Jump to content

maxum02062

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Mornin Advanced Setup Thx for the reply as I appreciate the help ! Yes this is a pc for cameras and monitoring a small network We run very few programs on here only if we need them ( remote access via RDP ) and this is not a utility type of computer ! Thx for pointing out the hardware issues as I did not discover these prior until I pulled the info for this event as I will be working on those later on tonight and tomorrow ! As a very small network I was surprised to see a computer with the same name also which set off a concern ! I will be locking this down as much as possible as We are securing the network as we speak as well ! Already added a ton of lines to the firewall / private vlans etc. As for what occurred : I saw some uploads which made no sense in that I see a lot of bandwidth and am tracking the IP Addresses now - One concern was that I saw a windows sharing icon in the file explorer windows network pane that showed another computer on the network ( Windows Office Sharing was the icon with the computer name ) . I do not need office on this pc so I removed it and the icon disappeared also ( Took off possible causes ) What is the actual intent, idea, purpose of this computer? Is it purely to manage a remote camera or bank of cameras? Or is it dual purpose tying to use it for other things? Gaming Computers have fast video which fits for this set up as we run the cameras off of this pc and it works perfectly well ! We use this as an onsite PC for a few things as we manage the network with this pc but mostly as a Camera network pc with no access to others ( Stand Alone ) and it actually works quite well ! This PC runs a blue iris application with approx 12 cameras . All other devices on this network with the exception of 2 other pc's are wireless and on a public wifi segment separated by private vlans The type of work you're looking to do is more forensic analysis which typically requires dedicated analysis beyond the scope we offer here for free. I can help you review some things and if needed install some monitoring software but it is highly unlikely due to an infection. Very much appreciate the help ! If I have to pay for services I have no issue with that as I thought I would start here to see if anyone ever had these types of events ! I will prob open a ticket with Malwarebyes and see what they say as I have run the standard stuff - logs traces etc. I had an issue a few years ago and they were fantastic in helping out getting to root cause ! Thx again for the replies and help ! Regards Rich
  2. Good Morning As per instructions here are the 2 files requested On a separate note I see you mentioned 3 files but the directions only mention 2 Is there something that I missed ? Thank You
  3. Good Morning As per instructions here are the 2 files requested Thank You WGC-Addition.txt WGC-FRST.txt
  4. Good Morning Any help would be greatly appreciated and apologies for the long email !!! A computer that We have at a remote site runs camera software - stand alone pc listed below running Windows 11 Pro with a camera app Blue Iris and 12 cameras running fine Nop other apps softweare etc. except for malwarebytes ( before only Norton 360 ) Apologies for all over the place below but trying to give the most info as this is something that I am attempting to find/understand/review as a potential serious issue to our place ! How can I tell if an intruder is in this pc ? Strange uploads and certain standout parameters that do not make sense like these drives mapped and a share icoan to a restricted PC but it disappears after reviewing Everytime I review the logs I find uploads but I do NOT have an IP Address as I need to run a wireshark etc. Without sharing IP Addresses etc., This snapshot shows excessive uploads at random hours during the night , albeit Microsoft uploads etc. that can be understood , The router shows a lot of activity with MS Office so I removed it just now . One item that is a serious concern was that a pc was showing up in my network shares ( windows image below it seems to be gone now also) which I would not ever map to but I clicked on it but was unable to get to the pc ! There are other devices listed under the 7 total but I have no idea why they show up now as they never did prior as they show redirected also ! Attempting to track this down now ! Sometimes typical concerns like mouse acting strange moving or NOT able to move around the desktop, apps shutting down mysteriously , uploads that cannot be explained Peplink SOHO router firewall enabled Been searching for a while checking IP Addresses thru the router but none show up as a concern that I can find ( very few as it is locked down also ) Ran all sorts of so called products to no avail as everyone claimed they could help I had Malwarebytes originally , removed Norton and re installed Malwarebytes in the hopes THAT may help as well as I have been a Malwarebytes user for many years ! Would anybody have a sec to take a quick review and if I am losing it tell me ? Thank You Folks as I am at the end here attempting to resolve! After logging in this am it looks like there are network drives set up but I never set this up ! I ran Norton first , then another program , removed Norton and re installed Malwarebytes but I am unable to find anything OS Name Microsoft Windows 11 Pro Version 10.0.22000 Build 22000 Other OS Description Not Available OS Manufacturer Microsoft Corporation System Name WGCMAIN System Manufacturer LENOVO System Model 90RB001DUS System Type x64-based PC System SKU LENOVO_MT_90RB_BU_Lenovo_FM_Legion T5 26AMR5 Processor AMD Ryzen 7 5700G with Radeon Graphics, 3801 Mhz, 8 Core(s), 16 Logical Processor(s) BIOS Version/Date LENOVO O4MKT20A, 7/20/2021 SMBIOS Version 3.3 Embedded Controller Version 1.30 BIOS Mode UEFI BaseBoard Manufacturer LENOVO BaseBoard Product 3716 BaseBoard Version SDK0J40709 WIN 3259725423818 Platform Role Desktop Secure Boot State On PCR7 Configuration Elevation Required to View Windows Directory C:\WINDOWS System Directory C:\WINDOWS\system32 Boot Device \Device\HarddiskVolume3 Locale United States Hardware Abstraction Layer Version = "10.0.22000.778" User Name Not Available Time Zone Eastern Standard Time Installed Physical Memory (RAM) 16.0 GB Total Physical Memory 15.8 GB Available Physical Memory 3.58 GB Total Virtual Memory 20.2 GB Available Virtual Memory 3.22 GB Page File Space 4.33 GB Page File C:\pagefile.sys Kernel DMA Protection Off Virtualization-based security Running Virtualization-based security Required Security Properties Virtualization-based security Available Security Properties Base Virtualization Support, Secure Boot, DMA Protection, UEFI Code Readonly, SMM Security Mitigations 1.0, Mode Based Execution Control Virtualization-based security Services Configured Hypervisor enforced Code Integrity Virtualization-based security Services Running Hypervisor enforced Code Integrity Windows Defender Application Control policy Enforced Windows Defender Application Control user mode policy Off Device Encryption Support Reasons for failed automatic device encryption: Un-allowed DMA capable bus/device(s) detected, Hardware Security Test Interface failed and device is not Modern Standby A hypervisor has been detected. Features required for Hyper-V will not be displayed.
  5. Greetings Everyone ! I have a windows 10 Pro machine that IU run a 3cx sip based Telephone system on . I ran Malwarebytes adware cleaner this am and now my phone system stopped working as the devices will not register on my PC ! I checked the logs but could not find anything that would have interfered or stopped this application from running . I went back in and reviewed the Malwarebytes Premium running also but nothing states that it performed any service against a 3CX application . What I found was that somehow ALL of my 3CX Processes were shut down . I have no idea how this occurred but Malwarebytes adware cleaner was the only thing that ran as it found some PUP's and displayed them but nothing on my 3CX app . Hope someone in the future if they ever have an issue can read this ! Maybe some other app running my have a similar issue !
  6. Thx for the help ! I have a few traces that captured the download to Akamai but I am not sure of what is running as I have checked just about eve3rything I can think of , add remove , processes services and more . Help about this is sketchy as it is acknowledged as an issue to some but no solution on how to stop it . I'll start there and download TCPView
  7. Good Morning and Thank You for the answers ! The scanner came back negative and nothing was found . I downloaded a copy of the scanner report I also removed Bonjour per your recommendation and thx for the tip . That said , I will continue to search on why I am downloading to different iup addresses like Akamai etc. Looks like all is well for now and I'll post if and when I can find a solution for the ip addresses etc. Thank You again Regards Rich OnlineScannerLog.txt
  8. OK Had some time today to finish up the scan etc. Files are posted Note that I added in reports form last week when I performed the first scan and found the origianl problems ! Thx Addition.txtFRST.txty t9AM April 28 report.txt11AM#2 April 22.txt11AM April22.txt AdwCleaner[C00].txt
  9. Good Morning Per your instructions , I am running my scans Adware cleaner etc. and will be completed ion an hour or so . But I came across something very strange . My resource monitor is showing network traffic to multiple sites ( See screen shot ) I am amazed at how many chrome sites have IP Addresses or domain names showing downloading etc. This machine is running a 3CX telephone system hence 3cx networking etc. Any idea as to how to stop these ? Looking around now for info to see if I can find out whats going on and how to stop these as well
  10. Hello and Thank You for the follow up ! Got very busy today but will complete this task in the am as I have been working on other issues for my Cusotmers Apologies and Thx for the follow up !
  11. Good Morning Thx for reaching out ! I will get on this asap on Monday as I will be busy the weekend . I appreciate you answering as this is driving me nuts . I ran a complete Malwarebytes custom scan twice this week as it took for both C D and K drives over 7 hours to complete . I let it run overnight but the quick scan set to run at 2 AM stopped the complete scan I thinnk it completed but not sure so I will run it again today or Tomorrow whereby I can see it complete .. I was amazed that it took so long as the quick scan takes about 15 minutes ? , somewhere around that time frame . I will follow your instructions and reply back when complete . Again Thank You for the reply ! Regards Rich
  12. Hi Folks Reaching out to see if I could get some assistance trying to trace out this issue as it is driving me crazy ! Below is an email I sent to Microsoft abuse in re to finding IP Addresses downloading off my Pro 10 pc ! I have researched off the web and found one issue with Akamai but I don't know how to resolve it whether it is a program or some sort of virus / malicious code etc. I have moved my critical data over to an external drive in order to keep an eye on My Data and away from my pc . Scanned yesterday and found some viruses listed below : https://blog.malwarebytes.com/detections/malware-heuristic/ ( parser_REV80B3.RAR ) I removed quite a few of these off my external drive as I was shocked as I run scans almost every day as I have been shutting my external down a lot and yesterday did a HUGE all day scan and found 22 of these parser_REV80B3.RAR downloads on it ! Due to isolating this external drive , I did not do any scans recently due to being protected ( Or I thought so ) Are there any tools that I could use to further check ? I did a re install about 6 months ago and thought with Malwarebytes I would be ok but not sure how these got on here ! Any help would be greatly appreciated as I see my network trace fill up with traffic being sent out ! I also have another trace with much more detail in it as well . Letter to Microsoft abuse email and awaiting reply : Good Morning , After having issues on my pc , I performed a network trace and found Microsoft downloading info off my pc ! IP Addresses : Microsoft Azure 13.64.90.137 Microsoft Azure 52.179.224.221 Akamai 104.73.8.115 VERY Concerned that someone is downloading info via these IP Addresses belonging to Microsoft ! Trace if the event included – Too large to post – 75.6 meg pls give a site to download if you need to review as I would be happy to share !! Could You please tell me why this is occurring as I have no services for Microsoft Akamai or any other cloud services depending on Microsoft Akamai or any other platform . A TLS session opened and numerous packets downloading to the above IP Addrress known as Azure and Akamai Not knowing what exactly is downloaded , the trace shows a tls session Hello starting ( 52.179.224.221 ) then proceeds to download to the above mentioned addresses clearly showing Microsoft and Akamai ! Why is this occurring ? I have a network trace but It is too large tio send as it is not able to email ! 75.5 meg … No one should be downloading without my permission especially Microsoft or Akamai as are you downloading all of my personal information ? This concerns me very much to think Microsoft is using this data without my permission !! I await a reply ! Internet issues.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.