Solved

Files & events Id like to understand better

Posted on 2013-06-04
3
275 Views
Last Modified: 2013-06-14
I seem to be "sharing" my computer with ...well, I dont know who...or maybe its just that I dont understand totally, I like to think Im computer saavy, but...well, maybe thats being a lil too proud.
I have unexplained events I see in Event Viewer, at times when Im not even home, success audits & failures as well.
I only have AVG free right now as it has always served me well, but when I reinstalled it last night it did finally pick up on some "locked files" & PW protected too, but it wouldnt let me do anything with them. My "Fix Issues" button doesnt function when click, its greyed out. Superantispyware used to help me alot too, but it never finds a thing anymore & its just strange.
 Im not familiar with the events its recording & would like to know more. What is being accessed, what my firewall is detecting"listening for traffic", who is making new profiles  etc. What is a "temp.vir" file? "sqlite" file & "little" file because I cant open them to see & not sure I want to...lol  & why do I have PW protected files on MY PC I did not make.
If you could let me know what you need to see, I will do my best to comply.
TYVM
0
Comment
Question by:anjulz
  • 2
3 Comments
 
LVL 61

Expert Comment

by:btan
ID: 39221223
Probably to show the actual screenshot of the alert from av on those file name and also the event view log for that period specifically on the eventid. If those files are not yours you can can even submit online to virustotal for scan by AVs.  Windows has list of event id xls will be easily good. But typical login failure attempt and succes will state also source host and ip
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39222380
I am also recommend to check on AV log or event and the "temp.vir" may be renamed or quarantine type - ot sure though.

Below are good reference to surface top security event id and whole summary list:

Windows Security Log Quick Reference Chart
http://www.ultimatewindowssecurity.com/securitylog/quickref/default.aspx

Windows Security Log Events (online)
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx

Security audit events for Microsoft Windows Server 2008 and Microsoft Windows Vista
http://www.microsoft.com/en-us/download/details.aspx?id=17871

Security Audit Events for Windows 7 and Windows Server 2008 R2
http://www.microsoft.com/en-us/download/details.aspx?id=21561

Windows 8 and Windows Server 2012 Security Event Details
http://www.microsoft.com/en-us/download/details.aspx?id=35753
0
 

Author Closing Comment

by:anjulz
ID: 39249620
Thank you sooooo much!
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now