Was I hacked? Please help!

  cluelessdude 20:12 02 Aug 2018

hello everyone, I hope you can help me out. I believe I've been hacked. My Problem is this:

I was noticing my computer being really slow, so I looked up my microsoft security event-logs and noticed that the event ID 4798 came up a lot. So I looked in, and noticed something odd. At one point the Subject and User-Name were not the same anymore. The user was my computer but the subject something completly different. This is how it looks:

A user's local group Membership was enumerated.

Subject: Security ID: SYSTEM Account Name: WIN-TDTN9KALDHQ$ Account Domain: WORKGROUP Logon ID: 0x3E7

User: Security ID: MY-Desktop Account Name: Admin (me) Account Domain: My-Desktop

ProcessInformation: Process ID: 0x227c Process Name: C:\Windows\System32\LogonUI.exe

The Account-Name WIN-TDTN9KALDHQ only occurs for 24 hours, in every other log both the Subject and the User-Name are stated as "MY-Computer".

My Question is: Could WIN-TDTN9KALDHQ be a hacker from outside or is this normal?

I am really worried by this. I thank you all for the help!

  Shepherd81 13:16 03 Aug 2018

Thats something noone here could help you out with. It is too complicated for that. Only way to find out whats going on is if an expert would remote-control your system. What you can do is check if WIN-TDTN9KALDHQ isnt just your computername. You do this by opening the command prompt "cmd" and typing "hostname" into it. Then it should reply with your computername. If it is WIN-TDTN9KALDHQ than this is a dead end cause that only means the thing accessing this process is just your machine. Easier way to find out your hostname is also under settings but tomato TOMATO ;) Just install a good antivirus firewall and delete all junk in your programms folder and never use torrent and such and you should be less worried!

  lotvic 18:39 03 Aug 2018

Thats something noone here could help you out with. It is too complicated for that.

Shepherd 81, That's a cheeky and unfounded assumption from you, you're a newcomer to the forum and you couldn't possibly know any such thing.

  rdave13 21:38 03 Aug 2018

Reboot and check again. Note reboot not shutdown.

What is Markdown?

Markdown lets you add more formatting to your post. Simply type in your post and it will display as written.

If you wish to add bold or italic characters, add a hyperlink to another website, a heading or a horizontal line, simply use the relevent icons above the text input field.

A preview of your post will appear in the grey box below. If you make a change and you're not happy, simply press the back arrow icon to undo.

Post a Reply


Elsewhere on IDG sites

What to do if you're affected by the Intel Foreshadow flaw

A new magazine aims to educate kids about food with some very edgy artwork

iMac at 20: 10 iMac facts and history in pictures

Comment arrĂȘter la lecture automatique sur Netflix ?