Was I hacked? Please help!

  cluelessdude 20:12 02 Aug 2018

hello everyone, I hope you can help me out. I believe I've been hacked. My Problem is this:

I was noticing my computer being really slow, so I looked up my microsoft security event-logs and noticed that the event ID 4798 came up a lot. So I looked in, and noticed something odd. At one point the Subject and User-Name were not the same anymore. The user was my computer but the subject something completly different. This is how it looks:

A user's local group Membership was enumerated.

Subject: Security ID: SYSTEM Account Name: WIN-TDTN9KALDHQ$ Account Domain: WORKGROUP Logon ID: 0x3E7

User: Security ID: MY-Desktop Account Name: Admin (me) Account Domain: My-Desktop

ProcessInformation: Process ID: 0x227c Process Name: C:\Windows\System32\LogonUI.exe

The Account-Name WIN-TDTN9KALDHQ only occurs for 24 hours, in every other log both the Subject and the User-Name are stated as "MY-Computer".

My Question is: Could WIN-TDTN9KALDHQ be a hacker from outside or is this normal?

I am really worried by this. I thank you all for the help!

  Shepherd81 13:16 03 Aug 2018

Thats something noone here could help you out with. It is too complicated for that. Only way to find out whats going on is if an expert would remote-control your system. What you can do is check if WIN-TDTN9KALDHQ isnt just your computername. You do this by opening the command prompt "cmd" and typing "hostname" into it. Then it should reply with your computername. If it is WIN-TDTN9KALDHQ than this is a dead end cause that only means the thing accessing this process is just your machine. Easier way to find out your hostname is also under settings but tomato TOMATO ;) Just install a good antivirus firewall and delete all junk in your programms folder and never use torrent and such and you should be less worried!

  lotvic 18:39 03 Aug 2018

Thats something noone here could help you out with. It is too complicated for that.

Shepherd 81, That's a cheeky and unfounded assumption from you, you're a newcomer to the forum and you couldn't possibly know any such thing.

  rdave13 21:38 03 Aug 2018

Reboot and check again. Note reboot not shutdown.

