Has Enybody seen this Win XP Event ID? I think I was Hacked

[Jesse Scarcege]

Hello Everybody,

I'm running Win XP Pro SP1 with Norton Personal Firewall 4.0

Last night I found the following entry in my event viewer
************************************************
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 1/4/2004
Time: 7:58:43 PM
User: S-1-5-21-1078081533-706699826-1060284298-1003
Computer: FIREWALL
Description:
The Remote Access Connection Manager service was successfully sent a start
control.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp
****************************************************************************
**
I've been looking info all over the net but couldn't find anything about it

I have never seen something like that and I'm afraid I have a Trojan or
somebody hacked my system

 

[Daniel L. Belton]

Hello Everybody,

I'm running Win XP Pro SP1 with Norton Personal Firewall 4.0

Last night I found the following entry in my event viewer
************************************************
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 1/4/2004
Time: 7:58:43 PM
User: S-1-5-21-1078081533-706699826-1060284298-1003
Computer: FIREWALL
Description:
The Remote Access Connection Manager service was successfully sent a start
control.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp
****************************************************************************
**
I've been looking info all over the net but couldn't find anything about it

I have never seen something like that and I'm afraid I have a Trojan or
somebody hacked my system

That is normal. It's just a message telling you that the service was
started, not that you have been hacked. You can prevent the service
from starting by setting the service to manual, or disabled. I would
personally set it to manual, then if some program did need it, then it
would be started.

 

[don]

Hello Everybody,

I'm running Win XP Pro SP1 with Norton Personal Firewall 4.0

Last night I found the following entry in my event viewer
************************************************
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 1/4/2004
Time: 7:58:43 PM
User: S-1-5-21-1078081533-706699826-1060284298-1003
Computer: FIREWALL
Description:
The Remote Access Connection Manager service was successfully sent a start
control.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp
****************************************************************************
**
I've been looking info all over the net but couldn't find anything about it

I have never seen something like that and I'm afraid I have a Trojan or
somebody hacked my system

As previous poster said--it's normal.
For future ref use this for Event IDs
http://www.eventid.net/display.asp?eventid=7035&source=

 

[Andrew Lomakin [MCP - WinXP]]

strange thing is that it is started by
S-1-5-21-1078081533-706699826-1060284298-1003
, not by system ..

P.S. nice computer name

 

[Jesse Scarcege]

Thanks for the Link Don, great web site.

Actually what made me feel worried is that the user in the log is
"S-1-5-21-1078081533-706699826-1060284298-1003" instead of "system", unless
the "s" means system, any ideas?
By the way, I'm using VMware to test some linux distros. Guests OS access
the Internet inderectly trough the host computer. Could that be the reason
of the event Id?

 

[Ken Wickes [MSFT]]

S does not stand for system.

S-1-5-21-xxxx is not a built in account, it's probably one of the accounts
that you created.

The Remote Access Connection Manager always runs, I don't see it as a sign
you got hacked.