Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wifi network apearing but not actually there, help!!


  • Please log in to reply
5 replies to this topic

#1 cheekysheep

cheekysheep

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 16 June 2010 - 04:03 PM

Hi, i am in desperate need of some help & have been pointed to the networking section after some help in the security, am i infected section?.

Here's a link to my request in the help section.

Ill paste my main post's here:

1st post.
Hi, i have come here to try to get some help, i am using wifi (through a router that i feel had already been compromised??) on my computer and seem to have a wifi network that only appears on my computer, i have tried using other computers to scan for this network but it only ever shows on mine, i have also noticed lots of unusual entries in my registry that always point here or to 1 of the other security help forums similar to this 1 if i do a search on said entries .

I have tried scanning for trojans and virus's with various online and offline scanners, none of which show up anything at all, i know i am not crazy and i have been compromised but do not know how to go about stopping this, i even tried a low level format of my hard drive but this network was there again as soon as i reinstalled windows 7.

2nd post.
There are 2 computers that are used on the router, only 1 showed any infection, below are the mbam logs from both.
The infected computer has had its logon name changed (but still logs on).

At this stage i just want to be rid of any infection on both computers so i can do fresh installs on both without any worry of being infected again.

INFECTED computer.
------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4125

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

15/06/2010 21:41:49
mbam-log-2010-06-15 (21-41-49).txt

Scan type: Quick scan
Objects scanned: 130369
Time elapsed: 10 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



INFECTION FREE ( dry.gif ) computer.
-----------------------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4198

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15/06/2010 01:56:26
mbam-log-2010-06-15 (01-56-26).txt

Scan type: Quick scan
Objects scanned: 116141
Time elapsed: 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3rd post.


I am worried about this wifi network that shows up only on my computer, i have reset the router completely, reinstalled the firmware, checked that no alternate dns is being used, and i still have this network showing on my computer (the 1 with no problems in the above log), i have even changed the router to work only on both "b" & "g" and sure enough each time this network changes also and it always shows the same signal strength relevant to my wifi network.

I do not know if this is anything to do with anything but this website came up in the router log (with only firefox start page being loaded, google).

I am worried because this is not my internet connection, it is a member of my family letting me jump onto their wifi network from 100yds away, i had noticed this a long time ago but wasnt worried because it was my connection, but not anymore, i have even considered phoning the police over it.

PLEASE HELP!!
As you can see i am fairy desperate for some help.

Thanks!!

Edited by cheekysheep, 16 June 2010 - 04:14 PM.


BC AdBot (Login to Remove)

 


#2 cheekysheep

cheekysheep
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 19 June 2010 - 02:56 PM

Can anyone tell me what section this should go in for help? i dont feel the networking section is the right place for this as it is general networking questions in here that this clearly isnt.

please delete this thread if there are no replys by the 21/06.

Thanks.

Edited by cheekysheep, 19 June 2010 - 02:58 PM.


#3 Torchwood

Torchwood

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hampshire UK
  • Local time:06:36 AM

Posted 19 June 2010 - 05:33 PM

Hi Cheeky, couple of questions 4 u,

is the infected machine running XP SP3, and the UNinfected W7,
im in the UK 2 who's your provider, and what encryption u using WPA psk2 il be back about lunchtime 2morrow

quick thought, borrow a router from a friend hook it up and see if you still get the pirate if not id say get a new router

Edited by Torchwood, 19 June 2010 - 05:38 PM.


#4 cheekysheep

cheekysheep
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 19 June 2010 - 06:10 PM

Thanks for the reply torchwood,
xp not too sure what sp, yes, rather not say at the moment and yes.

does this lot mean anything to anyone? found in event properties, microsoft windows security auditing.

</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">SYSTEM</Data>
<Data Name="SubjectDomainName">NT AUTHORITY</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege</Data>
</EventData>
</Event>

There is 1 of these for every log on.

Thanks.

Edited by cheekysheep, 19 June 2010 - 06:14 PM.


#5 Torchwood

Torchwood

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hampshire UK
  • Local time:06:36 AM

Posted 19 June 2010 - 07:03 PM

right just havin me last smoke and off to bed,
things to do
1 turn off system restore
1A IF you have avast av schedule a boot scan this will take about 15-30 mins after u turn comp back on
2 run MBAM Full
3 turn off comp IMMEDIATELY AFTER scan
4 rerun MBAM
4a turn on system restore if no infection detected

The security audit stuff is OK
i would upgrage from IE6 its the hackers friend
also change the SSID password on your router just in case somebody got it
you said u ran ONLINE scans have you not got 1 running, plenty of free 1s around
run a hijackthis scan and post the report some1 will look at it
is your firewall actually on, if its MS it only stops inbound traffic if your comp is infected then it phones home 4 instructions

Edited by Torchwood, 20 June 2010 - 01:26 AM.


#6 arknaz

arknaz

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 21 June 2010 - 10:19 AM

One thing to add to Torchwood.

Once you get your computer secured, disable Wireless access to the router, so you have to physically plug into it to access the admin features (using a web browser to go to 192.168.x.x or w/e your routers ip is).

Just one more added security feature. Could also change SSID name, password protect, then disable SSID broadcasting.

Would just have to Know the name of it and manually add it to the list of connections.

-Scott
Samsung Chromebook +
  • Intel i5-2500K 3.3Ghz - Replaced with I7 3770k 3.5Ghz
  • 80G SSD, 640G/1TB/3TB Sata  
  • Palit GTX560 TI 2GB 
  • 16g G.Skill Sniper DDR3




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users