Jump to content

Search the Community

Showing results for tags 'Router'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 11 results

  1. Hey all, I have a Arris TG3482G Router from Comcast (I know, awful) connected to an gigabit ethernet port (TP Link TL-SG105) that connects to my PC and various gaming devices (PS4, Raspberry Pi, XBOX360). I recently went into my router's settings, and noticed a completely different SSID/Password than the one I setup as well as a ton of unauthorized devices. I went onto a separate computer (NOT on my network, that has never touched my network) and changed all my passwords on my ISP's site just to be sure. Then, I was able to get in there, change the WiFi name/password through there, and indefinitely paused the unauthorized devices connected to my Wi-Fi, via the ISP's gateway, as well as blocking the MAC addresses I found via the WiFiWatcher application I have on my PC. I still can see the Wi-Fi name and password I setup on Comcast's page and connect; but in the router's Wi-Fi settings page, there is still the completely different SSID. Additionally, I factory reset my router (password for the router and ANOTHER new SSID I setup) and within minutes, it goes back to the completely different SSID and the same password on the routers' "Private Wi-Fi Setup" page. I was thankfully able to disable that name/login and I don't see it or the devices (they share a name) on my network running. I also disabled WPS and set the Firewall Security Level to High. I ran a full malware scan and was unable to find anything malicious; additionally, I have multi-factor authentication on all of my important sites I use, and have not ran across anyone trying to get into any of my important accounts (i.e. I still have my BTC haha). But obviously someone did something to either the router or did something on a program which Malware Bytes/other software can't find. Can anyone help? FRST attached. FRST Router SSID.txt
  2. Hello, I recently had a pop-up appear while browsing that requested my login credentials to my browser (192.168.xxx). The curious thing is that the pop-up was a carbon copy of my router's administrator login page, right down to the make and model number and color scheme. Everything was the same, except for the site address, which belonged to "pix1.payswithservers", and was attached with "Main_Login.asp" at the end (I use an Asus router). Googling this did not yield many results. I ran multiple AVs including Malwarebytes, all of which came back negative. My router firmware has been up to date. DNS settings for my router were unchanged (automatic), and remote management via WAN was turned off. I've encountered pop-ups before, all of which were more or less similar. This pop-up however was different because of the aforementioned details. Have malicious pop-ups been known to phish for login credentials to routers? And so specifically at that. I asked around and it seems router make / model information is available to the public, though these particular pop-ups don't seem to be typical (I have been unable to find anyone with a case similar to mine). Any help would be much appreciated.
  3. Recently moved, got setup with fibre broadband in January. Was given an older model, two months went by fine then the internet connection on both laptops in my house began randomly dropping throughout the day. ISP said there's nothing causing it on their end and it might be a problem with the modem, so they replaced it with a newer model. One laptops Wi-Fi problem was now fixed, but the other laptop (Acer Aspire E5-571, Windows 10, other details attached in pictures below) is still occasionally dropping internet connection. I believe it is the laptop that is causing the problem because my other laptop doesn't disconnect when the Acer laptop does and all of the router settings have been checked by the ISP to make sure it's not the modem (i.e best channel selected, WLAN driver is compatible etc.) I've tried multiple suggestions such as turning off power management on the driver, changing battery power settings to maximum performance, flushing dns, updating and reinstalling WLAN driver but its still happening. On both my laptops, Malwarebytes (Pro) occasionally causes 100% disk usage (Is there a fix for that?). May it have something to do with that or are there any other known issues with Malwarebytes that causes random Wi-Fi DC's. If you have any other suggestions as to what I can try to fix this that would be great. tl;dr: Laptop occassionally disconnects from Wi-Fi. ISP said its not the modem, and there might be some setting or an antivirus triggering it to DC. Any tips?
  4. Hey everyone, I am scratching my head with an issue that sure seems like malware or a virus but I have been unable to root it out. My two big issues are connecting to secure sites and weird logs from my router. Virus and Malware scans are coming up clean however Hijack this has a number of entries I am unure about; several of them say file missing and I do not know if I am safe to have HijackThis clean them. There are also a couple of Winsock entries that look odd (red font in the log). The main symptom is network connectivity - my overall connection seems sluggish. Not only that, any HTTPS site I try to go to has about a low chance of actually coming up (less than 50%). The browser will get stuck trying to establish the secure connection. Both IE and Chrome have the same issue. IE says the page can't be displayed and Chrome returns a grey "webpage is not available" screen saying Err_Timed_Out. The other issue is strange traffic in my router logs both coming into my PC and going out from it. The router is labeling them as DoS Attacks (SYN Flood) and the are going from my CPU to random IP's and ports or they are coming from random IP's to my PC pinging random ports. Just looking at the last 15 minutes of data from the log there are nearly 100 records like these: Description Count Last Occurrence Target Source [DoS attack: SYN Flood] from 192.168.0.23, port 51933 1 Sun Jul 19 13:29:48 2015 72.251.229.242:80 192.168.0.23:51933 [DoS attack: SYN Flood] from 108.168.240.194, port 80 1 Sun Jul 19 13:27:59 2015 192.168.0.23:51538 108.168.240.194:80 These issues seem to persist even when I have booted into safe mode and/or disabled all startup processes. So far, I've run a full scan with MBAM, Microsoft Security Essentials, Adaware Antivirus, Bitdefender Free, Panda AV, SpyBot, Super Anti Spyware, and AdwCleaner. Everything appears clean, but AdwCleaner constantly comes up these two issues under the registry portion. AdwCleaner has "fixed" them but they keep showing up: Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Key Found : HKCU\Software\AppDataLow\Software\adawarebp I checked the LAN settings under Internet Options and verified that the proxy settings are blank and that use a proxy is not checked. I have run the scans in both Safe Mode and regular boot. So far I have had no luck resolving the issue. Can anyone help me isolate this issue? HijackThis log is below: I have been working on this for days now with little success so any help or suggestions would be greatly appreciated. Thanks so much in advance! Logfile of Trend Micro HijackThis v2.0.5Scan saved at 2:36:48 PM, on 7/19/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17910) Boot mode: Normal Running processes:C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exeC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502Helper.exeC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exeC:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exeC:\Users\Elader\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exeC:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exeC:\Users\Elader\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Users\Elader\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121213224828.dll (file missing)O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dllO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dllO4 - HKLM\..\Run: [steelSeries World of Warcraft MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe"O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"O4 - HKLM\..\Run: [Kraken0502Launcher] C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502Helper.exe /startO4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimizedO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunO4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTrayO4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Elader\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /cO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - Startup: Dropbox.lnk = Elader\AppData\Roaming\Dropbox\bin\Dropbox.exeO4 - Global Startup: NETGEAR WNDA3100v3 Genie.lnk = C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXEO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cabO16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} (Cisco SSL VPN Relay Loader) - https://pit.infocision.biz/+CSCOL+/csvrloader32.cabO16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} (Cisco AnyConnect Secure Mobility Client Web Control) - https://pit.infocision.biz/CACHE/stc/1/binaries/vpnweb.cabO16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - https://ra.infocision.biz/CACHE/sdesktop/install/binaries/instweb.cabO16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} (CISCO Portforwarder Control) - https://ra.infocision.biz/+CSCOL+/cscopf.cabO16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} (CISCO Portforwarder Control) - https://pit.infocision.biz/+CSCOL+/cscopf.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} (CSD ActiveX Installer) - https://ra.infocision.biz/CACHE/sdesktop/install/binaries/instweb.cabO20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXEO23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exeO23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeO23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: SpyHunter 4 Service - Unknown owner - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeO23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
  5. Please pardon that I have written out this detailed question. I hope I have picked the proper forum. First the basic story and context: Win Xp Sp3, Comodo Internet Security 8.xx, ATT Uverse, 2Wire 3800hgv-b gateway It is extremely rare that I get malware, however, Thursday I had a unique, never happened before intrusion. As I installed and launched Hard Drive Inspector Pro, an offering from Giveawayoftheday.com, who I've used for years with no problem, every device connected to my gateway was attacked at the same time. Comodo Internet Security Popped up alerts on three Windows systems, one Win 7, two Xp Sp3, and an Android tablet. Then quicker than I could respond to any, Comodo was defeated and the Windows systems spontaneously rebooted (though not the Android). In the past that has always meant a need to reinstall everything, due to deep infection. My connected devices are not on a LAN and do not talk to each other through the gateway, each only individually to the internet, so the malware was clever enough to find the router, cut through it and address itself to the active devices. As far as I can figure, I'm the only one hit with this. Nothing is popping up on GOTD's discussion pages or forums. I can clean my devices by restoring backup images. I did run Malwarebytes on the starting point machine, and it found some stuff, but I'm not convinced it is what I'm looking for. And there could be bios infection, but I'm guessing not at this point. What I am concerned about is that the router itself might now be infected. That's the question. So I googled around, a lot, and there's confirmation that routers can get infected, and it usually re-routes DNS, but no clear instruction how to fix it, with the following exception below. On bleepingcomputer.com I found the following brief discussion with a similar situation: --- ht*****w*w.bleepingcomputer.com/forums/t/530081/can-routers-become-infected/ Posted in April 2014. Q: "I am using windows 7 and am using a 2WIRE router from Bell to access the internet....( I snip out a little here) ....My question is, can a router become infected? Is it possible it was infected from the earlier virus and is trying to re-infect the computer. Is it possible to run a scan of a router?" A: "Yes indeed it can! I had a similar situation a few years ago. Every time I cleaned out a piece of malware, it came right back. I even did a complete hard drive wipe and re-installed my OS only to find I had the same results. I found that if I rebooted the router, (put a pin in the hole with the button on the side of the router and hold it in for a few minutes), it totally reset the router. I then reset my password and codes. I've never had the problem return. " --- So, some other guy has had a similar problem last year. My gateway is older than that. So his router and mine could be the same or closely related. But, there's a difference in my case with the re-boot. What's the point of attacking my systems in that manner if the only goal is to re-route traffic via false DNS? So I want to scrub any rom hiding places in the router to prevent re-infection. I'm seeking more precise info and proceedures for my gateway than in the case above where the only resort is pressing the reset buttion. I want to know every rom is wiped, if I can. The malware passed obviously through the gateway, and defeated whatever barriers might have existed there before moving on to my systems, so it is smart enough to leave backups hiding somewhere. So, it comes down to this. I want to know: 1. can I scan the router for malware, and how I would do that? Does someone have a tool for that? or 2. what do I do to clean it if I cannot scan it, so that I can know and be sure that it is truly clean. 3. And, before I press that reset button, which will restore the router to factory defaults, what ramifications might that have? Will I be giving myself more problems? And will it really wipe any roms where stuff might be hiding? Will doing that make sure that any potential malware is gone. In this case I believe I really have to do more than just reset the DNS entries. 4. Also I want to know if there is a proceedure that would force a re-install of the firmware of the router, and would that wipe any data roms. Most gateways have a proceedure for this in their web browser interface, but mine does not seem to. 5. I've only found the guy above with a story like mine. Is this kind of situation really that rare? Or how frequently does this happen? ATT has been particularly not forthcoming in discussing this. Common sense says such proceedures have to exist, but they seem to require proprietary knowledge which I am having a hard time getting. Any help/proceedures/caveats are deeply appreciated. Please also help me by not offering "reasonable" guesses, speculations, criticisms and the like because that just puts me back where I am now. Again, I am truly grateful for any help. Thanks for reading such a long post.
  6. Hello, Good Day. As the title says, my router-modem (Cisco DCP 2320) disconnects then reconnects itself every time someone tries to connect through Wifi, but if I turn off my access point, and connect only my Desktop Computer through a line, it seems fine. Tried changing channels but the problem still persist, the router was new and was only installed today, it was working fine early in the day but got the problems around evening time... Thanks..
  7. I need some help to figure out what's going on with my computer. I keep losing internet connection. I work in a network with 5 computers more and my computer is the only one in which internet doesn't work. The router works fine, my phone is internet based and works fine, so I believe there is something wrong with my computer . The troubleshooting is not able to detect any internet problem. Finally I restored the system two days ago and now internet works perfectly. Can anyone give me a hand with this problem? Thanks!
  8. Thanks for a moment of your time. I am in desperate need of your help. Desperate because my computer, a 64 bit Windows Home Premium OS, HP Pavillion has been made a client machine on an unknown network admin's domain. I have done a couple years worth of investigation...learning a lot as I proceed. And I have narrowed the Hack to the exploitation of my WIRED router-in this case a Netgear WNR1000v2, but the brand is irrelevant-using a script I found that contains a reference to a program called Dnsmasq and something called MICROSOFT WINDOWS RALLY PROGRAM among others which I will include at the bottom of this text. On Netgear utility app called Genie [which denies me permission to Wireless, ReadyShare and parental controls] I try to enter a password that control,using I get a message that says " The server 192.168.0.1 at WebAdmin request a password which is not the standard PW or the one I created.. I logged on today using an ethernet cable from modem directly to my pc, but the the Netgear router [unplugged and disconnected] app called Genie indicates that I am passing through the router????????? I have lost control of my computer and have not yet been able to regain it due to a lack of knowledge regarding this open code written by someone else. Please help me understand how to remove this control from my PC. I would be so very grateful. . I tried to attach the wordpad doc that I copied from the Notepad Script but was unsuccesful. Contains many references to unknown programs. So here are some selected keywords: Binary or Source code */...bpalogin.sourceforge.net bridge.sourceforge.net/....busybox-1.4.2...dnsmasq-2.39...iptables-1.3.5 http://www.microsoft...iupnpd-20070127... ftp://ftp.samba.org/.......udhcp-0.9.8 wireless-tools-29.pre1...datalib...detcable..dni-ripd...dns-ipupdate...Oray...detwan...led-control...net-util...radvd...telnetenable...[ap91-hostapd]... hostapd...Atheros...BSD/GPL...ap91-madwifi-11n-scripts]... madwifi... wlanlog...ap91-wpatalk]...hostapd...Kernel Modules...Linux-2.6.15... ag7240-enet ag7240-gpio...ipv6-cone...netfilter...dnirtsp...ftp alg...pptp drv...netgear-rejec...urlblock....ap91-madwifi-11n.
  9. Hello I know your all busy so I'll keep this as short and as easy to read as possible. I have a rootkit that's been here for a while. I've been keylogged, monitored, lost admin rights had the bsod so I physically replaced the ram, wiped my hdd several times, gone into bios and flashed from there antivirus has stopped before finish, reads infection as clean and can't update, new anti virus doesn't pick up anything, virus is written to mbr windows can't pick up, worms itself through drivers and replaced gfx card, I have a tv and stb that I can't connect yet to the Internet because when I purchased a new laptop as soon as I connected the wifi the laptop got infected I read this can be done with dns changer as the dns dlds new malware even to clean pc's. I don't have dns changer but the dns being hijacked would do the same thing. I've used Gmer, FixTDSS, ewido, mbrscan, kaspersky, avg, mse, rootbuster, roguekiller, tdsskiller and more nothing will pick up. Based on my firewall I think there is a hidden network when I connect and l want to know what programs are the best for finding out anything hiding behind or configuring the router. When I check ipconfig it says the dns is 10.1.1.1 but wouldn't it just be the dns from the isp? No rogue dns can be displayed but all symptoms of an infected dns is there. I get skidded web sites, kiddie scripts, blocked or denial of service. I have changed my ISP account but it's like the router is still configured to be under attack because the adsl light wasn't solid before I even connect the pc to try the new account. Could it be access to the phone line alone? I know my calls have been listened in on or disconnected. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-01 19:50:13 ----------------------------- 19:50:13.761 OS Version: Windows 6.1.7601 Service Pack 1 19:50:13.761 Number of processors: 1 586 0xD06 19:50:13.761 ComputerName: ALAN-LAPTOP UserName: Alan 19:50:26.995 Initialize success 19:50:33.737 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 19:50:33.737 Disk 0 Vendor: SAMSUNG_HM121HC LS100-10 Size: 114473MB BusType: 3 19:50:33.757 Disk 0 MBR read successfully 19:50:33.757 Disk 0 MBR scan 19:50:33.767 Disk 0 Windows 7 default MBR code 19:50:33.777 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114471 MB offset 2048 19:50:33.787 Disk 0 scanning sectors +234438656 19:50:33.867 Disk 0 scanning C:\Windows\system32\drivers 19:50:40.006 Service scanning 19:50:45.714 Service krnl_akl C:\Windows\system32\drivers\krnl_akl.sys **LOCKED** 32 19:50:46.695 Service MpKsl374e93b4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{335F7451-63CD-471B-9718-FFC4E1316591}\MpKsl374e93b4.sys **LOCKED** 32 19:50:56.740 Modules scanning 19:51:08.757 Disk 0 trace - called modules: 19:51:08.797 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 19:51:08.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85176528] 19:51:08.817 3 CLASSPNP.SYS[87e8d59e] -> nt!IofCallDriver -> [0x844215e0] 19:51:08.827 5 ACPI.sys[8764a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b7030] 19:51:08.847 Scan finished successfully 20:09:46.807 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat" 20:09:46.817 The log file has been saved successfully to "C:\Users\Alan\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-01 20:23:26 ----------------------------- 20:23:26.028 OS Version: Windows 6.1.7601 Service Pack 1 20:23:26.028 Number of processors: 1 586 0xD06 20:23:26.028 ComputerName: ALAN-LAPTOP UserName: Alan 20:23:26.839 Initialize success 20:23:30.664 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 20:23:30.674 Disk 0 Vendor: SAMSUNG_HM121HC LS100-10 Size: 114473MB BusType: 3 20:23:30.694 Disk 0 MBR read successfully 20:23:30.704 Disk 0 MBR scan 20:23:30.704 Disk 0 Windows 7 default MBR code 20:23:30.714 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114471 MB offset 2048 20:23:30.724 Disk 0 scanning sectors +234438656 20:23:30.784 Disk 0 scanning C:\Windows\system32\drivers 20:23:36.603 Service scanning 20:23:41.961 Service krnl_akl C:\Windows\system32\drivers\krnl_akl.sys **LOCKED** 32 20:23:42.862 Service MpKsl374e93b4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{335F7451-63CD-471B-9718-FFC4E1316591}\MpKsl374e93b4.sys **LOCKED** 32 20:23:52.185 Modules scanning 20:24:03.605 Disk 0 trace - called modules: 20:24:03.625 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 20:24:03.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85176528] 20:24:03.625 3 CLASSPNP.SYS[87e8d59e] -> nt!IofCallDriver -> [0x844215e0] 20:24:03.625 5 ACPI.sys[8764a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b7030] 20:24:03.625 Scan finished successfully 20:24:12.932 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat" 20:24:12.952 The log file has been saved successfully to "C:\Users\Alan\Desktop\aswMBR.txt" ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- MBRScan v1.1.1 OS : Windows 7 Service Pack 1 (32 bit) PROCESSOR : x86 Family 6 Model 13 Stepping 6, GenuineIntel BOOT : Normal Boot DATE : 2012/09/01 (ISO 8601) at 20:22:50 ________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __SAMSUNG HM121HC (LS100-10) BUS_TYPE : (0x03) P-ATA USE_PIO : NO MAX_TRANSFER : 128 Kb ALIGNMENT_MASK : word aligned ________________________________________________________________________________ Device\Harddisk0\DR0 111.8 Go [Fixed] ==> 7 MBR Code MBR_MD5 : EA7111D01CF65E981A7ED331D2CCCC18 MBR_SHA1 : 0DF8508901D6811ACF3FC0D5C6F718A94ED56C8A Device\Harddisk0\Partition1 111.8 Go 0x07 NTFS / HPFS __ BOOTABLE __ ________________________________________________________________________________ ############################### Additional scan ################################ DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk ADDRESS : 0x8EABA000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk ADDRESS : 0x8EAC5000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk ADDRESS : 0x8EACE000 SIZE : 68.0 Ko DRIVER : C:\Users\Alan\AppData\Local\Temp\aswMBR.sys => Invisible on the disk ADDRESS : 0x93C00000 SIZE : 48.0 Ko BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020) SystemStartOptions : NOEXECUTE=OPTIN ________________________________________________________________________________ _______MBR \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿. 0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹.. 0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å. 0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF.. 0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu. 0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t 0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h. 0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ. 0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..Ë.¸..».|.V. 0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ 0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².Ë. 0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2Ä.V.Í.]Ë..>þ}U 0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°ñÆd 0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßÆ`è|.°.Ædèu 0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT 0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.». 0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf 0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f 0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í 0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.Ë..¶.Ë..µ.2Ä 0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....Ь<.t.»..´.Í 0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ËòôËý+ÉÄdË.$.ÀØ 0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti 0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error 0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati 0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin 0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst 0x000001B0 65 6D 00 00 00 63 7B 9A 64 C5 C4 A3 00 00 80 20 em...c{.dÅÄ£... 0x000001C0 21 00 07 FE FF FF 00 08 00 00 00 38 F9 0D 00 00 !..þ.......8ù... 0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- RogueKiller V7.4.4 [05/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Alan [Admin rights] Mode: Scan -- Date: 09/01/2012 20:33:40 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 5 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[39] : NtAlpcSendWaitReceivePort @ 0x82A7DCC5 -> HOOKED (Unknown @ 0x853073F0) SSDT[215] : NtProtectVirtualMemory @ 0x82A6E483 -> HOOKED (Unknown @ 0x85DA4A18) SSDT[370] : NtTerminateProcess @ 0x82A4A3E6 -> HOOKED (Unknown @ 0x85308380) S_SSDT[14] : Unknown -> HOOKED (Unknown @ 0x85DA7FD0) S_SSDT[302] : Unknown -> HOOKED (Unknown @ 0x85DA6CD8) S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x85DA1A00) S_SSDT[361] : Unknown -> HOOKED (Unknown @ 0x85D96B50) S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x85DADC90) S_SSDT[408] : Unknown -> HOOKED (Unknown @ 0x85D9CBF0) S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x85DADBC0) S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x85DADC28) S_SSDT[447] : Unknown -> HOOKED (Unknown @ 0x85DB0F68) S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x85DB0FD0) S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x85DAD868) S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x85D9C8B0) S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x85DAE858) S_SSDT[594] : Unknown -> HOOKED (Unknown @ 0x85DA0A58) S_SSDT[607] : Unknown -> HOOKED (Unknown @ 0x85DA1868) _INLINE_ : NtCreateKey -> HOOKED (Unknown @ 0x85DA6B38) _INLINE_ : NtOpenKey -> HOOKED (Unknown @ 0x85DA7E48) _INLINE_ : NtOpenKeyEx -> HOOKED (Unknown @ 0x85DADCF8) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM121HC ATA Device +++++ --- User --- [MBR] ea7111d01cf65e981a7ed331d2cccc18 [bSP] 41f6f0124a45d065c91422fa63be84ab : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> Can anyone give me some info on this please. Did the reports I posted seem suspicious in any way?
  10. So, a few days ago I started receiving email notifications from my router letting me know about security alerts. I'm including recent logs from my router. 2012-07-18 14:03:46.00 [DOS] UDP Packet - Source:192.168.0.12,137 Destination:192.168.0.255,137 2012-07-18 14:03:47.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,138 Destination:192.168.0.255,138 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,50980 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,57644 Destination:239.255.255.250,3702 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,138 Destination:192.168.0.255,138 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:03:49.00 [DOS] UDP Packet - Source:192.168.0.12,49385 Destination:239.255.255.250,1900 2012-07-18 14:03:49.00 [DOS] UDP Packet - Source:192.168.0.12,57644 Destination:239.255.255.250,3702 2012-07-18 14:03:49.00 [DOS] UDP Packet - Source:192.168.0.12,1196 Destination:255.255.255.255,1196 2012-07-18 14:03:50.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:50.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:03:51.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:51.00 [DOS] UDP Packet - Source:192.168.0.12,138 Destination:192.168.0.255,138 2012-07-18 14:03:51.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49328 Destination:192.168.0.1,445 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49330 Destination:192.168.0.1,445 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49331 Destination:192.168.0.1,139 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49329 Destination:192.168.0.1,445 2012-07-18 14:04:55.00 [DOS] TCP Packet - Source:192.168.0.12,49356 Destination:192.168.0.1,5000 2012-07-18 14:05:40.00 [DOS] TCP Packet - Source:192.168.0.12,49544 Destination:192.168.0.1,5000 2012-07-18 14:05:44.00 [DOS] TCP Packet - Source:192.168.0.12,49559 Destination:192.168.0.1,5000 2012-07-18 14:05:48.00 [DOS] TCP Packet - Source:192.168.0.12,49574 Destination:192.168.0.1,5000 2012-07-18 14:05:52.00 [DOS] TCP Packet - Source:192.168.0.12,49590 Destination:192.168.0.1,5000 2012-07-18 14:05:57.00 [DOS] TCP Packet - Source:192.168.0.12,49605 Destination:192.168.0.1,5000 2012-07-18 14:06:00.00 [DOS] TCP Packet - Source:192.168.0.12,49618 Destination:192.168.0.1,5000 2012-07-18 14:06:10.00 [DOS] TCP Packet - Source:192.168.0.12,49655 Destination:192.168.0.1,5000 2012-07-18 14:06:14.00 [DOS] TCP Packet - Source:192.168.0.12,49670 Destination:192.168.0.1,5000 My network range is precisely 192.168.0.x, being my router 192.168.0.1 Does anyone know what's going on with my network? Am I infected with some sort of bot? The address you see in the log belongs to the PC I'm using right now, I have all other devices turned off, including the wireless printers because they would also show being a source when they are on (the printers). I'm going nuts here, please help.
  11. So, a few days ago I started receiving email notifications from my router letting me know about security alerts. I'm including recent logs from my router. 2012-07-18 14:03:46.00 [DOS] UDP Packet - Source:192.168.0.12,137 Destination:192.168.0.255,137 2012-07-18 14:03:47.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,138 Destination:192.168.0.255,138 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,50980 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,57644 Destination:239.255.255.250,3702 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,138 Destination:192.168.0.255,138 2012-07-18 14:03:48.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:03:49.00 [DOS] UDP Packet - Source:192.168.0.12,49385 Destination:239.255.255.250,1900 2012-07-18 14:03:49.00 [DOS] UDP Packet - Source:192.168.0.12,57644 Destination:239.255.255.250,3702 2012-07-18 14:03:49.00 [DOS] UDP Packet - Source:192.168.0.12,1196 Destination:255.255.255.255,1196 2012-07-18 14:03:50.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:50.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:03:51.00 [DOS] UDP Packet - Source:192.168.0.12,1900 Destination:239.255.255.250,1900 2012-07-18 14:03:51.00 [DOS] UDP Packet - Source:192.168.0.12,138 Destination:192.168.0.255,138 2012-07-18 14:03:51.00 [DOS] UDP Packet - Source:192.168.0.12,56638 Destination:239.255.255.250,1900 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49328 Destination:192.168.0.1,445 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49330 Destination:192.168.0.1,445 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49331 Destination:192.168.0.1,139 2012-07-18 14:04:20.00 [DOS] TCP Packet - Source:192.168.0.12,49329 Destination:192.168.0.1,445 2012-07-18 14:04:55.00 [DOS] TCP Packet - Source:192.168.0.12,49356 Destination:192.168.0.1,5000 2012-07-18 14:05:40.00 [DOS] TCP Packet - Source:192.168.0.12,49544 Destination:192.168.0.1,5000 2012-07-18 14:05:44.00 [DOS] TCP Packet - Source:192.168.0.12,49559 Destination:192.168.0.1,5000 2012-07-18 14:05:48.00 [DOS] TCP Packet - Source:192.168.0.12,49574 Destination:192.168.0.1,5000 2012-07-18 14:05:52.00 [DOS] TCP Packet - Source:192.168.0.12,49590 Destination:192.168.0.1,5000 2012-07-18 14:05:57.00 [DOS] TCP Packet - Source:192.168.0.12,49605 Destination:192.168.0.1,5000 2012-07-18 14:06:00.00 [DOS] TCP Packet - Source:192.168.0.12,49618 Destination:192.168.0.1,5000 2012-07-18 14:06:10.00 [DOS] TCP Packet - Source:192.168.0.12,49655 Destination:192.168.0.1,5000 2012-07-18 14:06:14.00 [DOS] TCP Packet - Source:192.168.0.12,49670 Destination:192.168.0.1,5000 My network range is precisely 192.168.0.x, being my router 192.168.0.1 Does anyone know what's going on with my network? Am I infected with some sort of bot? The address you see in the log belongs to the PC I'm using right now, I have all other devices turned off, including the wireless printers because they would also show being a source when they are on (the printers). I'm going nuts here, please help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.