I noticed several daily false logins on our router from a laptop inside our network. So to be on the safe side I tried to figure out where this came from. What i did:
- examined the log-files on the laptop at the time of login
- started systinternals procmon and waited for a new login
- did both online and offline (rescue disks) scans with several virus / malware scanners
bitdefender, avast, malwarbytes, eset, kasparsky, tdskiller, gmer, NPE, aswmbr
No succes, but every day I got new false logins. I the connection changed from wifi to cable and the false login nicely comes back on the new IP address.
The laptop contains Windows 7 with SP1, avast and peerblock (not for p2p but to be a bit more on the safe side).
I was thinking of creating a dualboot with linux, but in the transition process the necesarry nfsmove failed in the middle.
Yes I had a backup :-)
No the false login still returns.
Anybody any ideas?