Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wireless Settings being changed


  • Please log in to reply
5 replies to this topic

#1 Scott Stoef

Scott Stoef

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 06 December 2015 - 09:24 PM

I'm in the need of some assistance.  I'm using a ASUS N66U router and when I set it up I did so as a secured network with WPA2 password.  At some point last year I tried to log into my router using my user ID and password, but router didn't recognize it.  I reset the router and documented my logon ID and password. 

 

I recently had my credit card numbers hacked so I decided to switch to Kaspersky Total Security.  When I started my scan Kaspersky said that my internet connection was a Public Network.  I saw this in the past on my work computer, but I didn't think anything about it.  So I decided to investigate and my router once again will not recognize my user ID and password. 

 

I really believe there is something going on where something on the inside is going into my router nd changing the settings on me.  I'm not sure how this could happen or how to diagnose the issue, so I need to know if someone can point me in the right direction. 

 

What is interesting is that when install Kaspersky on my computer I went to go to google and it was giving me a certificate error on my admin account.   I've also had issues on my non-admin accounts running program updates for things like Adobe.  Here is the message when I try to access google from my browser:

 

This Connection is Untrusted

You have asked Firefox to connect securely to www.google.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

 

Please let me know if anyone knows what I shoudl be doing. I've had others from Bleeping Computer look at my computers and they cannot find anything, but something is obviously happening.



BC AdBot (Login to Remove)

 


#2 logan55

logan55

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 07 December 2015 - 12:27 PM

Hello Scott,

 

use a Linux Live CD to boot up your computer. Reset your Router and connect to it with a LAN cable. Run a firmware update if possible. Set a long and secure admin password and WPA2 key. Don't log into the router with a possibly infected PC. Think about a fresh installation of windows.

 

Best regards,

 

logan



#3 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 07 December 2015 - 01:34 PM

Logan,

 

I got the router reset last night and updated the firmware and created an even more complex password for it.  I didn't change the user ID though.  I did this through a computer I recently rebuilt with a DBAN erased hard drive. It is hard-wired into the network, but other than setting it up it hasn't really been used for anything other than doing windows updates and installing Kaspersky about 2 months ago.  Do you think I need to wipe that drive again and reinstall?

 

The rest of the devices that connect to the network are 3 Windows OS laptops (most likely culprit), 4 brand new iphones, and 3 ipads. I'm going to rebuild the 3 laptops, but I'm concerned something might have gotten into the partition where the windows OS is stored.  So even if I restore it to factory defaults the malware may still be present. The only option there is to pull the hard drives and DBAN them as well, but I don't want to lose my windows licenses.  I'm not sure if I pull pull the .iso file from Microsoft and store it on a flash drive I can could still reinstall it with the existing license.  



#4 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 07 December 2015 - 01:37 PM

BTW....what is the difference between WPA2 personal and enterprise?  I thought about switching to the later, but I wasn't sure if it would do anything different. 

 

One thing I forgot to mention is that I also have my work computer which has just about every possible anti-malware tool on it.  I'm assuming that would still be safe to use on the network.  I do see messages from McAfee showing port scan attacks happening when I'm on my home network, but it seems to be okay given the VPN connection that is being used.



#5 logan55

logan55

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 07 December 2015 - 03:41 PM

Hello Scott,

 

I would wait a while and see how things develop. The difference between WPA2 personal and enterprise is how the client is authenticated. WPA2 personal uses the pre-shared key to authenticate against the access-point, whereas in WPA2 enterprise the client is authenticated against a radius server with a username/password combination or a certificate. This might enhance the security of your WLAN because each user has a unique encryption key, but the AP needs to support it and you need a dedicated radius server.

Does McAfee show from which ip address the port scan is coming from ? What kind of VPN are you using ?

 

Best regards,

 

logan



#6 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 07 December 2015 - 10:23 PM

Other than seeing hte notification for port scan attack I never could find out anything else about it.  I actually took into into work and one of their "security specialists" took a look at it but didn't find any malware on it. 

 

I'm really not sure how the VPN works on my work computer, but it is called easy connect. Given what I do for a living I'm sure it is top notch stuff to protect my company's data. 

 

I will try to find out more and post a response to you tomorrow.  Right now I put in a super complex admin password and disabled my 2.4G and 5G bands.  As I rebuild my computers I will put them back online individually. Looks like Christmas break is going to SUCK for me!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users