Posted 18 August 2012 - 11:02 AM
Finally I've to post here for the first time to ask direct help. From yesterday evening I'm really concerned about what's going on here in my home network:
- 1 Linux ubuntu machine, release 10.04
- 1 Windows 7 laptop
Everything started as in the past, Msn not loggin in from the Win 7 laptop. Quite usual, tried to access www.hotmail.com from firefox and page was 404 not reacheble. Strange, did the attempt from linux and it worked perfectly.
I then tried to access google from the win 7 machine with https protocol and firefox answered with the expired certificates security warning. This started to be annoying, so I decided it was time to install hijackthis for a register check.
When I accessed hijackthis.de, the "direct download" link up left in the page showed a link to facebook, I was not fast enough to read it but I noticed a part aiming to "bleep please" profile. I then found a "Like" on that page that I never open before! On the second click attempt, I was redirected to the link to trendmicro's page but when I tried download HJT every click was a redirect to upper page. From the linux machine, I reached the right download but the file I downloaded was only 254 bytes long.
While all this was happening, my email box got filled by email alerts from my router's internal firewall, showing many attempts like TCP Fin, Vecna Scan, Smurf, UDP flood and so long. Through the WHois function in ubuntu, i discovered that many of the addresses were from my provider, akamai or even microsoft but some of them were also unknown to me.
I decided to close the open ports for emule and rise the security level of the firewall from medium to high just in case. I also deactivated the wireless function from my router and this (maybe a coincidence?) caused the ATM to go down and refresh.
Form that time forward I still couldn't open correctly the hijackthis.de page, facebook link come every time on the first seconds the page is open: to be specific on this, in the first 10 - 20 seconds the page acts like it is a whole link, like an image from malware pages. I took the hijackthis installation from the linux machine in a second time and run it on windows: nothing seemed strange.
If you have some clue on this because I don't really know what to do now, also the fact that linux machine seems to be affected by the same issue then the win 7 machine gets me a bit scared about what I'm I facing. I know that some scanning could happend on my address, but getting 10 alerts a time every hour is telling me that something weird is really going on!
Hope you have some answer for me!