Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After Trojans/hijacking, is my network is now safe now?


  • Please log in to reply
5 replies to this topic

#1 johneffinsmith

johneffinsmith

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 26 May 2015 - 04:53 PM

My network: Antiontec C1000a vdsl2 router/modem with laptop, iPhone, bluray players connected via wifi and a desktop via Ethernet. My roommate occasionally works from home on the desktop, connecting to his works network.

What happened:

Two computers running Windows 7 infected with Trojans on the same network.

First thing that I noticed, the internet started acting strangely about two weeks ago. My connection would drop intermittently for seconds at a time often, doing that for an hour or so every now and then. I contacted my ISP several times, who would only tell me to turn my modem on and off. I looked at the modem/router admin screen. Didn't exactly know what I was looking at, but things seemed erratic. 144 retrains in 24hours

Ran FRST and found that a bunch of .dll files were downloaded without my knowledge. I also found a ton of notepad files with logs. I did the same on my roommates computer and it seemed to be even worse. I'm not an expert, but after some research I may have found possible evidence of "system.sav", "wow64" , "grant/bogart"(??) and "zero access" viruses/trojans.

Rather that trying to fix it, I just installed new hard drives and Windows 8.1. I haven't used them on my network yet

A couple days ago I got a strange text along the lines of "hey, I need to talk to you blah blah, text back please!". I unfortunately opened it, but didn't reply. Googled the number and several others reported similar texts that day. I have an iPhone 5 which I believe was connected to my computer once to add music

Questions:

What do I do before I connect to my network again?

Are new HD's/OS's enough? Viruses can't hide in other hardware then infect a new hd, right?

Is my modem/router is infected/compromised? Will resetting it and changing the wifi/admin passwords be enough?

Is it possible that our smart bluray players could be infected?

Is my phone hacked?

Also, I had an external hard drive with important career related project files(not programs) connected. Is it possible to safely retrieve those without infecting my new system?

Should my roommate notify his employer?

Are the viruses I listed mostly used for things like click fraud? Or worse? Do I need to do anything beyond changing all of my passwords?

Sorry for so many, just freaking out a bit and want to get things back to normal. Any help would be appreciated

BC AdBot (Login to Remove)

 


m

#2 johneffinsmith

johneffinsmith
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 27 May 2015 - 10:31 AM

Maybe I should shorten it up

Now that my computers have new hd's, how do I secure my network? They still seem to be doing something as the connection drops/gets slow sometimes. Do I simply change the router/modem passwords?

#3 johneffinsmith

johneffinsmith
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 31 May 2015 - 04:09 PM

My computer appears to be clean so far. My internet connection still drops for about an hour at seemingly random times, in the middle of the night. Less often than before though. How can I tell if there was a MITM done to my modem/router?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:15 AM

Posted 02 June 2015 - 10:50 PM

Hi, having run FRST you need to post that log here so it can be confirmed.

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 johneffinsmith

johneffinsmith
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 05 June 2015 - 11:43 PM

thanks!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:15 AM

Posted 09 June 2015 - 02:50 PM

Ok.. you still need to post there..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users