Community


Can someone interpret this log file for me ?

Links used in this discussion
Mal Woods, User (Posts: 2)
Apr 16, 2020 4:06:09 am EDT
Support level: Free or trial
Good Evening,

I found Remote Utilities installed on a customer's computer when they asked me to look for missing files.  Can someone tell me if the following entries indicate someone accessed the computer ?

       15.04.2020---11:00:02:562 36 127.0.0.1 Access granted.
15.04.2020---11:27:47:957 58 127.0.0.1 Terminal connection. Started.
15.04.2020---11:29:00:941 38 127.0.0.1 Remote screen connection. Started.
15.04.2020---11:29:24:846 39 127.0.0.1 Remote screen connection. Closed.
15.04.2020---11:36:21:042 59 127.0.0.1 Terminal connection. Closed.
15.04.2020---11:39:40:522 45 127.0.0.1 Shutdown connection. Mode: 1

Is the date displayed local time or GMT ?  Is there any way of working out where the connection was made from ?

Any help would be appreciated

Thanks

Mal
Pauline, Support (Posts: 2876)
Apr 16, 2020 12:34:25 pm EDT
Hello Mal,

Thank you for your message.

The default time zone used in Host logs is UTC.

Can someone tell me if the following entries indicate someone accessed the computer ?

Yes, according to the provided log entries the Host machine was accessed in the Full Control mode, Terminal mode and then the Host machine was shut down via the Power control mode.

The 127.0.0.1 IP address (or localhost) is a loopback address that points to the same Host machine. Could you please double-check if there are any other IP addresses or, perhaps, Internet-ID codes in the Host log?
In addition, you can also send us the log file to support@remoteutilities.com for examination.

Please note, that our program cannot be installed on its own. If it is installed on the system then someone or something installs it. We recommend that you run through the complete uninstall procedure described in this guide in order to get rid of the Host on the remote computer.

Hope that helps.
Mal Woods, User (Posts: 2)
Apr 16, 2020 7:17:13 pm EDT
Support level: Free or trial
Good Morning Polina,

Thank you for the response.  I have emailed support the full log for your examination.

I have taken over the computer support at this site recently and it appears the previous IT guy has installed Remote Utilities and connected through and deleted the customer's profile.

Any evidence you can provide would be appreciated.

Thanks

Mal
Pauline, Support (Posts: 2876)
Apr 17, 2020 9:13:35 am EDT
Hello Mal,

Thank you for the provided log file.

We will examine the log file to see if there's any information we can provide you.

I'll keep you updated.

* Website time zone: America/New_York (UTC -5)