Community


My desktop went black

Links used in this discussion
Chas Large, User (Posts: 16)
Feb 05, 2024 6:35:53 am EST
Support level: Free or trial
Started my PC as normal, dual screen. Left screen desktop went black, minimised program on Right screen, also black.
Suspected remote unauthorised access.
Closed HOST and desktop background returned.
Checked log file and found this:
05.02.2024---10:40:59:544 34 Remote Utilities - Host 70220 is started. GMT Windows 10.0 64bit
05.02.2024---10:40:59:936 96 Relay node: OK ID: xxx-xxx-xxx-xxx; Port: 5655; Try count: 1
05.02.2024---10:41:01:000 96 Relay node redirect: OK. Relay redirect. To: nn.nn.nn.nnn
05.02.2024---10:41:01:644 96 Relay node: OK ID: xxx-xxx-xxx-xxx; Port: 5655; Try count: 1

Replaced node numbers with x and relay ip numbers with n

No other records of a Relay Redirect in the log.
The only PC that has remote access to this is a laptop which is turned off.

Checked the relay IP and it's in the USA, I'm in the UK.

Has someone, somehow gained access to this PC via remote utilities?

Have changed Access numbers and passwords to be sure.
Conrad Sallian, Support (Posts: 3049)
Feb 05, 2024 8:03:17 am EST
Hello Chas,

Thank you for your message.

05.02.2024---10:40:59:544 34 Remote Utilities - Host 70220 is started. GMT Windows 10.0 64bit
05.02.2024---10:40:59:936 96 Relay node: OK ID: xxx-xxx-xxx-xxx; Port: 5655; Try count: 1
05.02.2024---10:41:01:000 96 Relay node redirect: OK. Relay redirect. To: nn.nn.nn.nnn
05.02.2024---10:41:01:644 96 Relay node: OK ID: xxx-xxx-xxx-xxx; Port: 5655; Try count: 1

You need not worry. These lines only tell that your Host has successfully connected to our server relay infrastructure and is in the 'listening' mode. If it were an unauthorised connection, there would be for example this:

Remote screen connection. Started.
or

FTP connection. Started.
depending on the chosen connection mode.

Have changed Access numbers and passwords to be sure.

You can also enable two-factor authentication.  And if you want to additionally protect the address book that resides on your Viewer computer, use address book encryption.

Hope that helps.
Chas Large, User (Posts: 16)
Feb 05, 2024 8:50:56 am EST
Support level: Free or trial

Conrad Sallian wrote:

Hello Chas,

Thank you for your message.

05.02.2024---10:40:59:544 34 Remote Utilities - Host 70220 is started. GMT Windows 10.0 64bit
05.02.2024---10:40:59:936 96 Relay node: OK ID: xxx-xxx-xxx-xxx; Port: 5655; Try count: 1
05.02.2024---10:41:01:000 96 Relay node redirect: OK. Relay redirect. To: nn.nn.nn.nnn
05.02.2024---10:41:01:644 96 Relay node: OK ID: xxx-xxx-xxx-xxx; Port: 5655; Try count: 1

You need not worry. These lines only tell that your Host has successfully connected to our server relay infrastructure and is in the 'listening' mode. If it were an unauthorised connection, there would be for example this:

Remote screen connection. Started.
or

FTP connection. Started.
depending on the chosen connection mode.

Have changed Access numbers and passwords to be sure.

You can also enable two-factor authentication.  And if you want to additionally protect the address book that resides on your Viewer computer, use address book encryption.

Hope that helps.

Thanks Conrad, just me being a bit Paranoid I suppose, it was the
05.02.2024---10:41:01:000 96 Relay node redirect: OK. Relay redirect. To: nn.nn.nn.nnn
That didn't appear anywhere else in previous sessions that worried me.

I'll follow up with 2FA and encrypt the address book too.
Cheers
Chas

* Website time zone: America/New_York (UTC -5)