Jump to content

Ferahcity

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. msert.logeset online scanner 1-15-22.txtI ran it again and the microsoft scanner. Here is both logs.
  2. I ran that scan and it didn't find anything log.txt
  3. Fixlog.txtHi, I've uploaded the fix log. I know what RDP is, and how they are trying to gain access through the NVIDIA Game streaming service which has since been patched. My main concern is i changed my public IP and I was hit again? If my computer is clean, how did they get my new address instantly without something from within my network reaching out? My only guess is there is a group or individual that are port scanning know IP ranges from my ISP and since I had UPNP for the ports in question, it was forwarded to my computer. I've since removed the UPNP as I'm not using that service right now anyway. But other than that guess, I have to assume there is a beacon or service I'm using which provides the attacker my IP.
  4. As well, here are the last 10 entries in malwarebytes. RTP 3.txt RTP 4.txt RTP 5.txt RTP 6.txt RTP 7.txt RTP 8.txt RTP 9.txt RTP 10.txt RTP 1.txt RTP 2.txt
  5. Attached are the requested files. Addition.txt FRST.txt
  6. Hi, I recently setup a windows PPTP VPN for use while I'm away, created a new user with a secure password for authentication. After returning I started to get RTP inbound requests that Malwarebytes blocked and informed me of. Some of them are the category Compromised and others are Exploit. Some are the port 1723. Others are a common port used with NVIDIA game streaming. No worries, all inbound and scans come up clean. So I remove the port forward for the VPN and delete the connection from Windows. Then I release renew on my router to get a new public IP thinking that they'd have no way to attempt an exploit on me once I have a new address. But I just had another attempt at nvcontainer.exe. The requests have dramatically slowed from daily up to Jan 1st, then I didn't have any until the 12th after I changed the public IP. I'm concerned as to how they discovered the new IP was the same target. As well, I'm concerned with how they target specifically my local IP out of all the devices in my network. All my scans are clean so I'm not sure what to do or where to look. I really thought a new IP would do it. I'm not at home right now but if you tell what you need I'll take care of it ASAP.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.