My computer turned itself on. Was I hacked?

windows-7 wake-on-lan
21,349

Calm down

It is very unlikely that someone has remotely turned on your computer.

Wake On Lan (WOL), as the name implies, will only work on a LAN. Which means, it won't work over the internet.
This is due to how WOL works. The packets that are sent to wake up a computer aren't forwarded by routers. So, the packets will never travel very far (and especially not over the internet).

OK, so what was it?

This still leaves the question, why was the computer even turned on?

Assuming you're using Windows, there are many way a system can be woken up. Let's have a look into Device Manager:

enter image description here

As you can see, many devices can be allowed to wake the computer up. Like a mouse or a keyboard or a network adapter.

So, if your computer was sleeping and someone (maybe a pet) accidentally touched the keyboard, that can already be enough. But there's more!

You might have a scheduled task (maybe a backup) that is allowed to wake your computer so that it can perform.

enter image description here

What woke up the computer?

Somewhere in the Event Log, it should say if one of those things started your computer. Sadly, I currently lack a proper entry to provide a good screenshot.

But there are many reasons a computer can wake up from sleep that are far from a hack.

To determine why your computer last woke up from sleep, use powercfg:

powercfg -lastwake
Share:
21,349

Related videos on Youtube

user488503
Author by

user488503

Updated on September 18, 2022

Comments

  • user488503
    user488503 almost 2 years

    I woke up and found my PC switched on. I have wake on LAN enabled.

    I check the log and my pc started up an hour after i went to bed. I have very basic windows log reading skills. Is there something I can check to see if something malicious was done? Im going to change passwords and run virus scan. Incidentally my wifes user account on PC has no password. And she has admin rights.

    I know this all sounds bad, but I never expected someone could do anything to me. Also yesterday found out my hotmail account was blocked because of spam sent from my email. I have a very strong password on it to and never use third party hotmail checkers.

    Update: i use windows 7 pro

    Update: I will read the logs more later, but just so you know Im pretty sure it wasnt a scheduled wake, cause i never leave the PC on overnight, and its the first time this has happened since building this machine 10 months ago. I will of course double check.

    • Daniel R Hicks
      Daniel R Hicks about 12 years
      My wife had her Hotmail account hacked about a year ago. She's very careful, had a reasonably strong password, and our home network is quite secure. I think Hotmail probably has some inherent insecurity somewhere that makes it more susceptible to hacking.
    • Ramhound
      Ramhound about 12 years
      @DanH - Unlikely. The only known exploit in the last year which has already been fixed was an exploit that allow you to reset your password BUT there was a social engineering aspect that was required.
    • Daniel R Hicks
      Daniel R Hicks about 12 years
      @Ramhound -- Like I said, my wife is very careful and very unlikely to be taken in by a "social engineering" exploit.
    • user488503
      user488503 about 12 years
      @Ramhound Do you remember the huge number of xbox accounts hacked not so long ago?
    • Oliver Salzburg
      Oliver Salzburg about 12 years
      @madphp Please run powercfg -lastwake to determine what caused the computer to wake up.
    • user488503
      user488503 about 12 years
      @Oliver Salzburg Wake History Count - 0
    • Oliver Salzburg
      Oliver Salzburg about 12 years
      @madphp: OK, so that doesn't help us solve the mystery. Worth a shot :)
    • Vishwanath Dalvi
      Vishwanath Dalvi almost 12 years
      Congrats, God has turned it on.
    • Anonymous Penguin
      Anonymous Penguin almost 11 years
      Maybe the power went out for a second? For most modern devices, the capacitors in them will keep the clock even with a simple power outage for a second or two. This would prevent any signs of a power outage. (A.K.A no blinking time.) On my computer I know whenever I plug it in, it turns on automatically. A power outage wouldn't show up on a log somewhere, especially if it's already off. Unless a pet hit it or you sleep-boot your computer, I would say that this would be a likely cause.
  • user488503
    user488503 about 12 years
    Thanks oliver. I will check all this out. Though i can wake lan over internet. I hve it setup that i can.
  • Oliver Salzburg
    Oliver Salzburg about 12 years
    Even when set up to allow WOL over WAN, I'd assume an accidental activation is unlikely. To my understanding, waking a machine always requires knowledge of the MAC address to create the WOL packet. Now, if you've set up WOL over WAN and someone knows your MAC address, then, I guess, it could be a third party. But then it is hardly a hack if you leave the door wide open :)
  • Daniel R Hicks
    Daniel R Hicks about 12 years
    I know my laptop will fairly often wake from sleep while closed, unplugged, and in its bag. Windows is a very light sleeper.
  • user488503
    user488503 about 12 years
    Yes. I limit remote desktop to my account with a strong password. Incidently same password hotmail used for a month or two. Is there any good intrusion detection software out there? I suppose i should switch off wol, but i love it so much. I will have a proper look at log later.
  • Oliver Salzburg
    Oliver Salzburg about 12 years
    @madphp: I wouldn't be too concerned (at least from a security standpoint) about the computer being on or off if it is otherwise secured.
  • user488503
    user488503 about 12 years
    I guess i thought pc was only set to wake on lan. Its not in hibernate mode. I know this all sounds paranoid. Haha.
  • HaydnWVN
    HaydnWVN about 12 years
    Afraid of security? Then don't use Hotmail... - there's very little you can do to secure your account as Hotmail (although they don't like to admit it) is inherently insecure and widely targetted by exploit 'tools'.
  • Ramhound
    Ramhound about 12 years
    @HaydnWVN - What a bunch of hog wash. I have had a hotmail account since it came out, it is exposed and listed in thousands of google results, never once have I been compromised. I have NEVER been compromised on any acount and have been on the internet since 1993. Of course I won't call madphp an idiot for using the same password for everything.
  • Daniel R Hicks
    Daniel R Hicks about 12 years
    @Ramhound -- The fact that your Hotmail account has not been hacked yet proves nothing.
  • White Phoenix
    White Phoenix about 12 years
    Do you have your network setup such that your router's web interface is accessible from outside the network? e.g. Do you access the router from the Internet to send the WOL packet? If so, check your router's logs to see if there was any unauthorized access during the time your computer was turned on.
  • user488503
    user488503 about 12 years
    @Ramhound i dont use the same password for everything. Im actually pretty good at changing it up. I keep my gmail, hotmail and online password separate. Though I wont call you an idiot for making assumptions.
  • user488503
    user488503 about 12 years
    @Ramhound online banking
  • HaydnWVN
    HaydnWVN about 12 years
    Hog wash? link, link, link, link
  • Ramhound
    Ramhound almost 7 years
    This does not answer the author's question. Commentary that indicates you also have the problem, should not be submitted as an answer, instead it should submitted as a comment. If you are unable to submit a comment then it shouldn't be submitted.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

RDP to Windows 7 is stuck on Welcome screen after wake-on-lan from sleep
Wake on Lan utility for local only to sleep and wake up machine
"Allow this device to wake up the computer" disabled
Wake on LAN has stopped working after installing Windows 7
How to automatically turn off/on a laptop when plugged in/off
Wake-on-LAN packet won't wake computer
BIOS Wake on Lan options: Primary or Automatic, which option do I use?
WOL doesn't work when shutdown
How reliable is Wake on Lan (if configured correctly)?
Event Log "Wake Source" when system wakes from sleep