Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm suspicious that my network is being hacked


  • Please log in to reply
30 replies to this topic

#1 gmKevinHNgu

gmKevinHNgu

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 21 January 2016 - 12:18 PM

Last night of 01/20/16, my family member and own internet was having low bandwidth while playing csgo. It was odd because, speedtest.net showed my internet being fine, and we were the only ones on the internet in the house; with the TP-LINK Archer c3200 and ASUS PCE AC68 combo, I'd think that there should be no connection issues between those two parts. Next morning, I discover that I cannot connect to the internet using the password for any of the 3 bands. That was right before I had to leave for school, and I will be at school until at least 3:45 pacific time. My computer uses windows 10 64-bit. Wireless admin was allowed for the router as we don't have a portable pc with an Ethernet port. We use centurylink's vdsl 2, w/ 25 mbs. Please help as soon as possible and thank you in advance.


Edited by gmKevinHNgu, 21 January 2016 - 01:49 PM.


BC AdBot (Login to Remove)

 


#2 gmKevinHNgu

gmKevinHNgu
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 21 January 2016 - 12:45 PM

I am sorry about the duplicate of this topic. I did not know which forum to put this post in, and I think this may be an urgent matter. I have not done anything to resolve this matter yet, as I'd like get advise first. My router can be restarted, and I can call someone at the house to do so.


Edited by gmKevinHNgu, 21 January 2016 - 01:46 PM.


#3 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:08:38 PM

Posted 21 January 2016 - 10:56 PM

what does it say when you can't connect? Have you tried diagnosing the error? If so what happens?


they call me te java mayster


#4 gmKevinHNgu

gmKevinHNgu
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 21 January 2016 - 11:01 PM

Since I was at school, my sister restarted(not reset) both the c2000a modem and tp-link router, and it seems to have fixed the problem. However, what happened earlier still is suspicious. My phone said unable to connect to network w/ something about the password being wrong. When I logged onto my pc, I was told that someone with the same ip address was on the network.



#5 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:08:38 PM

Posted 21 January 2016 - 11:19 PM

Hmmm, do you have any other machines (xbox, ps3 another laptop) connected? What you experienced was an IP address conflict which could usually be solved by a reboot, each device has there own unique IPA reboot will typically fix the problem, unless both devices have their IP set to a static address.


Edited by awesomecooldude101, 21 January 2016 - 11:20 PM.

they call me te java mayster


#6 gmKevinHNgu

gmKevinHNgu
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 22 January 2016 - 12:47 AM

Yes, many other devices are connected. I'm really curious on whether my router was hacked or not.



#7 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:08:38 PM

Posted 22 January 2016 - 01:00 AM

Most likely not, but you can do a factory reset on your router if that would give you a piece of mind


they call me te java mayster


#8 gmKevinHNgu

gmKevinHNgu
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 22 January 2016 - 03:38 AM

Used a malewarebytes pro scan before I updated it(which said it needed to be updated), and it found a worm.palevo. I deleted it and it then said my pc needed to be restarted. When it turned back on, malwarebytes no longer needed to be updated. Others in the house couldnt get onto the network before the router/modem restart. I last ran a malwarebytes/windows defender scan about three days ago. Thanks though, I have some more piece of mind talking this out.


Edited by gmKevinHNgu, 22 January 2016 - 03:46 AM.


#9 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:08:38 PM

Posted 22 January 2016 - 03:55 AM

The Palevo worm is quite a serious worm that could lead to DDoS attacks and identity theft, please read this for more information. We need to clean this up. 

 

1. MBAM updated scan log

  • Launch Malwarebytes' Anti-Malware (MBAM)
  • Click on the tab update, then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Then on the Scanner tab select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

 

2.  I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
       icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

 

3. Antivirus scan

 

Please run a full scan with the antivirus on your computer and post the log here. You should be able to find your scan log in one of your tabs saying something along the lines of 'scan results'


Edited by awesomecooldude101, 22 January 2016 - 03:59 AM.

they call me te java mayster


#10 gmKevinHNgu

gmKevinHNgu
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 22 January 2016 - 04:17 AM

Windows defender tends to take about 2-3 hours to finish a full time scan; that's with malwarebytes pro and malwarebytes anti-exploit active. I want to get more sleep, so I'll run it after the 2 two steps are finished, and post the results tomorrow morning. Also, can I use google chrome for the eset scan?


Edited by gmKevinHNgu, 22 January 2016 - 04:19 AM.


#11 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:08:38 PM

Posted 22 January 2016 - 04:23 AM

Yes you can, you might want to do the ESET scan first as that can take a real long time (sometimes 6 hours)


they call me te java mayster


#12 gmKevinHNgu

gmKevinHNgu
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 22 January 2016 - 04:26 AM

Ok then, ill will sleep after I start that scan.

 

This was after I deleted the worm with MBAM.

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/22/2016
Scan Time: 1:11 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.22.04
Rootkit Database: v2016.01.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Kevin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425459
Time Elapsed: 10 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:08:38 PM

Posted 22 January 2016 - 04:28 AM

Thank you, have a good sleep.


they call me te java mayster


#14 gmKevinHNgu

gmKevinHNgu
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 22 January 2016 - 10:19 AM

ESET

F:\KEVIN-PC\Backup Set 2013-12-04 211524\Backup Files 2013-12-04 211524\Backup files 1.zip Win64/Toolbar.Conduit.B potentially unwanted application deleted
F:\KEVIN-PC\Backup Set 2014-01-19 190000\Backup Files 2014-01-19 190000\Backup files 4.zip a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted
F:\KEVIN-PC\Backup Set 2014-02-09 190000\Backup Files 2014-02-09 190000\Backup files 4.zip a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted
F:\KEVIN-PC\Backup Set 2014-03-16 190000\Backup Files 2014-03-16 190000\Backup files 4.zip a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted
F:\KEVIN-PC\Backup Set 2014-05-27 161831\Backup Files 2014-05-27 161831\Backup files 4.zip a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted
F:\KEVIN-PC\Backup Set 2014-05-27 161831\Backup Files 2014-08-31 190000\Backup files 1.zip JS/Adware.MultiPlug.B application deleted
F:\KEVIN-PC\Backup Set 2014-09-07 190000\Backup Files 2014-09-07 190000\Backup files 1.zip JS/Adware.MultiPlug.B application deleted
F:\KEVIN-PC\Backup Set 2014-10-12 190001\Backup Files 2014-10-12 190001\Backup files 1.zip JS/Adware.MultiPlug.B application deleted
F:\KEVIN-PC\Backup Set 2014-11-30 205932\Backup Files 2014-11-30 205932\Backup files 3.zip JS/Adware.MultiPlug.B application deleted
F:\KEVIN-PC\Backup Set 2014-12-28 190000\Backup Files 2014-12-28 190000\Backup files 4.zip JS/Adware.MultiPlug.B application deleted
F:\KEVIN-PC\Backup Set 2015-03-08 190001\Backup Files 2015-03-08 190001\Backup files 6.zip JS/Adware.MultiPlug.B application deleted
F:\KEVIN-PC\Backup Set 2015-05-24 190001\Backup Files 2015-05-24 190001\Backup files 6.zip JS/Adware.MultiPlug.B application deleted
F:\KEVIN-PC\Backup Set 2015-06-14 190001\Backup Files 2015-06-14 190001\Backup files 6.zip JS/Adware.MultiPlug.B application deleted
F:\KEVIN-PC\Backup Set 2015-07-06 190034\Backup Files 2015-07-06 190034\Backup files 7.zip JS/Adware.MultiPlug.B application deleted
F:\KEVIN-PC\Backup Set 2015-08-09 190001\Backup Files 2015-08-09 190001\Backup files 7.zip JS/Adware.MultiPlug.B application deleted
F:\KEVIN-PC\Backup Set 2015-09-20 190001\Backup Files 2015-09-20 190001\Backup files 7.zip JS/Adware.MultiPlug.B application deleted


#15 PuReinSAniTY

PuReinSAniTY

  • Members
  • 432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:in a basement
  • Local time:08:38 PM

Posted 22 January 2016 - 05:16 PM

Is this the full log? Eset just says that you have a bit of adware which it removed, let's try these next

 

1. Remove remaining adware with adwcleaner

Please download Adwcleaner by Xplode here

 

Now run the file, and you should have a screen with something like this

adwcleaner-start.jpg

 

Please click Scan  and then when finished Post the scan log (it will pop up after scan)

 

NOTE Please do not clean the items yet

 

After this can you use your computer, then tell me if you ave any remaining problems?


they call me te java mayster





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users