing Comment

by:anjulz
ID: 39249620
Thank you sooooo much!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
OnPage: Incident management and secure messaging on your smartphone
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question