Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC hacked within 5 hours of reimage


  • Please log in to reply
13 replies to this topic

#1 Johnny2014

Johnny2014

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 13 October 2014 - 10:40 AM

My home (64 bit win 7) started having corrupt files (Pics, mailbox pst, mp3..etc) a couple days ago. Then 2 days ago i noticed 

Oracle VM VirtualBox and a image archive file in my downloads folder. The Oracle virtualbox software was also installed and

running

 

I don't know what that is, so to avoid further issues, yesterday afternoon I formatted my C: drive and reinstalled a fresh 64 bit OS and reinstalled all the drivers and windows service packs. the only software that I installed was the MBAM premium version and AVG security (full licensed version)

 

I was done by 2 pm, and when I checked my pc at 7 pm, i saw the Oracle VM VirtualBox back in the downloads folder and also again installed.

 

I know what Oracle VM VirtualBox is, but why is it being installed on my PC? Does this mean my PC is hacked?

 

Thanks

 

 

 

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:34 PM

Posted 13 October 2014 - 11:14 AM

Not sure what you have going on here....what happens if you uninstall it? Does it come back?

If it is actually installed you should be able to uninstall using the Add/ Remove program.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 JohnC_21

JohnC_21

  • Members
  • 23,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 PM

Posted 13 October 2014 - 11:14 AM

Hello, and welcome

 

The only way VirtualBox was installed on your computer if you did not do it was by somebody physically at the computer unbeknownst to you or remotely. Are you connected to the internet directly to a modem or through a router? Did you change the default username and password on the modem or router after setup? If you are connecting wirelessly what encryption are you using? WEP encryption can be hacked in minutes. Are you using a good administrator password? When browsing you should be doing it in a Limited User Account.

 

Take a look at your DNS server settings and make sure those have not been changed or if you are now using a Proxy Server.

 

If you quick format the computer some malware can still be in the MBR but a person more familiar with malware could confirm that.



#4 Johnny2014

Johnny2014
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 13 October 2014 - 11:37 AM

Not sure what you have going on here....what happens if you uninstall it? Does it come back?

If it is actually installed you should be able to uninstall using the Add/ Remove program.

I removed it last night and rebooted the pc. Waited for 1 hour, nothing happened. I shut it down and have n't turned it on since then. I want to be ready to log all traffic and capture what is happening on the PC before leaving it on for a day next time.



#5 Johnny2014

Johnny2014
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 13 October 2014 - 11:40 AM

Hello, and welcome

 

The only way VirtualBox was installed on your computer if you did not do it was by somebody physically at the computer unbeknownst to you or remotely. Are you connected to the internet directly to a modem or through a router? Did you change the default username and password on the modem or router after setup? If you are connecting wirelessly what encryption are you using? WEP encryption can be hacked in minutes. Are you using a good administrator password? When browsing you should be doing it in a Limited User Account.

 

Take a look at your DNS server settings and make sure those have not been changed or if you are now using a Proxy Server.

 

If you quick format the computer some malware can still be in the MBR but a person more familiar with malware could confirm that.

Ony my wife and I are home and i was home all day yesterday.

I am connected via router with LAN cable

I did not make any changes to router  or modem after setup.

I did not create any admin password after reimage and my default account is an admin one.

I delete the partition and recreated it, then did a full format, before installing.



#6 Johnny2014

Johnny2014
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 13 October 2014 - 11:42 AM

Do you recommend any tools that I can install on my PC which will monitor internet traffic and also capture any events ( program installation, rdp connection..etc)?

 

Thanks for the help



#7 JohnC_21

JohnC_21

  • Members
  • 23,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 PM

Posted 13 October 2014 - 11:48 AM

Is this a single modem/router that was given to you by your service provider? I can't recommend any tools. Somebody else may have experience with those.

#8 Johnny2014

Johnny2014
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 13 October 2014 - 11:53 AM

Is this a single modem/router that was given to you by your service provider? I can't recommend any tools. Somebody else may have experience with those.

Hi

Modem was given by my IPS. Router is the Linksys WNDR 3700 I purchased about 2 yrs ago

 

The AVG software has built in firewall and I set it to interactive so that I manually have to allow/deny any connection but I did that after discovering the Virtualbox being installed.



#9 JohnC_21

JohnC_21

  • Members
  • 23,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 PM

Posted 13 October 2014 - 11:58 AM

I think that is your problem. If you did not change the default password on the Linksys another person can access it if remote access is allowed. (that model number specs out as a Netgear for some reason). Is it a Linksys or Netgear?



#10 Johnny2014

Johnny2014
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 13 October 2014 - 12:08 PM

I think that is your problem. If you did not change the default password on the Linksys another person can access it if remote access is allowed. (that model number specs out as a Netgear for some reason). Is it a Linksys or Netgear?

I changed the default Admin username and password of the router on day one, the day I installed it. Sorry it is Netgear: http://www.netgear.com/home/products/networking/wifi-routers/wndr3700.aspx

 

The admin account I referenced above  is the Windows account.



#11 JohnC_21

JohnC_21

  • Members
  • 23,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 PM

Posted 13 October 2014 - 12:30 PM

Okay, that is good that you changed the password. If there are any devices that are connected to the router wirelessly, then make sure your router is using WPA2. Look at page 91 of the user manual. Make sure Remote Management is not enabled. You can open the Web interface and select connected devices to see if anybody else is connected to the router. (page 18)

 

I would then do the following.

 

Change the router password

 

(If you do not have the OS install disk plus key and used the Recovery Partition when you reinstalled the OS then you cannot do the following).

 

I would download the bootable version of Partition Wizard. You an burn the iso file in Windows 7 by right clicking and then select Burn Image or use a program like isoburner.

 

Disconnect the computer from the router

 

Boot Partition Wizard and wipe the drive (zero quick fill)

 

Install the OS. Provide a strong password for the admin account

 

Create another account in Control Panel but make it a Limited Account. You can create a password for this account if you wish and use that for everything except installing programs.

 

Connect back to the router and check connected devices every so often.

 

When browsing on the limited account and the UAC window appears, then you would know someone is trying to access your system files and you can disallow it.

 

Edit: on page 22 make sure that obtain DNS servers automatically from ISP is selected.


Edited by JohnC_21, 13 October 2014 - 12:32 PM.


#12 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:34 PM

Posted 13 October 2014 - 12:41 PM

I think it's barking up the wrong tree to think a hacker has installed that program. I mean, what purpose

would a hacker have for doing that? Strange....


Edited by buddy215, 13 October 2014 - 12:42 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:34 PM

Posted 13 October 2014 - 12:51 PM

Isn't it more likely that the program was included by the manufacturer in the recovery partition?

Did you reinstall using either the recovery partition files or a DVD furnished by the manufacturer or you created

when the computer was new?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Johnny2014

Johnny2014
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 14 October 2014 - 07:21 AM

Update:

I found out that a UDP/TCP port on my router was open that was directing traffic to my PC IP address.

 

I delete the open port and reset the router password. All looks good for now.

 

It seems that there were multiple remote login attempts other countries

 

[LAN access from remote] from 82.102.248.140:2802 to 192.168.1.6:3389, Monday, October 13,2014 17:38:28
[LAN access from remote] from 82.102.248.140:2801 to 192.168.1.6:3389, Monday, October 13,2014 17:38:22
[LAN access from remote] from 82.102.248.140:2800 to 192.168.1.6:3389, Monday, October 13,2014 17:38:20
[admin login failure] from source 192.168.1.6, Monday, October 13,2014 17:42:06
[LAN access from remote] from 82.102.248.140:2802 to 192.168.1.6:3389, Monday, October 13,2014 17:38:28
[LAN access from remote] from 82.102.248.140:2801 to 192.168.1.6:3389, Monday, October 13,2014 17:38:22
[LAN access from remote] from 82.102.248.140:2800 to 192.168.1.6:3389, Monday, October 13,2014 17:38:20
[admin login] from source 192.168.1.6, Monday, October 13,2014 17:37:59
[admin login failure] from source 192.168.1.6, Monday, October 13,2014 17:37:52
[DHCP IP: 192.168.1.6] to MAC address 6c:f0:49:e8:78:70, Monday, October 13,2014 17:37:17
[WLAN access rejected: incorrect security] from MAC address d0:e7:82:f4:61:e1, Monday, October 13,2014 17:35:46
[DHCP IP: 192.168.1.13] to MAC address 1c:ab:a7:9a:27:58, Monday, October 13,2014 17:33:45
[LAN access from remote] from 5.249.144.199:46279 to 192.168.1.6:3389, Monday, October 13,2014 17:07:55
[LAN access from remote] from 202.29.138.102:6000 to 192.168.1.6:3389, Monday, October 13,2014 17:03:10
[LAN access from remote] from 210.71.206.217:4935 to 192.168.1.6:3389, Monday, October 13,2014 16:39:46
[LAN access from remote] from 92.39.54.69:4935 to 192.168.1.6:3389, Monday, October 13,2014 16:27:57
[LAN access from remote] from 99.59.50.205:55345 to 192.168.1.6:3389, Monday, October 13,2014 16:19:04
[LAN access from remote] from 99.59.50.205:50373 to 192.168.1.6:3389, Monday, October 13,2014 16:17:19
[DHCP IP: 192.168.1.26] to MAC address 00:61:71:bc:21:8a, Monday, October 13,2014 16:04:33
[LAN access from remote] from 121.66.44.206:49742 to 192.168.1.6:3389, Monday, October 13,2014 16:01:07
[LAN access from remote] from 192.210.53.53:16492 to 192.168.1.6:3389, Monday, October 13,2014 16:00:15
[DHCP IP: 192.168.1.17] to MAC address 00:90:a9:c3:de:14, Monday, October 13,2014 15:53:23
[LAN access from remote] from 121.66.44.206:56056 to 192.168.1.6:3389, Monday, October 13,2014 15:26:37
[DHCP IP: 192.168.1.18] to MAC address 5c:f9:38:9f:88:28, Monday, October 13,2014 15:15:52
[LAN access from remote] from 121.66.44.206:54591 to 192.168.1.6:3389, Monday, October 13,2014 14:51:15
[LAN access from remote] from 99.59.50.205:57619 to 192.168.1.6:3389, Monday, October 13,2014 14:40:04
[LAN access from remote] from 121.66.44.206:60113 to 192.168.1.6:3389, Monday, October 13,2014 14:15:00
[DHCP IP: 192.168.1.14] to MAC address d0:e7:82:f4:61:e1, Monday, October 13,2014 14:10:21
[LAN access from remote] from 80.82.70.230:62241 to 192.168.1.6:3389, Monday, October 13,2014 13:55:53
[LAN access from remote] from 121.66.44.206:62575 to 192.168.1.6:3389, Monday, October 13,2014 13:36:43
[DHCP IP: 192.168.1.26] to MAC address 00:61:71:bc:21:8a, Monday, October 13,2014 13:35:32
[DHCP IP: 192.168.1.25] to MAC address d4:f4:6f:28:f9:44, Monday, October 13,2014 13:30:16
[LAN access from remote] from 80.82.70.230:57416 to 192.168.1.6:3389, Monday, October 13,2014 13:11:18
[LAN access from remote] from 99.59.50.205:50679 to 192.168.1.6:3389, Monday, October 13,2014 13:02:24
[LAN access from remote] from 99.59.50.205:64579 to 192.168.1.6:3389, Monday, October 13,2014 13:01:35
[LAN access from remote] from 121.66.44.206:58903 to 192.168.1.6:3389, Monday, October 13,2014 12:52:31
[DHCP IP: 192.168.1.10] to MAC address 00:04:20:16:e1:1b, Monday, October 13,2014 12:05:44
[DHCP IP: 192.168.1.19] to MAC address 00:1b:a9:f1:23:91, Monday, October 13,2014 12:05:07
[LAN access from remote] from 80.82.70.230:54523 to 192.168.1.6:3389, Monday, October 13,2014 12:01:35
[DoS Attack: ACK Scan] from source: 91.197.45.6, port 80, Monday, October 13,2014 11:20:12
[DHCP IP: 192.168.1.14] to MAC address d0:e7:82:f4:61:e1, Monday, October 13,2014 10:53:50
[DHCP IP: 192.168.1.25] to MAC address d4:f4:6f:28:f9:44, Monday, October 13,2014 10:53:19
[LAN access from remote] from 37.8.115.222:4208 to 192.168.1.6:3389, Monday, October 13,2014 10:38:33
[DoS Attack: TCP/UDP Chargen] from source: 89.248.172.137, port 37387, Monday, October 13,2014 10:26:44
[DHCP IP: 192.168.1.21] to MAC address 00:90:a9:cf:ac:56, Monday, October 13,2014 10:17:59
[LAN access from remote] from 121.66.44.206:55759 to 192.168.1.6:3389, Monday, October 13,2014 10:06:07
[LAN access from remote] from 79.127.112.136:3953 to 192.168.1.6:3389, Monday, October 13,2014 08:32:45
[DHCP IP: 192.168.1.26] to MAC address 00:61:71:bc:21:8a, Monday, October 13,2014 08:15:47
[DHCP IP: 192.168.1.22] to MAC address 00:13:72:0c:9e:75, Monday, October 13,2014 08:03:53
[DoS Attack: TCP/UDP Chargen] from source: 93.180.5.26, port 42021, Monday, October 13,2014 07:53:37
[LAN access from remote] from 183.108.65.76:52243 to 192.168.1.6:3389, Monday, October 13,2014 07:32:21
[DoS Attack: ACK Scan] from source: 69.171.235.48, port 443, Monday, October 13,2014 07:21:47
[DoS Attack: ACK Scan] from source: 54.211.102.9, port 9543, Monday, October 13,2014 07:08:51
[DHCP IP: 192.168.1.2] to MAC address 90:4c:e5:b6:73:c7, Monday, October 13,2014 07:08:00
[DoS Attack: ACK Scan] from source: 54.211.102.9, port 9543, Monday, October 13,2014 07:02:50
[DHCP IP: 192.168.1.2] to MAC address 90:4c:e5:b6:73:c7, Monday, October 13,2014 07:01:33
[LAN access from remote] from 93.174.95.55:46285 to 192.168.1.6:3389, Monday, October 13,2014 05:55:58
[DHCP IP: 192.168.1.13] to MAC address 1c:ab:a7:9a:27:58, Monday, October 13,2014 05:33:46
[LAN access from remote] from 37.8.115.222:1852 to 192.168.1.6:3389, Monday, October 13,2014 05:26:11
[LAN access from remote] from 64.21.206.212:37196 to 192.168.1.6:3389, Monday, October 13,2014 05:09:00
[LAN access from remote] from 183.63.111.138:23288 to 192.168.1.6:3389, Monday, October 13,2014 04:24:06
[DHCP IP: 192.168.1.2] to MAC address 90:4c:e5:b6:73:c7, Monday, October 13,2014 04:17:17
[LAN access from remote] from 37.8.115.222:2138 to 192.168.1.6:3389, Monday, October 13,2014 03:56:13
[DHCP IP: 192.168.1.17] to MAC address 00:90:a9:c3:de:14, Monday, October 13,2014 03:53:22
[LAN access from remote] from 173.8.108.29:61063 to 192.168.1.6:3389, Monday, October 13,2014 03:28:45
[DHCP IP: 192.168.1.26] to MAC address 00:61:71:bc:21:8a, Monday, October 13,2014 03:24:36
[LAN access from remote] from 141.155.103.170:60397 to 192.168.1.6:3389, Monday, October 13,2014 03:02:56
[DHCP IP: 192.168.1.24] to MAC address f8:0f:41:b2:24:40, Monday, October 13,2014 01:42:03
[LAN access from remote] from 182.73.236.33:14921 to 192.168.1.6:3389, Monday, October 13,2014 01:28:59
[LAN access from remote] from 37.8.115.222:3175 to 192.168.1.6:3389, Monday, October 13,2014 01:26:23
[DHCP IP: 192.168.1.20] to MAC address 40:2c:f4:3b:89:27, Monday, October 13,2014 00:42:15
[DHCP IP: 192.168.1.21] to MAC address 00:90:a9:cf:ac:56, Monday, October 13,2014 00:25:34
[DHCP IP: 192.168.1.10] to MAC address 00:04:20:16:e1:1b, Monday, October 13,2014 00:05:42
[DHCP IP: 192.168.1.19] to MAC address 00:1b:a9:f1:23:91, Monday, October 13,2014 00:05:06
[LAN access from remote] from 218.77.79.43:47415 to 192.168.1.6:3389, Sunday, October 12,2014 23:51:53
[LAN access from remote] from 89.248.172.16:37819 to 192.168.1.6:3389, Sunday, October 12,2014 22:42:36
[Time synchronized with NTP server] Sunday, October 12,2014 22:25:44
[DoS Attack: TCP/UDP Chargen] from source: 74.82.47.5, port 56211, Sunday, October 12,2014 21:58:07
[LAN access from remote] from 37.8.115.222:1866 to 192.168.1.6:3389, Sunday, October 12,2014 21:49:25
[DoS Attack: ACK Scan] from source: 17.110.225.73, port 5223, Sunday, October 12,2014 21:25:26
[LAN access from remote] from 209.181.189.135:3054 to 192.168.1.6:3389, Sunday, October 12,2014 21:07:03
[DHCP IP: 192.168.1.25] to MAC address d4:f4:6f:28:f9:44, Sunday, October 12,2014 21:04:54
[DHCP IP: 192.168.1.22] to MAC address 00:13:72:0c:9e:75, Sunday, October 12,2014 20:03:49
[LAN access from remote] from 38.98.183.20:1834 to 192.168.1.6:3389, Sunday, October 12,2014 19:47:35
[DHCP IP: 192.168.1.18] to MAC address 5c:f9:38:9f:88:28, Sunday, October 12,2014 19:25:25
[LAN access from remote] from 111.74.239.61:6000 to 192.168.1.6:3389, Sunday, October 12,2014 19:21:36
[DoS Attack: TCP/UDP Chargen] from source: 94.102.52.174, port 37961, Sunday, October 12,2014 18:04:49
[DHCP IP: 192.168.1.13] to MAC address 1c:ab:a7:9a:27:58, Sunday, October 12,2014 17:33:39
[DHCP IP: 192.168.1.20] to MAC address 40:2c:f4:3b:89:27, Sunday, October 12,2014 17:28:37
[LAN access from remote] from 67.106.72.8:52868 to 192.168.1.6:3389, Sunday, October 12,2014 17:03:09
[DHCP IP: 192.168.1.26] to MAC address 00:61:71:bc:21:8a, Sunday, October 12,2014 16:38:07
[LAN access from remote] from 212.54.141.11:61493 to 192.168.1.6:3389, Sunday, October 12,2014 16:28:47
[DHCP IP: 192.168.1.2] to MAC address 90:4c:e5:b6:73:c7, Sunday, October 12,2014 16:17:13
[DHCP IP: 192.168.1.17] to MAC address 00:90:a9:c3:de:14, Sunday, October 12,2014 15:53:16
[DHCP IP: 192.168.1.14] to MAC address d0:e7:82:f4:61:e1, Sunday, October 12,2014 14:56:45
[DHCP IP: 192.168.1.6] to MAC address 6c:f0:49:e8:78:70, Sunday, October 12,2014 14:55:20
[DHCP IP: 192.168.1.20] to MAC address 40:2c:f4:3b:89:27, Sunday, October 12,2014 14:44:17
[DHCP IP: 192.168.1.21] to MAC address 00:90:a9:cf:ac:56, Sunday, October 12,2014 14:33:04
[DHCP IP: 192.168.1.18] to MAC address 5c:f9:38:9f:88:28, Sunday, October 12,2014 14:24:35
[DHCP IP: 192.168.1.6] to MAC address 6c:f0:49:e8:78:70, Sunday, October 12,2014 13:43:12
[DHCP IP: 192.168.1.24] to MAC address f8:0f:41:b2:24:40, Sunday, October 12,2014 13:42:00
[DHCP IP: 192.168.1.18] to MAC address 5c:f9:38:9f:88:28, Sunday, October 12,2014 13:25:08
[LAN access from remote] from 37.8.115.222:4463 to 192.168.1.6:3389, Sunday, October 12,2014 12:15:47
[DHCP IP: 192.168.1.6] to MAC address 6c:f0:49:e8:78:70, Sunday, October 12,2014 12:15:42
[LAN access from remote] from 37.8.115.222:4065 to 192.168.1.6:3389, Sunday, October 12,2014 12:08:33
[LAN access from remote] from 37.8.115.222:4052 to 192.168.1.6:3389, Sunday, October 12,2014 12:08:09
[LAN access from remote] from 37.8.115.222:4051 to 192.168.1.6:3389, Sunday, October 12,2014 12:08:08
[DHCP IP: 192.168.1.10] to MAC address 00:04:20:16:e1:1b, Sunday, October 12,2014 12:05:38
[DHCP IP: 192.168.1.19] to MAC address 00:1b:a9:f1:23:91, Sunday, October 12,2014 12:05:04
[DHCP IP: 192.168.1.18] to MAC address 5c:f9:38:9f:88:28, Sunday, October 12,2014 11:41:07
[DHCP IP: 192.168.1.14] to MAC address d0:e7:82:f4:61:e1, Sunday, October 12,2014 10:44:30
[DHCP IP: 192.168.1.20] to MAC address 40:2c:f4:3b:89:27, Sunday, October 12,2014 10:23:58
[DoS Attack: ACK Scan] from source: 24.143.204.169, port 80, Sunday, October 12,2014 10:03:57
[DoS Attack: ACK Scan] from source: 212.224.88.87, port 5985, Sunday, October 12,2014 09:34:16
[DHCP IP: 192.168.1.14] to MAC address d0:e7:82:f4:61:e1, Sunday, October 12,2014 09:19:43
[DHCP IP: 192.168.1.18] to MAC address 5c:f9:38:9f:88:28, Sunday, October 12,2014 09:16:01
[DoS Attack: ACK Scan] from source: 17.110.229.85, port 5223, Sunday, October 12,2014 09:04:59
[DHCP IP: 192.168.1.25] to MAC address d4:f4:6f:28:f9:44, Sunday, October 12,2014 09:04:54
[DoS Attack: ACK Scan] from source: 17.110.229.85, port 5223, Sunday, October 12,2014 08:56:14
[DHCP IP: 192.168.1.6] to MAC address 6c:f0:49:e8:78:70, Sunday, October 12,2014 08:18:01
[DHCP IP: 192.168.1.22] to MAC address 00:13:72:0c:9e:75, Sunday, October 12,2014 08:03:48
[LAN access from remote] from 37.8.111.43:2032 to 192.168.1.6:3389, Sunday, October 12,2014 07:54:05
[LAN access from remote] from 37.8.111.43:2031 to 192.168.1.6:3389, Sunday, October 12,2014 07:54:03
[LAN access from remote] from 37.8.111.43:2030 to 192.168.1.6:3389, Sunday, October 12,2014 07:54:02
[UPnP set event: del_nat_rule] from source 192.168.1.22 Sunday, October 12,2014 07:32:46
[LAN access from remote] from 79.112.69.222:32459 to 192.168.1.22:42289, Sunday, October 12,2014 07:32:41
[LAN access from remote] from 180.217.233.18:26090 to 192.168.1.22:42289, Sunday, October 12,2014 07:32:38
[LAN access from remote] from 64.231.159.129:52258 to 192.168.1.22:42289, Sunday, October 12,2014 07:32:33
[LAN access from remote] from 70.68.113.165:49833 to 192.168.1.22:42289, Sunday, October 12,2014 07:32:28
[LAN access from remote] from 1.22.186.12:51397 to 192.168.1.22:42289, Sunday, October 12,2014 07:32:23
[LAN access from remote] from 91.193.205.206:48483 to 192.168.1.22:42289, Sunday, October 12,2014 07:32:19
[LAN access from remote] from 88.234.44.207:27332 to 192.168.1.22:42289, Sunday, October 12,2014 07:32:11
[LAN access from remote] from 98.195.205.161:57289 to 192.168.1.22:42289, Sunday, October 12,2014 07:32:07
[LAN access from remote] from 218.252.160.39:14794 to 192.168.1.22:42289, Sunday, October 12,2014 07:32:04
[LAN access from remote] from 124.253.85.239:20661 to 192.168.1.22:42289, Sunday, October 12,2014 07:31:58
[LAN access from remote] from 24.188.190.93:63462 to 192.168.1.22:42289, Sunday, October 12,2014 07:31:53
[LAN access from remote] from 95.57.50.98:6881 to 192.168.1.22:42289, Sunday, October 12,2014 07:31:47
[LAN access from remote] from 99.247.34.72:52992 to 192.168.1.22:42289, Sunday, October 12,2014 07:31:41
[LAN access from remote] from 116.15.36.149:10087 to 192.168.1.22:42289, Sunday, October 12,2014 07:31:36
[LAN access from remote] from 5.107.165.253:4751 to 192.168.1.22:42289, Sunday, October 12,2014 07:31:31
[LAN access from remote] from 120.56.240.25:55935 to 192.168.1.22:42289, Sunday, October 12,2014 07:31:30
[LAN access from remote] from 93.74.191.252:27574 to 192.168.1.22:42289, Sunday, October 12,2014 07:31:22
[LAN access from remote] from 198.48.235.8:61477 to 192.168.1.22:42289, Sunday, October 12,2014 07:31:16
[LAN access from remote] from 149.172.127.105:6881 to 192.168.1.22:42289, Sunday, October 12,2014 07:31:13
[LAN access from remote] from 70.68.113.165:49794 to 192.168.1.22:42289, Sunday, October 12,2014 07:31:09
[LAN access from remote] from 64.231.159.129:51991 to 192.168.1.22:42289, Sunday, October 12,2014 07:31:01
[DHCP IP: 192.168.1.26] to MAC address 00:61:71:bc:21:8a, Sunday, October 12,2014 07:31:00
[LAN access from remote] from 27.252.174.100:6881 to 192.168.1.22:42289, Sunday, October 12,2014 07:30:57
[LAN access from remote] from 188.98.100.142:6881 to 192.168.1.22:42289, Sunday, October 12,2014 07:30:53
[LAN access from remote] from 108.248.148.42:1500 to 192.168.1.22:42289, Sunday, October 12,2014 07:30:46
[LAN access from remote] from 176.31.182.85:49794 to 192.168.1.22:42289, Sunday, October 12,2014 07:30:44
[LAN access from remote] from 58.40.200.62:16001 to 192.168.1.22:42289, Sunday, October 12,2014 07:30:36
[LAN access from remote] from 98.195.205.161:56534 to 192.168.1.22:42289, Sunday, October 12,2014 07:30:30
[LAN access from remote] from 91.216.66.105:41815 to 192.168.1.22:42289, Sunday, October 12,2014 07:30:25
[LAN access from remote] from 37.112.155.211:50250 to 192.168.1.22:42289, Sunday, October 12,2014 07:30:22
[LAN access from remote] from 1.22.241.145:56325 to 192.168.1.22:42289, Sunday, October 12,2014 07:30:17
[LAN access from remote] from 64.231.159.129:51873 to 192.168.1.22:42289, Sunday, October 12,2014 07:30:17
[LAN access from remote] from 86.6.159.117:53007 to 192.168.1.22:42289, Sunday, October 12,2014 07:30:07
[LAN access from remote] from 68.204.81.164:56964 to 192.168.1.22:42289, Sunday, October 12,2014 07:30:01
[LAN access from remote] from 93.79.167.46:6881 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:57
[LAN access from remote] from 188.32.183.230:49663 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:51
[LAN access from remote] from 176.31.182.85:49610 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:50
[LAN access from remote] from 96.18.48.29:50562 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:41
[LAN access from remote] from 67.163.8.177:57209 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:37
[LAN access from remote] from 14.125.241.247:16001 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:30
[LAN access from remote] from 50.4.77.151:61192 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:25
[LAN access from remote] from 176.31.182.85:49570 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:21
[LAN access from remote] from 98.165.74.142:64421 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:17
[LAN access from remote] from 84.209.57.12:53600 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:11
[LAN access from remote] from 76.102.175.75:34482 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:07
[LAN access from remote] from 2.102.166.255:62677 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:06
[LAN access from remote] from 1.22.186.12:50942 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:05
[LAN access from remote] from 82.13.156.230:63692 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:05
[LAN access from remote] from 89.105.133.55:33047 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:04
[LAN access from remote] from 62.68.132.42:63172 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:04
[LAN access from remote] from 198.48.235.8:61411 to 192.168.1.22:42289, Sunday, October 12,2014 07:29:03
[LAN access from remote] from 162.156.103.209:57532 to 192.168.1.22:42289, Sunday, October 12,2014 07:28:59
[LAN access from remote] from 76.124.114.95:57834 to 192.168.1.22:42289, Sunday, October 12,2014 07:28:58
[LAN access from remote] from 173.72.150.252:50591 to 192.168.1.22:42289, Sunday, October 12,2014 07:28:58
[LAN access from remote] from 212.74.197.6:1033 to 192.168.1.22:42289, Sunday, October 12,2014 07:28:57
[LAN access from remote] from 86.97.235.160:51004 to 192.168.1.22:42289, Sunday, October 12,2014 07:28:55
[LAN access from remote] from 117.214.74.35:18469 to 192.168.1.22:42289, Sunday, October 12,2014 07:28:42
[UPnP set event: add_nat_rule] from source 192.168.1.22 Sunday, October 12,2014 07:28:36
[DHCP IP: 192.168.1.6] to MAC address 6c:f0:49:e8:78:70, Sunday, October 12,2014 07:26:36
[UPnP set event: del_nat_rule] from source 192.168.1.22 Sunday, October 12,2014 07:25:53
[LAN access from remote] from 98.195.205.161:54374 to 192.168.1.22:42289, Sunday, October 12,2014 07:25:50
[LAN access from remote] from 70.59.198.54:61070 to 192.168.1.22:42289, Sunday, October 12,2014 07:25:46
[LAN access from remote] from 2.102.166.255:62436 to 192.168.1.22:42289, Sunday, October 12,2014 07:25:42
[LAN access from remote] from 195.50.222.122:23231 to 192.168.1.22:42289, Sunday, October 12,2014 07:25:38
[LAN access from remote] from 41.182.57.98:34433 to 192.168.1.22:42289, Sunday, October 12,2014 07:25:33
[LAN access from remote] from 176.31.182.85:49184 to 192.168.1.22:42289, Sunday, October 12,2014 07:25:26
[LAN access from remote] from 98.165.74.142:64374 to 192.168.1.22:42289, Sunday, October 12,2014 07:25:24
[LAN access from remote] from 50.4.77.151:60784 to 192.168.1.22:42289, Sunday, October 12,2014 07:25:15
[LAN access from remote] from 173.74.222.232:51166 to 192.168.1.22:42289, Sunday, October 12,2014 07:25:10
[LAN access from remote] from 110.175.230.65:60979 to 192.168.1.22:42289, Sunday, October 12,2014 07:25:05
[LAN access from remote] from 162.156.103.209:57509 to 192.168.1.22:42289, Sunday, October 12,2014 07:25:00
[LAN access from remote] from 71.191.209.247:57000 to 192.168.1.22:42289, Sunday, October 12,2014 07:24:56
[LAN access from remote] from 74.199.114.135:60874 to 192.168.1.22:42289, Sunday, October 12,2014 07:24:51
[LAN access from remote] from 78.111.176.169:57892 to 192.168.1.22:42289, Sunday, October 12,2014 07:24:46
[LAN access from remote] from 117.214.74.35:17565 to 192.168.1.22:42289, Sunday, October 12,2014 07:24:42
[LAN access from remote] from 179.43.148.34:34649 to 192.168.1.22:42289, Sunday, October 12,2014 07:24:35
[LAN access from remote] from 122.172.143.175:49286 to 192.168.1.22:42289, Sunday, October 12,2014 07:24:32
[LAN access from remote] from 76.102.175.75:43837 to 192.168.1.22:42289, Sunday, October 12,2014 07:24:26
[LAN access from remote] from 74.138.201.142:52097 to 192.168.1.22:42289, Sunday, October 12,2014 07:24:26
[LAN access from remote] from 64.231.159.129:50850 to 192.168.1.22:42289, Sunday, October 12,2014 07:24:15
[LAN access from remote] from 108.27.236.142:49215 to 192.168.1.22:42289, Sunday, October 12,2014 07:24:14
[LAN access from remote] from 202.177.253.153:64103 to 192.168.1.22:42289, Sunday, October 12,2014 07:24:09
[LAN access from remote] from 219.246.88.35:7864 to 192.168.1.22:42289, Sunday, October 12,2014 07:24:03
[LAN access from remote] from 203.114.101.138:16880 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:58
[LAN access from remote] from 83.21.65.170:1838 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:58
[LAN access from remote] from 113.193.145.214:53688 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:45
[LAN access from remote] from 86.139.152.226:51948 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:45
[LAN access from remote] from 99.229.184.46:62514 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:45
[LAN access from remote] from 204.14.77.121:14496 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:44
[LAN access from remote] from 176.219.149.230:25212 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:41
[LAN access from remote] from 202.47.114.193:49725 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:25
[LAN access from remote] from 49.207.160.178:54144 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:24
[LAN access from remote] from 82.13.156.230:63192 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:24
[LAN access from remote] from 176.31.182.85:65377 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:23
[LAN access from remote] from 213.197.6.237:51225 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:23
[LAN access from remote] from 49.207.160.178:54143 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:23
[LAN access from remote] from 98.165.74.142:64353 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:23
[LAN access from remote] from 72.86.34.33:61774 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:23
[LAN access from remote] from 76.102.175.75:36403 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:23
[LAN access from remote] from 84.209.57.12:50520 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:20
[LAN access from remote] from 93.72.198.1:57083 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:10
[LAN access from remote] from 83.251.129.155:55190 to 192.168.1.22:42289, Sunday, October 12,2014 07:23:07
[LAN access from remote] from 109.205.248.185:60460 to 192.168.1.22:42289, Sunday, October 12,2014 07:22:59
[UPnP set event: add_nat_rule] from source 192.168.1.22 Sunday, October 12,2014 07:22:39
[DHCP IP: 192.168.1.6] to MAC address 6c:f0:49:e8:78:70, Sunday, October 12,2014 07:10:54
[DHCP IP: 192.168.1.26] to MAC address 00:61:71:bc:21:8a, Sunday, October 12,2014 06:36:57
[DoS Attack: ACK Scan] from source: 188.127.238.153, port 3306, Sunday, October 12,2014 06:31:04
[DHCP IP: 192.168.1.20] to MAC address 40:2c:f4:3b:89:27, Sunday, October 12,2014 06:22:20
[LAN access from remote] from 14.18.203.161:56016 to 192.168.1.6:3389, Sunday, October 12,2014 06:06:20
[DHCP IP: 192.168.1.13] to MAC address 1c:ab:a7:9a:27:58, Sunday, October 12,2014 05:33:57
[LAN access from remote] from 193.205.222.142:10588 to 192.168.1.6:3389, Sunday, October 12,2014 05:25:06
[LAN access from remote] from 93.174.95.55:37795 to 192.168.1.6:3389, Sunday, October 12,2014 05:16:54
[LAN access from remote] from 218.6.198.46:13753 to 192.168.1.6:3389, Sunday, October 12,2014 04:56:57
[LAN access from remote] from 99.96.149.166:52625 to 192.168.1.6:3389, Sunday, October 12,2014 04:54:39
[LAN access from remote] from 99.96.149.166:51046 to 192.168.1.6:3389, Sunday, October 12,2014 04:54:05
[DHCP IP: 192.168.1.21] to MAC address 00:90:a9:cf:ac:56, Sunday, October 12,2014 04:40:40
[LAN access from remote] from 222.177.181.17:24249 to 192.168.1.6:3389, Sunday, October 12,2014 04:36:44
[DoS Attack: ACK Scan] from source: 188.127.238.154, port 3306, Sunday, October 12,2014 04:19:10

Edited by Johnny2014, 14 October 2014 - 07:24 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users