Helping people with computers... one answer at a time.

Many Windows components log messages and the Event Viewer displays those messages. Unfortunately, those messages are often cryptic and inconsistent.

What is the Event Viewer? And should I care?

In an ideal world, you'd never care about Event Viewer. In an ideal world, software and hardware would always work, always meet expectations, and there'd never be any need to try and figure out why things are happening the way they are.

In an ideal world, we'd also be able to rely on the Event Viewer for clear and consistent information about what your system and all the applications running on it are experiencing.

Sadly, we do not live in an ideal world. Event Viewer can be a source for excellent clues into system failures and behavior. It can also be a frustrating source of exactly nothing. But it's definitely a tool worth knowing about if you're running Windows NT, 2000, or XP.

There are lots of ways to get to Event Viewer, but I typically hit Start, Run, and type eventvwr. There are typically three logs available:

  • Application: Applications running under Windows are supposed to log their events here.

  • Security: When enabled, Windows can log a host of security-related events which are logged here.

  • System: The operating system logs its events here.

If you click on the System node on the left side, you'll get something much like this:

Event Viewer Window

Each line on the right corresponds to one event logged by the system. The event type can be a "Success Audit," informational, a warning, or an error. Information here includes the date and time of the event, the source (the Windows component in this case) of the event, the "category," an event number, the user account in use when the event was logged, and the computer name.

This is where things start to get a little disorganized:

  • There are no hard and fast rules for what constitutes an error, warning, or informational event. In fact, a properly operating system might show error entries in the event logs.

  • As you can see in this listing, "category" is rarely used.

  • Each event is assigned a number. We'll see in a minute how to translate them, but for the moment, this display is rather meaningless to the casual observer.

If you double-click one of the event lines in the right pane, you'll get something like this:

Event Viewer Details

This is actually a fairly useful warning. The error number corresponds to the message displayed in the Description box. Here, my system is telling me that my clock might be off because it wasn't able to reach a time server for an extended period of time. Clearly, just a warning.

However, from my application log comes another all-too-common type of entry:

Event Viewer Details

This "Success Audit" of my run of Office Update is trying to tell me something. Unfortunately, "The Description for Event ID (0) ... cannot be found" is a very common Event Log entry. Often, there will be additional data included that might give a clue as to what was being logged. In this case, it appears to be a successful install of "VSDEBUG_6707_ENG". I think.

And that leads to how things get even more obfuscated in the Event Log: applications often including the operating system itself fail to log things correctly or at all. In their defense, the Event Log has a very convoluted interface to program to.

So, should you care? Absolutely. The Event Log is far from perfect, but it can contain valuable data. At worst, it will tell you nothing. At best, it may hold important clues to problems that you may be having with your computer or the applications you're using.

Go ahead and browse around in the Event Viewer. Don't panic when you see lots of warnings or errors. As I said, even a functioning computer will have those. In fact, if you look while your system is functioning normally, you'll get a sense of what "normal" looks like in your Event Log. Then, later when you see items that seem suspicious, out of place, or seem to be related to the problems you're seeing, that's information worth paying attention to.

Article C1917 - April 2, 2004 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

136 Comments
ziv
May 22, 2004 1:58 PM

and what can i do when the viewer don't work?
i click system/application etc and see nothing but "306 events" (or so) on top?

Leo
May 22, 2004 2:04 PM

You might check to see that View, All Records is set. They should be listed.

Scott
June 2, 2004 2:04 PM

Their are no log files visibile within my event viewer?

Leo
June 2, 2004 4:51 PM

DO you mean nothing in the left hand or right hand pane? And have you checked that "View" "All Records" is set? Are you logged in as an administrator (not neccesarily required, but it eliminates some possibile explanations)?

Carol
July 2, 2004 11:40 AM

So how do we know what an Event number means, for instance event 20?

Leo
July 2, 2004 2:36 PM

It's *almost* impossible to tell. The numbers used are specific to the application that posted the event ... so 20 for one application might be something different than 20 for another. That's why event logging and event viewer are such a mixed blessing. Typically I grab as much information as I can from whatever pops up in event viewer, especially in the event's description, and if that's unintelligible, (like an unexplained 20), then that wasn't any help to me and I move on.

ebrown
August 5, 2004 6:00 AM

I am having the same trouble as others listed above. When I try to view the application log, i can see at the top that there are 1295 events, but nothing is displayed. I checked and all records is selected, I also checked which columns are selected and all of them are. Could they possibly be hidden or something. Any suggestions would be appreciated. The only log that I can see is the system log.

Christo
November 11, 2004 12:01 AM

Event log services do not start, Event viewer does not open. What is the fix for it?
The errors that appear when you want a look at the properties are "Configuration Manager: A required entry in the registry is missing or an attempt to write to the registry failed"

shaya
November 17, 2004 2:28 AM

Hi Leo
I have seen the problem described above a couple of times where all records are selected but only the amount of records are shown. I currenly have the problem on a server running windows 2000 server where in the event viewer only the system log is visible. If you then switch to any of the other logs you get blank space with only the amount of events displayed at the top.

Tom
November 29, 2004 7:52 AM

Make sure that file replication service is enabled, if you go to the eventlog service, check the dependencies for it. Make sure that the dependencies are ok first, then try opening event viewer again. This should fix your problem.

BRIAN MILLER
March 5, 2005 3:49 AM

EVENT VIEWER

Hi my name is Brian Miller from North Shields in the UK. I have only just recently discovered the event viewer and as you can imagine I have not got a clue what it all means. The only thing that stands out to me as being not right is in the security part. I would have thought that the only name listed on the USERS section, would be my own BRIAN MILLER. Instead of that the names listed as users are as follows:
SYSTEM, NETWORK SERVICE, LOCAL SERVICE, BRIAN MILLER, and ANONYMOUS LOGON, does this look as it should?

The one listed out of all thatís got me worried is ANONYMOUS LOGON. On close inspection via properties reads as follows:
------------------------------------------------

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 3/3/2005
Time: 1:31:04 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: BM-INTERNET-PC
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x1737C)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name:
Logon GUID: {00000000-0000-0000-0000-000000000000}

------------------------------------------------
Can anyone please advise me?

Many thanks in advance, regardÖBrian Miller.
================================================
Web Site: http://brianmiller.batcave.net/
E-Mail: mr_brianmiller@hotmail.com
================================================

Tony
April 4, 2005 10:32 AM

Hi Leo,
I don't have an EVENTLOG Service at all. WinXPpro with SP2.
I discovered this when attempting to install Diskeeper. It would not install.
Every time I click on say "Application" or "Security" or "System" in the event viewer, I get an error. "Unable to complete the operation on "Application/Security/System". the interface is unknown."
The .EVT files are there. I even copied some from another pc. But still the same error.
Any ideas?
Thanks,
Tony

Leo
April 4, 2005 7:40 PM

I'd check to make sure the event managing service is running. Right click on My COmputer, select Manage, expand Services and Applications, Select Services, double click on "Event Log". Make sure that the startup type is set to "Automatic". You can hit "Start" also to start it up if it's not running.

Tony
April 5, 2005 9:06 PM

Hi Leo,
What I meant was there is no 'Event Log' service. IE, when I do what you say to do here, there is no service there to start up!
So its totally missing from my list of services.

And in the 'event viewer' there are three events I can see,
Application
Security
System
But when I click on them I get the error I mention.
Probably because there is no EVENT LOG service, so it can't be switched on.

Now I can't think how it got lost. So I was wondering whether you knew how to reinstall that service. Or is there a commandline that I can use to switch it back on.
I have googled this for hours without finding anything. Except other people with the same problem.
Cheers,
Tony

Leo
April 5, 2005 9:13 PM

Wow. I'm surprised XP runs without it. I would try the system file checker first http://ask-leo.com/what_is_the_system_file_checker_and_how_do_i_run_it.html

Tony
April 7, 2005 6:38 AM

Me too.
I've come across half a dozen people reporting this same problem. but no answers.
I had tried sfc already. It certainly replaced all the system files. But didn't fix the problem.
I think the errorlog might be running in the background somewhere because I used PROCESS EXPLORER and it has this line:
HKLM\SYSTEM\ControlSet001\Services\Eventlog
But I don't have the eventlog listed as a service, I can't actually view the event logs in the viewer.
I first noticed this when I tried to install Diskeeper.
Clearly, something has done this. SP2, or ??

Diskeeper installation reports that "the Diskeeper Service failed to start. Verify that you ahve sufficient privileges to start system services."
But I am the administrator. Something has fooled with my services. But I'm at a loss to know what. And I so hate to reinstall....
Thanks
tony

Phk
April 11, 2005 1:53 AM

I have the same problem using Diskeeper...

bst
April 11, 2005 2:25 PM

doubt it is strictly an sp2 problem. i am experiencing the same problem on a windows 2000 box and a windows 2000 server box.

you can even navigate to c:\winnt\system32\config and see that the .evt logs are there and certainly not empty. (you can copy the file and open with wordpad to verify it's not empty.) even when i try to open this copied file through event viewer, it does not list anything, although at the top it says there are 6,223 events.

checked all my dependencies and did notice that the SNMP Trap Service was not started. still same problem after i started it.

Tony
April 12, 2005 10:21 PM

I found this on the diskeeper 1920 error.
http://a9.com/XP%20eventlog%20service%20missing
It doesn't help me though.
My eventlog is still missing. Although I can see the diskeeper services trying to start if you follow the article through.

It may not be an SP2 problem. I only noticed it after I installed SP2.
Like you bst, I can see the logs. Open them in notepad etc. But I cannot view them in the EVENT VIEWER. I get an INTERFACE IS UNKNOWN error.
I cannot see an SNMP Trap Service.
This install is only a month old. That's what's got me bushed.

Tony
April 12, 2005 10:23 PM

Ah, sorry about that url. Its this one.
http://www.softwareshelf.com/files/supportFAQView.asp?ID=1482

Angela
April 28, 2005 1:07 PM

[Copyrighted information removed. Visit this link instead: http://support.microsoft.com/?kbid=111720 -Leo]

So go to %SYSTEMROOT%\SYSTEM32\CONFIG directory and check proporties. My guess they are read only and you have to change it to read -write permissions.
Angela

Judson
June 24, 2005 2:55 PM

I was working on a computer with the same problem that Tony is having. I discovered that in the registry under HKLM\SYSTEM\CurrentControlSet\Services\Eventlog
the settings for the three logs were missing. I exported the key from a working XP installation, edited the .reg file that was created so the the computer name in the first section matched the name of the broken computer, and merged the file into the corrupted registry. After a reboot, everything was fine.

CJ Shafer
June 26, 2005 5:22 PM

Should I leave all these listing (I had 1800)in applications and systems or should I deleat them?

Leo
June 26, 2005 9:25 PM

You can delete if you like. Or not. Unless there's a message about the log being full, you don't really need to.

Jim Andrew
July 6, 2005 7:34 AM

Leo,
When I double click on the one of the event lines on one of my Windows 2000 servers, nothing happens. Then when I try to close Event viewer, I get a dialog box telling me to close the window that never opened. I have to use Task Manager to shut it down. What makes this happen?

Leo
July 6, 2005 8:49 PM

Sound like the window's open, but not visible. Perhaps it's off screen? After you double click on the event viewer line, press ALT+Space, then M, then use the arrow keys to see if the window comes into view. If it does, just click on it and then it *should* appear on screen in the future.

Peter
September 30, 2005 2:28 PM

REF: Diskeeper if you get the 1920 error goto sevices and start event log service this should solve it

Slava
October 23, 2005 11:15 AM

My Event Viewer (XP SP2) doesn't show any new events. Here is the last message in Application even log: "Windows saved user MY-LAPTOP\IKK registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account."

I would appreciate any advise how to unfreeze the Event Viewer.

Thanks,
Slava

Joseph
November 28, 2005 9:21 PM

Im a System Administrator on our company. We are using Windows 2000 as an OS to our network, Time and date on our desktop is very important. Does time and date changing is possible to create a log on event viewer? Is there any way to detect if the user change time and date on their desktop? Thanks a lot... i would really appreciate for your help.

Leo
November 28, 2005 9:24 PM

Not that I'm aware of, no. Right now I don't have any good suggestions either.

d@vid
January 5, 2006 2:56 AM

we're using the event log to capture errors in our development project (go us!) - however on two different machines running the same application event viewer displays different descriptions: one always prefixes the description with "The Description for Event ID (0) ... cannot be found", and the other doesn't - any ideas why? (searching on the web returns results with this string but not a reason why it occurs)

d@vid
January 5, 2006 3:05 AM

and a tip for anyone wanting to find more info on an error - you can look up descriptions and user feedback for specific EventID/Source combinations at www.eventid.net

Jagerbobb
January 12, 2006 6:39 AM

I found an "old" print-out with following in it.
TIME-------EVENT-------INTRUDER-------COUNT. UNDER these headers are: TIME (9/28/2003__3:11:19 A (U or T)(C-or- D)P.
Probe_Other;SSRP SLAMMER and many others! To me, this sounde intrusive and possibly highly illegal!

INTRUDER_(One Each) c-24-1158-197-52.mn.cli; OEMCOMPUTER; syr-24-59-49-90-twcny.c??; Others are:SSRP_SLAMMER. Finally,is the "Count", i.e. 1- as high as 46!!

Michael
March 31, 2006 2:03 PM

Can you replace the system log or import a saved copy of it??

Thanks

Richard
April 5, 2006 3:31 PM

I have 2 users with laptops that when their event logs fill up will not allow them to log back on until an administrator (me) logs in and clears them. Can you help me figure out how to fix this?
Thanks Leo!

Leo
April 5, 2006 3:35 PM

In eventviewer, right click on the log that's filling up, hit "Properties" and then change the "Log Size" parameter to overwrite as needed.

shivaprakash
May 10, 2006 3:56 AM

dear sir i am using win2003 server , i am no able to open windows eventviwer.what is the problem while i was logged on administrator eerror showing on the windows desktop.plz solve this problem..
with regards.
k.shivaprakash

vincent
May 11, 2006 11:06 PM

Hello Sir,
I am very much interested in knowing more about event viewer and troubleshooting. Could you please guide me and refer some links about this.

Thanks & regards,

J Anthony Vincent.

James
June 6, 2006 7:48 AM

Hi,

I have noticed that my applicatio event log on Windows xp sp2 only goes back to 2-16-06. the current date is 6-6-06. Is theres something wrong with my MMC console where the application event logs are not being logged anymore?

Thanks,
james

denise
June 20, 2006 9:21 AM

My event viewer is filling up with print job information IE: everything someone prints an event is displayed in the event viewer anyway of stopping this as it fills up to max size everyday

Leo
June 21, 2006 8:53 PM

Right click on the log (Application, System or Security - which ever is filling up), and select Properties. You can then set how it should deal with overflow. I know of no way to actually stop the events from being logged.

Carlos
June 27, 2006 12:29 PM

I get an error on the event viewer that says "The ACCESNT service failed to start due to the following error: The system cannot find the file specified." Any idea how to fix this error (or at least stop it from showing up on the Event Viewer)??

Leo
June 27, 2006 2:48 PM

A quick google search seems to indicate that's a device driver of some sort. You'll probably have to figure out what device it is you have that it might apply to.

You can certainly go into service manager, (Right click on My Computer, click on Manage, click on services) and look for a service by that name and change it to "disabled".

Tim Kulogo
July 17, 2006 9:32 AM

I ghosted a 20gig drive to a 40gig and I couldn't copy or move files with the 40gig running until I disabled the event log service, then it seems to run fine. I'm running Windows 2000 SP4, and I used Ghost 2003. Do you have an explanation?

Clive Luxton
October 1, 2006 9:46 AM

Leo
Can you tell me how to rid my pc from the error boxes that pop up every time i boot up

Leo A. Notenboom
October 1, 2006 10:03 AM

Depends entirely on the specific error message(s).

sharon leech
December 11, 2006 6:25 AM

Leo, I'm getting a WinVNC4 error - Sconnection:Authfailure exception: Authentication failure - in my eventviewer logs and want to know how to stop this error from being logged. Have you any ideas please.

Ciara
December 18, 2006 2:01 AM

Does the computer need to be switched on for the event viewer to log issues etc? There are a lot of entries for times when I'm at work so I suspect someone is using my Pc when I'm out of the house.

Leo Notenboom
December 18, 2006 8:39 AM

Yes it does.

James McKechnie
January 22, 2007 3:52 AM

how do i erase events in 'events viewer'?

Peter E Avon
March 3, 2007 5:57 AM

I often check the event viewer and I get a lot of warnings but I could never find any explanation for them and they just keep on building up....Can I delete them all???

Rob
April 19, 2007 8:15 PM

Hi Leo
Just started working with Server 2003 and found that the Security event log registers Success Audits about Logon/Logoff events on the server , but I know for a fact that these accounts are not being used by anyone (I only set them up recently to test, but have not given them to anyone). Have you come acros this yourself before?
Thank you

Rob

James
April 24, 2007 7:35 PM

Hi Leo,
I have this error msg, 'Proccess Notification: Failed to send the mail message error code: -49'. May I know what is that means? Thanks.

Kofi Ampaabeng
July 19, 2007 3:21 AM

Is there a way for me to know which files have been accessed and copied from my pc using the Event Viewer?

carl
November 23, 2007 10:23 PM

The event log shows action 6006 (log off?) when I was out. I suspect someone is using my computer while I am at work. Shouldn't there be a corresponding action 6005 (log on?) action? does this mean they have deleted the log on action but forgotten about the 6006? Thanks for your comments...

Henry Veldman
November 28, 2007 7:08 AM

I have an "illegal" entry in the event log and it seems to have rendered it inoperative. I was experimenting with a VB program and in trying to write to the event log, I inadvertently created a new category. The new category is actually something that looks like a global.asa entry: "Data Source=mis-sql;InitialCatlog=TimeEntry...." (more stuff)
I do not know how to remove it.
Even worse, in IIS, my Default Web Site service is stopped and will not start.

Any advice, including reinstall IIS, is appreciated.

Debbie Barras
April 23, 2008 7:46 AM

I don't actually see an answer to Leo's question about the anonymous logon. I also have that line item in the audit section of the event viewer. If anyon know where it is coming from or if it is nothing to worry about I would apprciate it if they could send a reply....thanks

Aditya
June 10, 2008 4:43 AM

Hi, I have written a windows service with a code for logging any info/errors into the eventlog. The event source is not getting created/displayed. The message that I am getting in the application source is that the event source was created but the node is not displayed in the viewer.
Any advice

sekar
July 7, 2008 11:54 PM

EventViewer
i have system events has more error files.how to trouble shooting this error.
error message:cant register the ip address
can u help me

Rakesh
July 29, 2008 4:23 AM

Can we write the data in to the event viewer in windows operating system..if yes.. How???

Judy
January 1, 2009 12:19 PM

To me, the most mystifying thing about the Event Viewer is what programs were involved. I had one triggering off every 5 minutes, but it wasn't at all obvious what it was and a Google search came up with anything from malware to system and needed. Someone else suggested it was Symantec's updater, and once I eliminated everything that smelled of Symantec on my system that log entry went away. Makes me feel good not to be cluttering up stuff with unnecessary internet requests.

Mike Maus
April 2, 2009 9:33 AM

Thanx Leo! It's amazing that people who can write complex computer programs in code often seem to have great difficulty documenting their programs in a spoken language. It never occurred to me to right click a line in the event viewer, and apparently it never occurred to Microsoft to suggest it, either.

walaa fawzy
December 9, 2009 12:06 AM

event viewer can not be opened and short cut is disabled....how to retain it again..and not exist in administration tools....?
thanks

Darren
January 16, 2010 10:45 AM

Do i need to clear my eventvwr, and is it safe to do so, i am very new to computers so any advice is very welcome

It's safe, but you don't need to anyway.
Leo
17-Jan-2010

Mark
October 1, 2010 8:35 AM

can you get rid of these errors or warnings? does extra need tp be bought for this?

No. The event log is simply messy and has warnings and errors in it all the time. Yes, that makes it extremely difficult to know which ones matter.
Leo
02-Oct-2010

Kelly
December 3, 2010 1:38 AM

My applications in event manager has a lot of errors, I have currently got 2181 logs in there..What should I do, I recently got this call from overseas and they said they are from the Microsoft team and that my computer has a lot of viruses and malware, but I dont fully trust them, what do I do with the errors? can the logs really show that I have a malware?

That call was not from Microsoft - it's a scam. Ignore the call, and ignore the errors in your Event Log. The event log is a mess, and the scammers are trying to scare you with that.
Leo
03-Dec-2010

Kelly
December 3, 2010 3:58 PM

Thank you very much for clearing it for me. It's a relief. But just to be sure.The call I got from overseas gave me a website to go to so I can hook up with the technical support which is linked to them www.support.me is that a scam as well?

Anyone that calls you in this manner is attempting to scam you, yes.
Leo
04-Dec-2010

Donald Dantice
December 17, 2010 3:35 PM

Leo: Thank you and all the others who left comments.
Today 12-17-10 I was working on my computer at home when the phone rang. When answered the party identified themselves as member of the microsoft team and they were detecting a lot errors coming from my computer. When I ask them which one they could not answer. At the time I had three computers running. They kind of caught me off guard because I was having problems with one of them. They referred everything to the event viewer. The really weird thing was they called on my home phone which I never use on the internet and is even unlisted so that was my first clue. I asked them for a call back number which they told me they could not give me until I had performed a certain action. I told them if they could not provide a call back number we had nothing to discuss. They promptly backed out. Seeing that others are having some of the same issues and your great response reassured me. Thank you all

Lee Guptill
January 2, 2011 12:29 PM

I have a lot of application hang errors. Is this cause for concern?

Roy Laws
February 8, 2011 2:23 PM

I got the same scam call Feb 8, 2011, at 2:15 pm pst. I did not get any satisfactory identification from the operator so I told her she was out of luck if she expected me to scan my computer for her to extract passwords and other information.

Brian Robinson
February 18, 2011 7:03 AM

Yesterday, 17th Feb 2011 got a call from some Asian sounding person, said he was from Microsoft Windows. Said I had a lot of errors and my PC was in danger. Went to Event Viewer- panic set in, dozens of errors were present. On checking if he was pukka MS he seemed to know my PC CLSID ??? So let him in to my PC!! Got suspicious when £ signs appeared, even though the guy said it was free. Made excuses and cut him off saying he could ring me in 1 hr. My PC supplier told me it was a SCAM. When the guy rang again I told in no uncertain terms not to call again!!
I have since wiped HD and reinstalled XP.

That's definitely a scam. Keep an eye on your accounts and credit cards, as me may have had enough time to steal information from your computer. Is my ISP calling me to clear up my problems with Windows?
Leo
18-Feb-2011

Janine
March 3, 2011 4:20 AM

I had the same call (in Australia), 2 of them on consectutive nights, same MO as the above posts. I let the second caller go for a bit to see what they'd do. They tried to tell me the 'events' on my event viewer were viruses, I asked for their address and he gave me one, I googled it and it was a house (obviously bogus address) when I asked why the address came up as a house he hung up. I shudder to think how many people really do believe them and let them onto their computer.

Tama
March 8, 2011 1:12 AM

isn't it funny, I got the same call too!! - when i asked him how he got my landline they said that 'when you purchase MO products you immediately disclose your information" - yeah right. When I told him to email me the navigation details he said "I can't because it's too long" so i said, "well I can probably get this fixed through a Computer shop, so you send me an email with the error messages you are 'supposedly' receiving and I'll get someone at the PC shop to fix it"....still waiting for that email...;)

Wall
March 22, 2011 9:13 PM

I just got the same call three hours ago. Guy with a thick accent called and said he was with MS and that my computer had signaled MS with a host of errors. Said he was with technical support and was calling to "help" me. When I asked why his number came us as unknown on caller ID he got belligerent and demanded that I follow his instructions. Told him he was nuts and hung up

Richard Smith
March 30, 2011 4:58 AM

I've just had that Asian person on the phone and let him onto my computer to deal with the error messages !! Is there a risk that he has accessed info on my computer without me knowing? Had a look at the website the person was ring from. They were trying to sell me antivirius software. What should I do?

Thanks

You need to scan your computer for malware, possibly change account passwords, and if you gave that person a credit card number check with your credit card company for any fraudulent charges.
Leo
30-Mar-2011

Chris Norris
March 30, 2011 2:54 PM

Hi, I have had the same call from these people, in fact they have tried me twice now. I told them that I was not ammused by the fact that they wanted to access remotely my computer to get rid of these errors. The chap got quite belligerent when I said that I did not want to give him access and because he would not stop keeping on I put the phone down on him. He phoned me back within seconds and got loud verbally and then he put down the phone. In no way allow these idiots access to your computer

Em
March 31, 2011 11:46 AM

Thanks Leo and all who posted. I got the call from the scammers too. I'm glad I googled eventvwr when the guy told me to put that in "run". I was reading your postings while with them on the phone. I had fun ;)

Jasmin
April 6, 2011 6:05 PM

Oh my god i just hung up the phone from that wanna be call center he told me he was going to transfer me to his supervisor he was asian as well the asian dude says oh my god a lot ever time i told him how many errors my computer has. im so dumb i let him get in my computer and then he tried to charge and i said no and he took off the program

Sukhpreet Aujla
April 7, 2011 4:12 AM

I have been having the exact same calls. Same asian person, he transferred me to his supervisor, who also kept saying oh my god everytime i mentioned errors. The second time i mumbled the amount of errors i had on purpose and he still said oh my god. I thought if he was from microsoft he would act a bit more professional than this.

I told them I was going to get rid of my computer to make them back off, the guy just put the phone down. Then i googled eventvwr and found this. It got quite far because he was telling me that he would install antivirus and anti-malware onto my computer. No credible place would do such a thing, hopefully they will stop calling.

Glenn
April 7, 2011 9:53 AM

Oh yea.... I just got the same scam call. When the phone connection is that bad, you know somethings up...I hung up TWICE!

Elx
April 14, 2011 12:07 AM

Had the same people call me. Did not trust it from the start, but still? I did ask for their phone nr & website {url removed}, which looked ok (and phone nr matched). Then had a look in event viewer with them and looked at error messages. I sort of knew that should not have to be a problem, but still.. I told her, thank you for identifying these issues, i will have local computer technichina have a look at it. She became quite upset and asking why i would do that, etc. I had enough and told her I would calll her back if after some research she was the true deal. Any way very happy that i googled this and read this. BUT i am in trouble now? I did not give her credit card details, but would she had access to my computer? please explain if i need to be worried. Thanks.

Unless you took explicit steps to GIVE her access to your computer you're fine.

Leo
14-Apr-2011
Faith
April 15, 2011 6:48 AM

Wow! This is such a relief and I am amazed to see that people like me also got the same call. He wanted me to allow him to give him remote control and File Manager access, that's when I snapped! He kept on persuading me to do it but kept saying no then he lost his patient swore at me, that's when I hung up. Bless you Leo for posting this!!!

This scam does seem to be pretty common right now. This article covers it in more detail: Is my ISP calling me to clear up my problems with Windows?

Leo
15-Apr-2011
Lynew
April 18, 2011 4:53 AM

Thanks Leo for taking the time to put this information out there. I have just had the call for the second time. The first I could not understand so did not go far. The second call got me into the event log was not sure if the information being given on the phone was correct and the properties box was not giving me the security alarm he was obviously portraying. When he asked me to open the browser I told him I was uncomfortable with this and ended the phone call. He said he was from the virtualPCdoctor.com windows company. I was eager to research what he was telling me about the event viewers and this site was the information I wanted. So Thank you again and to hell with those scammers. Cheers

Eddie
April 19, 2011 9:59 AM

i contacted mcafee last night because i was having problems remove a antispyware that was there software. the tech had me give him access to my system is this something that i should be concerned about. he did show me the event log and told me there was some issues. he wanted to fix the problem for a fee. i told him no that was ok. so i then did a windows recovery because he kept tell me that the problem was with windows.

John
April 20, 2011 5:28 AM

Hey guys had the same call twice from some Indian man. It all sounded like a mumble. He cant even get his English correct, but I started to sense that he was trying to get information from my computer. I hope none of you actually gave him any details but I think you would of had a problem understanding his English it was so bad.
Such a terrible scammer and I hope he reads this and learns some English.
Cheers for the site good to know I wasnt the only one getting this call.
:D

David
April 22, 2011 1:08 AM

just had a similar phone call. He asked me to go into event viewer, click on application, then see if there were any errors and tell him the source. Was suspicious from the start, but thought there was little risk in giving that information. I started asking more questions and he hung up

Jagleop
April 30, 2011 1:00 AM

I just had a similar call to inform me of a lot of error on my computer under event log and the computer would crash soon. He asked me to log in to his website www.logmein123.com so that he could gain access to my computer. At this point, I clearly understood his intention to steal data from my computer. Hence, i disconnected the call.

charles cohen
May 5, 2011 12:08 AM

i have run windows 7 and when starting up on a website it will run for about 5minutes before it freezes and says at top mozilla firefox (not responding) this lasts for approx 5minutes then everything is fine and then happens again...after second time runs smoothly, as i am pretty much a novice with computer could you please help..thank you...i have been told to go to enentvwr, by hitting start/run but don't understand...

Not responding is covered in this article: "(Not Responding)" - What does it mean, and what do I do about it?. I'd start by disabling all the FireFox addons.
Leo
05-May-2011

J.
May 14, 2011 11:58 AM

I just received a call from an Indian guy too. I did not really understand what he was saying but he told me to go to Event Viewer and COUNT all my information, warnings, and errors. Apparently, I had 48,000 in total and he said that this was a huge concern. This startled me but it was suspicious because I'm not familiar with their company. He said that my computer would crash if I don't "renew" my warranty for $109 -- then they'll help me. A couple of friends and parents advised me that I should not believe them but I'm still a bit wary of the huge number of errors on my event viewer... Help?

As the article you commented on states, the event viewer is a mess. Ignore those phone calls, and don't worry about things in the event viewer - even 48,000 things.
Leo
14-May-2011

Soumya
May 15, 2011 9:55 PM

Hello Everyone.
I was reading through the comments and I think I should give some more insight in the scaming issues.Whoever calls you and takes you to the "eventvwr" window is trying to scam you of your hrad earned cash.

I have no shame to admit I worked with the company you all are recievening calls from but I did resign when I found out what they are doing with this eventvwr stuff as I use a computer and I really dont like to cheat someone on something that is related to computers. [I know I am entitled to some harsh words from you as I am posting this but then there it is.]

when someone says "we beleive in security and dont want any information over the phone and sends u a form which asks for the credit card stuff and also says 'once I send you the form I loose accesss of your computer (if you have given him access already) he's LYING. he can see what ever you type in he/she takes note of the numbers (CC Card) and notes them down in a piece of paper which they can use in future.

So please hang up on these calls and I personally believe even if your event viewer has a lot of warnings or errors theres nothing to panic about.

And yes the old people are most like the target and people who dont know much about computers or are new to it.

Never give access to these guys its for your own security. Dont disclose your card details nor your Social Security number.
If any of you need to know more I ll try to help.

If you all fell like abusing me please do so as I know I deserve it but hey I didnt know what they are upto and when I did I quit.

Stay Safe Everyone

Mark J
May 15, 2011 10:50 PM

@Soumya
Have you considered going to the police with the information you've posted here? That would go a a long way toward helping the people who might be cheated in the future and help you sleep better at night.

Soumya
May 16, 2011 5:58 AM

I dont have any solid evidence except the things u all wrote here.. and above all this is India and with so many issues in hand this will take years to complete.

pboo
May 18, 2011 6:00 AM

I was recently called by someone telling me that I had errors on my pc which if left unchecked would cause it to crash. He directed me to event viewer> applications where I could see several warnings and errors. He continued by saying that my pc was running slow because of these errors and viruses that my anti-virus was unable to detect. I asked him how he could possibly know this because my pc is running perfectly well. He rattled off a load of technical jargon and gave me his phone number and website address for the company he worked for.(www.helppconline.com)
I told him I wasn't interested but checked out the site anyway, and it seems like a legitimate company, although I still think they're trying to provide a service that many people don't actually need, trying to scare people into paying for their service whether their pc needs it or not.
The point I'm trying to make is, I think scammers have jumped on the bandwagon of the legit companies making the whole issue of cold calling even more hazardous.

Chasbo
May 19, 2011 1:32 PM

Hello people
I just received a call from an Indian guy also. I had a little difficulty in understanding what he was saying but he told me to go to Event Viewer and COUNT all my information, warnings, and errors. Apparently, I had 112 in total and he said that this was a huge concern. However he told me he was a Certified Microsoft Technician, working for Microsoft USA, and that I should allow him access to my computer by typing in www.logmein.com. He told me that Microsoft had been monitoring my computer for reported errors for some time and that he would resolve these issues. I asked if I could call him back as my phone records called numbers and this one did not have a call back number. After haggling for a while he gave me his "Indian name" (Roger Williams, at 250-9**-**** [phone number removed]). I called the number, to no avail, and contacted Microsoft USA and Canada. They asked me to have him email me next time and forward that email to Microsoft as Microsoft does not contact people directly.
Be careful of what you give out...

bruno
May 23, 2011 3:18 PM

Hi everyone, i got scammed yesterday without realising. they had access to my computer for about half an hour. they ran programs like, disk cleanup, smart defrag, and criticalscan before I realised what was happening and just pulled the plug on the computer. they wanted money through paypal to instal a new antivirus/anti malware program. how can i find out if there is any hidden keylogs or trojans etc on my pc, and how can i remove them? i did run a virus scan with trend but nothing came up. i also tried to do a system restore but they wiped all the restore points. i moved my antivirus to the highest settings, i need to know what can i do to make sure they dont get any more information than they already have? thanks

expose13
May 30, 2011 5:04 PM

ha, I just had a call from a similar (if not the same) person. I knew it was a scam from the get go. I took him on a bit of a ride before I told him how it was and I just got an awkward silence and a disconnected tone. He said he was in New Jersey and he worked for Microsoft. I'm in New Zealand.

Lucy
June 1, 2011 3:41 AM

My boyfriend just got a call like this at home telling him to type eventvwr into the computer. The funny thing is, my other half is a carpenter and NEVER uses the computer- apart from the day this person called! Thankfully he saw if for a scam and told him where to go...very worrying!

Rachael Ball
June 3, 2011 9:31 AM

I just had an Indian guy call me and try to get me to log on to event viewer, he to said he was working for microsoft. I told him I thought it was a scam and he said "You won't think it is a scam when your computer dies on you in 2 weeks time!" and put the phone down on me!

Roaftech
June 7, 2011 1:59 AM

Helpful response - many thanks for your efforts.
I had a similar (same?) experience. He had called several times previously, when I wasn't at the computer but finally I strung him along for a while because you can get some useful info. However, when we got to the logmein point I told him I was about to replace the computer (true) and he muttered some warning about transferring my 'corrupted' software and lost interest.
I would really have liked to tell him it was a Linux machine, just to get his reation (but I was actually using XP at the time).

Susan Fong
June 20, 2011 2:49 AM

I've got an Indian guy calling me too to direct me to my run folder and to run this event viewer. He claimed to be representing Microsoft and based in Australia, trying to help me (from Singapore). He warned that if I don't do as instructed my computer will crash. Can anything be done to stop these creatures from creating such nuisance?

Jonathan Griffiths
July 1, 2011 6:16 AM

Thank god it's not only me !! I've just had an Indian guy on the phone, itimating he worked for microsoft, he had me run through the procedure of eventvwr etc and just at the end of the call he said he worked for a company called Help PC Online and they would fix my problem (what problem I wasn't quite sure of anyway !!!) for far cheaper than anyone else !!
Scam, scam, scam !!!!!!!!!!!

Joanne Sharp
July 9, 2011 2:53 AM

Same! An Indian lady claiming to work for HP got me to run eventvwr and then advised that the warning and error msg's meant my PC was currupt with 'hackers' and if I didn't pay £99 for them to remove these files then then my personld be ID/bank details etc could be stolen, and used illegally, and if this happened I would be responsible as I did not follow their advise. Scam bells were ringing in my ears from the beginning of the call and I'm so glad I've seen this article now to confirm!!!!!

bernie
July 14, 2011 8:01 AM

The indian gut just phoned me with the same request. When asked what his contact details were he hung-up......

GINA
July 15, 2011 3:57 PM

SAME!!!!
they called me in (I live in Canada) 5 minutes ago, indian voice and want me to enter in a run box of the computer "eventvwr" and I dind't I told then that they are a scam and shut down the phone!
I also asked him some info, he said his name was " Victor" and also can contact him at 19055811797 windows service center in Toronto. I didn't believe anything and then they still calling and I just dont answer the phone!

Thomas
July 16, 2011 4:02 AM

That makes sense!!!
The error and warning type is essential, but not fatal to my PC. I just had the same indian guy on the phone. First I thought I had malware on my computer that Microsoft could detect, and felt safe that he would solve the problem. After 1 hour (one!) he presented me to a 6-digit password I should type, and refusing that he gave the phone to a co-worker. This co-worker was not so polite, and I figured it was scam. They just wanted to sell me a 4-years licence of something strange, to solve a problem I didn¬īt know I had!!!

chicagocubbi
July 18, 2011 3:24 PM

Received a call about 10 minutes ago from a very Indian accented guy saying he was from "Global Tech", telling me I was infecting computers around the world unknowingly. Had me look into my event viewer and count the numbers of errors and warnings I had. Then he proceeded to get his supervisor on the phone (strangely he sounded like the exact person I had just spoken with) who told me my computer was totally corrupted but that he was on the phone to help. Being the suspicious person I am, I asked him how much it was going to cost me. He said for a nominal fee the problems would be taken care of. After I got done laughing and telling him I would not pay, (my thought: if he was so concerned about me corrupting worldwide systems, he should be giving me the correction info free) he hung up on me! I do notice that I have quite a few errors and warnings. Should I be concerned and if so, how do I get rid of them?

Actually the article you commented on addresses this. The event viewer is a mess, and you need take no action.

Leo
23-Jul-2011
Barry
July 19, 2011 2:46 AM

I had a similar experience to Thomas and Gino yesterday 18th July at about 1600gmt. Initially I was suspicious, but they said they were affiliated to Microsoft and showed me a list of company's from a site called Microsoft service directory. So although still suspicious I complied with there request to enter the event viewer, which was'nt pretty.
They Then tried to sell me something to cure the problems. I declined. We then had a mouse fight to gain control of my computer, I wanted to get to shutdown because my screen had gone mad with mouse arrows all over, and boxes showing my software being deleted!!. the only way was to switch off the mains.
I was frightened to switch back on later, but most
things seem to work ok, some of my homepage icons are missing.
I will investigate more today and let you know the outcome.
p.s. I too have lots of errors and warnings.

Giving them access was unfortunate. Please read this article: I got a call from Microsoft and allowed them access to my computer. What do I do now?

Leo
23-Jul-2011
kre
July 19, 2011 4:19 AM

same guy called me in australia just now - 19-7-11 (local time) Told me my computer was on it's last legs after so many error an warning messages.
Asked me to go to 'run' and insert
"iexplore logmein123.com" hung up, he called back but i didn't answer - strewth he would have inserted a script to log all my keystrokes and clean out my accounts.

Sonam Tenzin
July 20, 2011 1:16 PM

Okay. An indian lady called me, and told me that i had viruses. After listening to their bullshit, i asked her for their website, he ignored me. After being straightup with that woman, she pleaded me to type that shit. I figured it would connect to some malicious site so i didnt. I swear, i want that call again so that i can {removed} them up

Bob
July 22, 2011 2:02 PM

Received call from India, (how unusual!), whilst making coffee Followed instructions and agreed with all directions. When asked to allow access, informed India that my coffee machine does not have microsoft installed. Sort of confused silence, then India hung up. To be honest, it was an interesting 15 minute coffee break.

Fritz
August 1, 2011 1:31 PM

I can confirm the stories above with reference to my case where I was contacted today by a guy from UK. After I stated my suspicions to their request I was referred to their web-site (www.pclivesupport.net). The guy stated they where contacting windows-users to achieve a clean, virus-free net. I.e: same story - same scam. Stay clear.

Moy
August 19, 2011 11:20 AM

I have been having trouble with these fools ever since I got a virus on my computer in 2/2011. I had an extended warranty with Dell so I called them when I got the virus. It turns out that my warranty would only cover hardware, so they passed me off to their tech support who happens to be iyogi in India. I signed up for a 1 yr contract for them to clean off the virus & maintain my computer, big mistake. Ever since then I have been getting calls from Indian folks who claim that my computer has viruses when in fact it is working just fine. iyogi swears that they did not give out my personal info, but I know someone must have given out my info because they have my name & phone #. I get calls from all over the country from people who try to run this same scam & they block their name on the caller ID. Learned a lesson here. From now on, I'm going to use local guys for my computing needs. Bottom line is never ever give them access to your computer & never ever give out personal info. If you didn't call them, you don't need their service. Just hang up & block their # if you have that capability.

tayo
August 31, 2011 8:58 AM

I had some indian sounding guy call me not too long ago, told me my system has been sending them some kind of alarming messages and after about 30 min, making me go through the whole event viewer thing and showing me error messages, he told me it was a miracle my system is still working with over 50000 logged events.
Handed me over to his boss who called himself Kevin when I asked, at the end of the day he wanted me to pay £99 a year for one computer or £150 for multiple pc's. I confirmed my suspicion when I said I'm a student and don't work, then he was asking me to use a credit card instead.
I told him to call me back next week, asked his name and contact, then started my research which led me here.
Now I know how to educate him next time he calls
Many thanks Leo and google aswell.

Arnold S. Migl
August 31, 2011 3:59 PM

I received a call from a man who called himself "Albert" [he had a very deep India-Indian accent]. He gave me a bogus call back number that had 710 area code [at first he refused to give a call back number, until I told him I question his legitimacy]. He was adamant that I do not call him at that number until he was done helping me go through a certain process of showing me that I had an "infected" computer; that he is calling from the Technical Maintenance department of Microsoft and my unit is infected as indicated from their record. This is all I can gather because of his accent. I gave him the benefit of a doubt and I allowed him to guide me up to the point where he instructed me to RUN "eventvwr". This is where I hung up. He immediately tried to call back a few times but I only allowed my answering machine to pick up.

Paul
September 1, 2011 9:38 PM

Just had a call ( 2215 MDT ) from an very impatient East Indian woman that said she was from Microsoft and that she was calling me because my computer was sending infectious emails. Woke me up actually. Stupid me went and turned on computer and she had me open event viewer ( first time I have ever been in there to be honest). Asked me to scroll through one of the pages and tell her if there were any red or yellow icons with warning beside them. There were 57,000+ events and after 3 or 4 seconds she was asking me what I had found. I told her I was still looking and she kept asking. I became impatient with her and told he to just relax and give me a minute. When I found a couple she said "Oh my god, you have more than 3 ?!". I said there were a number of them. Told me to wait till the supervisor came on. Another East Indian chap ( Joe I think) came on and said that he was there to help me. I became a bit suspicious at this time and asked how they got my phone number and who they were. Said he got my name from my URL and that they were with "pc live support" or something like that. I asked what he was selling and he said for me "not to worry he was not selling anything but merely here to help me". I became very suspicious at this point and said that I will have my I.T guy look at it in the morning. He became a bit excited at this time and asked; " Do you trust your I.T. guy? Do You? , if you do why does he not know about the event viewer and all these errors, tell me, why". At this point I think I may have mentioned something derogatory towards him and hung up. Started to think about it a bit more and came back online and found this page. Good scam they have and after reading the above info about the event viewer I am glad that I did finally hang up. They did however, have me for a minute or two. I will still mention it to my I.T. guy and watch him smile at me and shake his head roll his eyes and call me stupid for not hanging up sooner and even opening anything they had me do. Lesson learned.

Bob
September 9, 2011 9:10 AM

Yes had same thing recently but the Indian chap got agitated when I told him "delete" was on the menu-it wasn't. He then put me through to a supervisor who went over same actions to scare me and "fix" my PC.Thanked him for his help then hung up. Did redial but number withheld of course!

ric
September 14, 2011 12:58 AM

over here we run competitions for who can waste the most of their time. "we've blown a fuse" you'll have to wait while I restart my computer" etc

Twalane
September 16, 2011 6:39 AM

I work in the IT field and so I know the basics of computer protection...and so I would be aware if my PC was at risk! and I am instantly suspicious of any suggestions to have remote connections to my computer to run scans and so on. However today I got a call from a 'Thomas J' [with a heavy Indian accent] so that was warning sign no. 1!.. And the fact that they 'tracked' me down somehow when I do not recall any registration with them, and I definitely was not at the address they were calling me at ,when I purchased my PC so I couldn't even have indirectly given out the address; all the flags were up !However I thought I'd follow instruction as far as them proving to me the extent of the 'infection'. I also got as far as eventvwr , which is not an area I have been to I have to say. but none the less.. it was interesting and I saw a bunch of errors but nothing to the extent that he was suggesting [98% infection level] etc. I ended the call (gladly) because I had other matters to attend to.I was obviously not convinced still and wanted to know more about this 'scam'. And so my saviour Google redirected me here, and put me at ease for my paranoia..! Trust NO ONE people! Be paranoid!..Thanks Leo.

Angela
September 16, 2011 2:05 PM

I had a similar call today as well, from Andrew with a heavy Indian accent. This is a very convincing scam, except when I tried to ask a question and got transferred to a new person in each instance. I allowed him to guide me to the event viewer but as soon as he directed my to the remote control website and ended the call. He did give me a company name called "24x7" (you would think they can come up with something more realistic, and a 1-888 number.) Do not trust them!

Chris
September 22, 2011 11:11 AM

Yeah I've got a few calls from these folks.

Here's one of their websites http://hpserve.webs.com/aboutus.htm You can call them at {phone number removed} if you want to harass them a bit.

I usually try to waste a good chunk of their time while giving slightly vague encouragement.

Carole
September 28, 2011 9:19 AM

I also got a call today telling me about a risk to my computer. Instantly suspicious, but gave benefit of the doubt. He wanted me to turn on my computer, but I said I was going out and did not have time, and said I would take down details and do it myself later. That was not what they wanted to hear, so I thanked them and said goodbye. Was paranoid about logging on, and I waited for an hour or so. Strangely enough, the computer did not start properly. Black screen with several options came up (start manually). Clicked 'enter' and it started normally. Am sceptical that this is a coincidence. Then when I go to my Google Page the 'page is running a script which may affect your computer' comes up. Is this really a scam, and what do they get out of it?

Gordon MacGillvray
September 29, 2011 8:35 AM

Yo Leo! I gotta admit, I'm in over my head with a lot of your articles but you have helped me out more than once with your info. Just wanted to throw a thanks at ya(and maybe 'nother beer or 2 soon)..........See Ya!!

Cynthia
November 3, 2011 8:51 AM

Today, I got a call from a female (with accent) stating that they were receiving errors from my computer and would like to help me resolve them. I was relunctant but turned on my computer. By the way I had not been on the computer in about 5 days or so. I played along for a few minutes. Logged on, typed in the eventvwr, asked what site was this, she wanted me to open and then she would explain, said they were calling others in USA, light blub went off, I refused, asked her to call me back in 2 days, stated I needed time to research this site.
What are they after?

Your money or your credit card information. Eventually they try to get you to purchase something.
Leo
03-Nov-2011

Shannon
November 21, 2011 11:46 AM

I just wanted to thank you for this valuable info. I'm an older gal, and after reading your article and all the comments from everyone else, I feel confident that there is nothing wrong with my computer. You just saved me $129. money I did not even have. Thank You.

Larisa
November 25, 2011 5:35 PM

This guy calls our home today saying he is calling for Microsoft... he did the same routine of telling me that Microsoft is receiving errors from our computer and that it will crash if we don't get it fixed. I played along and he had me pull up the event viewer to see all the errors in the Application folder and the System folder. I asked him the name of his company - Xion Technology. I simultaneously did a quick online search and found the scam warnings. Anyway, guy had an accent, points out no warranty on my software, blah blah blah. I told him I'd run the info by my Computer Tech - asked for a phone number, etc. He got a little nervous and will call back in a week. Anyway, these guys are making their west coast sweep I guess... bunch of bull. I was glad to see Leo's article - next time I'll search his site first!

Gwyn
November 30, 2011 4:38 PM

Some of the comments at the end of this article seem to be out of place. They would seem to indicate that they were referring to your excellent article about the Microsoft scam entitled something like "I got a call from Microsoft..." Am I right?

Connie
November 30, 2011 10:42 PM

@Gwyn
One of these scams involves having people look at their event viewer. If they do a Google search they find this article and leave comments. So it makes sense that comments are on this article also. Looks like it's helped a lot of folks avoid the scam!

Lili
December 27, 2011 5:14 PM

I kept getting calls from a WA number throughout the day. I finally decided to answer the phone and it was a guy saying he was from Xion technologies and they were receiving messages from my computer. I was passed back and forth between him and his female "tech". I did open up my event viewer as they said. I even looked up the company's website. I asked if I could go to a place to have this done and they said no it had to be done online. Definitely suspicious to me. However, I told them to call back later as I was busy. Now that I know, I'm going to tell them to stop calling when they call back. I gave no credit card info or computer info to them. Just opened the event viewer and they obviously know the number I connect to the internet with. I've fallen for one of these before and now I'm stressed over using my computer for banking needs. Please tell me they cannot get into my computer without me going to a specific website and entering info?!

Mark J
December 28, 2011 2:23 AM

@Lili
Just opening the event viewer while talking to them on the phone won't give them access to your computer. That's why they are asking you for access. The only way for them to gain access to your computer is by you giving it to them by installing a program on your computer or logging their website.
As an extra precaution, I'd run a couple of antimalware programs like Malwarebytes Antimalware and Spybot Search and Destroy.
Spyware: How do I remove and avoid spyware?

Carol K
January 5, 2012 8:29 PM

All right; this is all new to me. I asked the question "Why do computers and/or games freeze?" As you can imagine, I got a whole page of things to look at, one including a reference to the Event Viewer and Event Log (which I had never heard of, let alone knew that it existed). After following the instructions I opened my event viewer and saw the event log. I am not computer savvy. It was all too confusing. It did concern me however, the amount of "ERRORS" that were there. Then I read something about clearing the event log. This would suit me fine if I knew it was going to remove all these errors. I am worried though that doing so might hurt my computer. Can you help me with this in any way? My computer is about 5 or 6 years old and I use Windows XP, 32 bit if that helps at all. Thank you in advance for any help you may be able to provide. I read your article on the event viewer, but it didn't seem to answer my question.

Mark J
January 6, 2012 1:24 AM

@Carol
As the article states "Don't panic when you see lots of warnings or errors; as I said, even a functioning computer will have those"

Clearing the event log will neither fix your errors nor harm your computer.It will simply clear out a textfile which keeps a record of the Event Viewer errors, so it is generally safe to clear.

Laura
March 5, 2012 8:57 AM

Is there a "bad" number for your system's events. I was also falling into the trap of one of the Microsoft scams, but i ended the call before ever giving him information. However, I had never looked at my event viewer before and after that scam call, it got me wondering.... And after reading your article, I am thinking I should be caring a bit more over this number. I have had this computer for more than 3 years and I apparently have over 55,000 events... that seems quite bad. But my computer runs fine enough for me on a daily basis. What do you think?

The event viewer is a mess. Particularly if your computer is working well I wouldn't worry at all about what's in event viewer.
Leo
06-Mar-2012
Glen B
March 13, 2012 11:48 AM

Hi I have noticed my screen goes off just before login which never happened before I used event view to maybe see if I could get help.

http://imageshack.us/f/703/0001dm.png/

It says about a app slowing pc down any help would be excellent.
Thanks

Robert
March 30, 2012 8:10 PM

Phone call claiming to be from Esoving Global Software asking me to go to "eventvwr" and click ok. I told him that I would contact a PC friend and authenticate his request before I did anything. He claimed his return ph.# was {removed}. Name {removed}. He got nothing.

Kat
May 10, 2012 12:03 PM

I just had a Microsoft scam call about the event viewer. Some company claiming to be local in my area (but with a blocked number) tried to sell me a software warranty based on the items in my event viewer. They have been calling for weeks but I finally picked up today when I saw the number. I asked what they were trying to sell so aggressively since they called so much. The guy claimed he wasn't trying to sell me anything but wanted to help me see errors in my computer which is about to crash. It was all suppose to alarm me, I guess, since there are a lot of error logs and warnings. I had to force him to give me the company web address and saw on whois lookup that it's a company out of India and the website was just created in November 2011. I told him that I admired his persistence but was annoyed with him wasting my time and that he had better not call this number ever again.

patricia ware
May 30, 2012 9:04 AM

i gave the guy my information, is this a bad thing. he had remote comtrol of my computer; i turned it off will this stop the remote on their end?

Yes, it's a bad thing. He may have placed malware on your machine that could, indeed, include ongoing remote access. At a minimum I would run up-to-date anti-malware scans asap.
Leo
30-May-2012

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.