Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anonymous Logon


  • Please log in to reply
1 reply to this topic

#1 Geneva

Geneva

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 28 April 2009 - 08:41 PM

Hello
I see in my sec the seurity Log about the same that I log on a entry Anonymous Logon. I also noticed when I viewed network connections wireless, a strange entry with a excellent connection just be infore my router loged on. The entry was very quick and what I think I saw was MALVER-API32. I have also seen attempts to do regedit, Explor, Defrag and an attempt to insert HKEY code which my self defense denied. I also saw utilization of Com+ and I also found a unregestered HKEY in the attached screen shot. My scan's do not find any virus, but some entrys did pop up when the computer the computer was attached to the same router as a hijacked computer that the anti virus software shut down as critical. On the infected computer I found Broadcom/jump initiated and on this computer Application Layer Gateway Services was starting on each boot. In addition CFG.exe was installed in program files. CFG.exe is a broadcom utility to connect two computers. I have disabled Application Layer Gateway Service and removed CFG.exe.

I have changed my router configuration from WEP to WAP-2 on the router however I do not recognize the gateway. I have done a cmd>ipconfig to confirm my IP and then looked at the client list on the router. The client list at times list 2 consecutive IP's even though only one computer is communicating with the router and no other computer is turned on or attached to the router. one of the ip's dispayed shows no host and no Mac address while the other is normal. However if I refresh the blank ip goes away?

This computer was formated on 3-29-09 and I see some api.dll's modified on 4-14-09.
I have formated the other computer and will format this computer again soon but I am concerned about the router and infections are comming by way of a neighbors wireless (not broadcast) unprotected router and unprotected computer.

I need to find out the ip address and Mac address of the hacker so that I can block it. Attached is a screen shot of Dcom warning which was Not allowed to regester

Any body got any pointers?

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:39 AM

Posted 29 April 2009 - 09:31 AM

Moved from HJT forum
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users