What is atwpkt2 service & am I being hacked or hijacked?

  • Thread starter Thread starter Mark
  • Start date Start date
M

Mark

I suddenly noticed in the system event log that several
times per day there will be events from
souce "RemoteAaccess" traced to user N/A that say "The
user User Name successfully established a connection to
The Internet (2) using the device IRDA8-1." This is
always preceeded by one or more "Service Control Manager"
events attributed to user NT Authority / System described
as "The ATWPKT2 service was successfully sent a start
control." Each time there is a "connection established"
event, it is followed by a "disconnected" event:
sometimes after a few seconds, sometimes after more than
an hour.
I have a broadband connection with a wireless access
point, but to the best of my knowledge it isn't
configured or activated. There are no remote users set
up on my computer. I cannot find any information on the
computer or on the net about the atwpktz2 service, and it
doesn't show up in msconfig.
Any ideas what is going on -- more importantly, should I
stop this and if so, how?
Many thanks!
 
Wes: Thanks for the information, but I'm afraid that I'm
not sure what to do with it. My wife does use AOL on
this computer, but the remote access, etc. stuff doesn't
seem to have any correlation to when she logs on/off
AOL. Does this thing just periodically phone home off
it's own bat, or what? We don't have an internet
connection named "The Internet (2)" on the computer [at
least, we don't KNOWINGLY have...]. Why is this showing
up as Remote Access? That was the thing that made me
concerned that someone might be hacking in and using my
computer to access the internet.

My underlying question remains: do these events showing
up in the event log indicate a problem, and if so, what
do I do about it?

Thanks for your patience.

Mark
 
Mark,

This may not help, but it's all I could find. At least you're not getting
BSOD.

ATWPKT2.sys and ATWPKT2.vxd
[[These files seem to be used for auto-determining your connection to the
www to reach AOL.]]

ATWPKT2.sys kernel dump AOL 9.0
http://www.the-it-mercenary.com/forums/Help/posts/2637.html

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=ATWPKT2&btnG=Search

--
Hope this helps. Let us know.
Wes

In
Mark said:
Wes: Thanks for the information, but I'm afraid that I'm
not sure what to do with it. My wife does use AOL on
this computer, but the remote access, etc. stuff doesn't
seem to have any correlation to when she logs on/off
AOL. Does this thing just periodically phone home off
it's own bat, or what? We don't have an internet
connection named "The Internet (2)" on the computer [at
least, we don't KNOWINGLY have...]. Why is this showing
up as Remote Access? That was the thing that made me
concerned that someone might be hacking in and using my
computer to access the internet.

My underlying question remains: do these events showing
up in the event log indicate a problem, and if so, what
do I do about it?

Thanks for your patience.

Mark
-----Original Message-----
C:\Programme\AOL 8.0\ATWPKT2.SYS
Click to expand...
Click to expand...
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Am I being hacked? 2
what is this service: advcfig50wnt 4
Wifi Network Issue 0
Help! I think I'm being hacked!! 1
LinuxForums.org Hack Exposes 276,000 User Accounts 1
Question about strange System Event Log Message: soylentgreen ser 16
Cannot load profile Event ID: 1500 0
Samsung and Roku Smart TVs Vulnerable to Hacking 1

Back
Top