?
Solved

Files & events Id like to understand better

Posted on 2013-06-04
3
Medium Priority
?
281 Views
Last Modified: 2013-06-14
I seem to be "sharing" my computer with ...well, I dont know who...or maybe its just that I dont understand totally, I like to think Im computer saavy, but...well, maybe thats being a lil too proud.
I have unexplained events I see in Event Viewer, at times when Im not even home, success audits & failures as well.
I only have AVG free right now as it has always served me well, but when I reinstalled it last night it did finally pick up on some "locked files" & PW protected too, but it wouldnt let me do anything with them. My "Fix Issues" button doesnt function when click, its greyed out. Superantispyware used to help me alot too, but it never finds a thing anymore & its just strange.
 Im not familiar with the events its recording & would like to know more. What is being accessed, what my firewall is detecting"listening for traffic", who is making new profiles  etc. What is a "temp.vir" file? "sqlite" file & "little" file because I cant open them to see & not sure I want to...lol  & why do I have PW protected files on MY PC I did not make.
If you could let me know what you need to see, I will do my best to comply.
TYVM
0
Comment
Question by:anjulz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 64

Expert Comment

by:btan
ID: 39221223
Probably to show the actual screenshot of the alert from av on those file name and also the event view log for that period specifically on the eventid. If those files are not yours you can can even submit online to virustotal for scan by AVs.  Windows has list of event id xls will be easily good. But typical login failure attempt and succes will state also source host and ip
0
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 39222380
I am also recommend to check on AV log or event and the "temp.vir" may be renamed or quarantine type - ot sure though.

Below are good reference to surface top security event id and whole summary list:

Windows Security Log Quick Reference Chart
http://www.ultimatewindowssecurity.com/securitylog/quickref/default.aspx

Windows Security Log Events (online)
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/Default.aspx

Security audit events for Microsoft Windows Server 2008 and Microsoft Windows Vista
http://www.microsoft.com/en-us/download/details.aspx?id=17871

Security Audit Events for Windows 7 and Windows Server 2008 R2
http://www.microsoft.com/en-us/download/details.aspx?id=21561

Windows 8 and Windows Server 2012 Security Event Details
http://www.microsoft.com/en-us/download/details.aspx?id=35753
0
 

Author Closing Comment

by:anjulz
ID: 39249620
Thank you sooooo much!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
How does someone stay on the right and legal side of the hacking world?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question