Hey all,
I have a Arris TG3482G Router from Comcast (I know, awful) connected to an gigabit ethernet port (TP Link TL-SG105) that connects to my PC and various gaming devices (PS4, Raspberry Pi, XBOX360).
I recently went into my router's settings, and noticed a completely different SSID/Password than the one I setup as well as a ton of unauthorized devices. I went onto a separate computer (NOT on my network, that has never touched my network) and changed all my passwords on my ISP's site just to be sure.
Then, I was able to get in there, change the WiFi name/password through there, and indefinitely paused the unauthorized devices connected to my Wi-Fi, via the ISP's gateway, as well as blocking the MAC addresses I found via the WiFiWatcher application I have on my PC.
I still can see the Wi-Fi name and password I setup on Comcast's page and connect; but in the router's Wi-Fi settings page, there is still the completely different SSID. Additionally, I factory reset my router (password for the router and ANOTHER new SSID I setup) and within minutes, it goes back to the completely different SSID and the same password on the routers' "Private Wi-Fi Setup" page. I was thankfully able to disable that name/login and I don't see it or the devices (they share a name) on my network running. I also disabled WPS and set the Firewall Security Level to High.
I ran a full malware scan and was unable to find anything malicious; additionally, I have multi-factor authentication on all of my important sites I use, and have not ran across anyone trying to get into any of my important accounts (i.e. I still have my BTC haha).
But obviously someone did something to either the router or did something on a program which Malware Bytes/other software can't find. Can anyone help? FRST attached.
FRST Router SSID.txt