3

I woke up and found my PC switched on. I have wake on LAN enabled.

I check the log and my pc started up an hour after i went to bed. I have very basic windows log reading skills. Is there something I can check to see if something malicious was done? Im going to change passwords and run virus scan. Incidentally my wifes user account on PC has no password. And she has admin rights.

I know this all sounds bad, but I never expected someone could do anything to me. Also yesterday found out my hotmail account was blocked because of spam sent from my email. I have a very strong password on it to and never use third party hotmail checkers.

Update: i use windows 7 pro

Update: I will read the logs more later, but just so you know Im pretty sure it wasnt a scheduled wake, cause i never leave the PC on overnight, and its the first time this has happened since building this machine 10 months ago. I will of course double check.

madphp
  • 201
  • 2
  • 4
  • 10
  • My wife had her Hotmail account hacked about a year ago. She's very careful, had a reasonably strong password, and our home network is quite secure. I think Hotmail probably has some inherent insecurity somewhere that makes it more susceptible to hacking. – Daniel R Hicks May 03 '12 at 11:59
  • @DanH - Unlikely. The only known exploit in the last year which has already been fixed was an exploit that allow you to reset your password BUT there was a social engineering aspect that was required. – Ramhound May 03 '12 at 14:29
  • @Ramhound -- Like I said, my wife is very careful and very unlikely to be taken in by a "social engineering" exploit. – Daniel R Hicks May 03 '12 at 15:45
  • @Ramhound Do you remember the huge number of xbox accounts hacked not so long ago? – madphp May 03 '12 at 20:10
  • 1
    @madphp Please run `powercfg -lastwake` to determine what caused the computer to wake up. – Oliver Salzburg May 03 '12 at 20:28
  • 1
    @Oliver Salzburg Wake History Count - 0 – madphp May 04 '12 at 01:00
  • @madphp: OK, so that doesn't help us solve the mystery. Worth a shot :) – Oliver Salzburg May 04 '12 at 11:29
  • Congrats, God has turned it on. – Vishwanath Dalvi Sep 11 '12 at 10:26
  • **Maybe the power went out for a second?** For most modern devices, the capacitors in them will keep the clock even with a simple power outage for a second or two. This would prevent any signs of a power outage. (A.K.A no blinking time.) On my computer I know whenever I plug it in, it turns on automatically. A power outage wouldn't show up on a log somewhere, especially if it's already off. **Unless a pet hit it or you *sleep-boot* your computer, I would say that this would be a likely cause.** – Anonymous Penguin Sep 28 '13 at 20:38

2 Answers2

8

Calm down

It is very unlikely that someone has remotely turned on your computer.

Wake On Lan (WOL), as the name implies, will only work on a LAN. Which means, it won't work over the internet.
This is due to how WOL works. The packets that are sent to wake up a computer aren't forwarded by routers. So, the packets will never travel very far (and especially not over the internet).

OK, so what was it?

This still leaves the question, why was the computer even turned on?

Assuming you're using Windows, there are many way a system can be woken up. Let's have a look into Device Manager:

enter image description here

As you can see, many devices can be allowed to wake the computer up. Like a mouse or a keyboard or a network adapter.

So, if your computer was sleeping and someone (maybe a pet) accidentally touched the keyboard, that can already be enough. But there's more!

You might have a scheduled task (maybe a backup) that is allowed to wake your computer so that it can perform.

enter image description here

What woke up the computer?

Somewhere in the Event Log, it should say if one of those things started your computer. Sadly, I currently lack a proper entry to provide a good screenshot.

But there are many reasons a computer can wake up from sleep that are far from a hack.

To determine why your computer last woke up from sleep, use powercfg:

powercfg -lastwake
Community
  • 1
Oliver Salzburg
  • 86,445
  • 63
  • 260
  • 306
  • Thanks oliver. I will check all this out. Though i can wake lan over internet. I hve it setup that i can. – madphp May 03 '12 at 11:52
  • 2
    Even when set up to allow WOL over WAN, I'd assume an accidental activation is unlikely. To my understanding, waking a machine always requires knowledge of the MAC address to create the WOL packet. Now, if you've set up WOL over WAN **and** someone knows your MAC address, then, I guess, it could be a third party. But then it is hardly a hack if you leave the door wide open :) – Oliver Salzburg May 03 '12 at 12:03
  • 2
    I know my laptop will fairly often wake from sleep while closed, unplugged, and in its bag. Windows is a very light sleeper. – Daniel R Hicks May 03 '12 at 12:05
  • Yes. I limit remote desktop to my account with a strong password. Incidently same password hotmail used for a month or two. Is there any good intrusion detection software out there? I suppose i should switch off wol, but i love it so much. I will have a proper look at log later. – madphp May 03 '12 at 12:07
  • @madphp: I wouldn't be too concerned (at least from a security standpoint) about the computer being on or off if it is otherwise secured. – Oliver Salzburg May 03 '12 at 12:08
  • I guess i thought pc was only set to wake on lan. Its not in hibernate mode. I know this all sounds paranoid. Haha. – madphp May 03 '12 at 12:09
  • 1
    `Afraid of security? Then don't use Hotmail...` - there's very little you can do to secure your account as Hotmail (although they don't like to admit it) is inherently insecure and widely targetted by exploit 'tools'. – HaydnWVN May 03 '12 at 13:10
  • 1
    @HaydnWVN - What a bunch of hog wash. I have had a hotmail account since it came out, it is exposed and listed in thousands of google results, never once have I been compromised. I have NEVER been compromised on any acount and have been on the internet since 1993. Of course I won't call madphp an idiot for using the same password for everything. – Ramhound May 03 '12 at 14:32
  • 1
    @Ramhound -- The fact that your Hotmail account has not been hacked *yet* proves nothing. – Daniel R Hicks May 03 '12 at 15:46
  • Do you have your network setup such that your router's web interface is accessible from outside the network? e.g. Do you access the router from the Internet to send the WOL packet? If so, check your router's logs to see if there was any unauthorized access during the time your computer was turned on. – White Phoenix May 03 '12 at 19:14
  • @Ramhound i dont use the same password for everything. Im actually pretty good at changing it up. I keep my gmail, hotmail and online password separate. Though I wont call you an idiot for making assumptions. – madphp May 03 '12 at 20:08
  • @Ramhound online banking – madphp May 03 '12 at 20:13
  • Hog wash? [link](http://www.metro.co.uk/tech/news/897739-microsoft-fixes-hotmail-security-flaw-as-hackers-access-accounts-for-12), [link](http://windowsteamblog.com/windows_live/b/windowslive/archive/2010/09/27/hotmail-security-updates-protect-you-from-account-hijackers.aspx), [link](http://www.itpro.co.uk/640333/microsoft-fixes-hotmail-security-flaw), [link](http://thenextweb.com/microsoft/2011/07/14/hotmail-releases-new-security-features-to-protect-users-from-themselves/) – HaydnWVN May 04 '12 at 14:36
-1

Wake on lan works over the internet, you must open the communication port on the router (with fixed IP) and your PC must have a fixed IP on LAN. Unfortunately with some motherboards, if you activate wake on lan over the internet, your pc starts rundomly. I done many tryes and the result is always the same, after one second, two minutes or some hours the pc starts. I have a Asus mother board and I tried port 9 2304 and 65535 nothing changes. Bye

Roberto
  • 1
  • This does not answer the author's question. Commentary that indicates you also have the problem, should not be submitted as an answer, instead it should submitted as a comment. If you are unable to submit a comment then it shouldn't be submitted. – Ramhound Aug 21 '17 at 14:59