Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep having SMART ARP ATTACKS.


  • This topic is locked This topic is locked
19 replies to this topic

#1 cadeteh

cadeteh

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 07 August 2016 - 12:08 AM

Hi, I was downloading a torrent a week ago and after that I saw my firewall antivirus (Panda GOLD protection) was detecting SMART ARP attacks from Source MAC 4C:0B:BE:32:30:44 so I requested help in my last topic, and it worked for a few hours but my antivirus firewall detected the same SMART ARP attacks from the same MAC, then I blocked the MAC from my firewall and now it detects Intrusion Attempts and Access Attempts from the IP of Teamviewer and other IP and i dont now what to do now.

 



BC AdBot (Login to Remove)

 


#2 cadeteh

cadeteh
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 07 August 2016 - 12:12 AM

I Cant post THE FRST LOG IN HERE CAUSE IT SAYS IT WAS TOO LONG SO I ATTACHED THEM.

Attached Files



#3 cadeteh

cadeteh
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 07 August 2016 - 10:14 AM

192.168.1.64 its an ip from france that wants to attack me help me plz. :(

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 12 August 2016 - 12:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/622604 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 cadeteh

cadeteh
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 12 August 2016 - 03:01 PM

I keep having SMART ARP ATTACKS FROM IP 239.255.255.250 and 224.0.0.251



#6 cadeteh

cadeteh
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 12 August 2016 - 03:05 PM

these are new FRST LOGS


PD: i dont have the original windows cd/dvd

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:28 PM

Posted 15 August 2016 - 07:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\cpu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-25]
C:\Users\cpu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {16CC4B13-C4F5-4D0B-B9AD-127FAFDC3D50} - \{56ED403C-91B0-4B38-92C1-66E89F6643F2} -> No File <==== ATTENTION
Task: {6BB0A14F-0E4B-4977-9792-98279FAA5952} - \{FE61D6E6-C562-4334-BC81-91FDC08C1AAB} -> No File <==== ATTENTION
Task: {FD4E6EB8-9F66-47D3-A2AB-F9CD4155A9BE} - \SafeZone scheduled Autoupdate 1469829566 -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:3BBB40F138830B1B [1]
AlternateDataStreams: C:\Users\All Users:3BBB40F138830B1B [1]
AlternateDataStreams: C:\ProgramData\Datos de programa:3BBB40F138830B1B [1]
AlternateDataStreams: C:\ProgramData\PACE:35D374404670D194 [217]
HKU\S-1-5-21-3705738826-2889361319-2203145478-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persist run this Panda Cloud cleaner.
http://support.pandasecurity.com/forum/viewtopic.php?f=68&t=16

Please post the log and let me know if the problem persists.

#8 cadeteh

cadeteh
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 15 August 2016 - 03:04 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2016
Ran by cpu2 (15-08-2016 09:56:51) Run:2
Running from C:\Users\cpu2\Downloads
Loaded Profiles: cpu2 (Available Profiles: cpu2)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\cpu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-25]
C:\Users\cpu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {16CC4B13-C4F5-4D0B-B9AD-127FAFDC3D50} - \{56ED403C-91B0-4B38-92C1-66E89F6643F2} -> No File <==== ATTENTION
Task: {6BB0A14F-0E4B-4977-9792-98279FAA5952} - \{FE61D6E6-C562-4334-BC81-91FDC08C1AAB} -> No File <==== ATTENTION
Task: {FD4E6EB8-9F66-47D3-A2AB-F9CD4155A9BE} - \SafeZone scheduled Autoupdate 1469829566 -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:3BBB40F138830B1B [1]
AlternateDataStreams: C:\Users\All Users:3BBB40F138830B1B [1]
AlternateDataStreams: C:\ProgramData\Datos de programa:3BBB40F138830B1B [1]
AlternateDataStreams: C:\ProgramData\PACE:35D374404670D194 [217]
HKU\S-1-5-21-3705738826-2889361319-2203145478-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found. 
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\Users\cpu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => not found
"C:\Users\cpu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16CC4B13-C4F5-4D0B-B9AD-127FAFDC3D50} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{56ED403C-91B0-4B38-92C1-66E89F6643F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BB0A14F-0E4B-4977-9792-98279FAA5952}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BB0A14F-0E4B-4977-9792-98279FAA5952}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FE61D6E6-C562-4334-BC81-91FDC08C1AAB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FD4E6EB8-9F66-47D3-A2AB-F9CD4155A9BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD4E6EB8-9F66-47D3-A2AB-F9CD4155A9BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SafeZone scheduled Autoupdate 1469829566" => key removed successfully
C:\ProgramData => ":3BBB40F138830B1B" ADS removed successfully.
"C:\Users\All Users" => ":3BBB40F138830B1B" ADS not found.
"C:\ProgramData\Datos de programa" => ":3BBB40F138830B1B" ADS not found.
C:\ProgramData\PACE => ":35D374404670D194" ADS removed successfully.
"HKU\S-1-5-21-3705738826-2889361319-2203145478-1001\Software\Classes\regfile" => key removed successfully
 
========= ipconfig /flushdns =========
 
 
Configuraci¢n IP de Windows
 
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Configuraci¢n IP de Windows
 
 
Adaptador de Ethernet Ethernet:
 
   Sufijo DNS espec¡fico para la conexi¢n. . : 
   Direcci¢n IPv6 . . . . . . . . . . : fd4c:fb45:57b5:aa00:f916:769f:c152:c5ec
   Direcci¢n IPv6 temporal. . . . . . : fd4c:fb45:57b5:aa00:c531:df56:1c9b:7901
   V¡nculo: direcci¢n IPv6 local. . . : fe80::f916:769f:c152:c5ec%9
   Puerta de enlace predeterminada . . . . . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Configuraci¢n IP de Windows
 
 
Adaptador de Ethernet Ethernet:
 
   Sufijo DNS espec¡fico para la conexi¢n. . : gateway.huawei.net
   Direcci¢n IPv6 . . . . . . . . . . : fd4c:fb45:57b5:aa00:f916:769f:c152:c5ec
   Direcci¢n IPv6 temporal. . . . . . : fd4c:fb45:57b5:aa00:c531:df56:1c9b:7901
   V¡nculo: direcci¢n IPv6 local. . . : fe80::f916:769f:c152:c5ec%9
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.72
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.254
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 852865 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17401648 B
Java, Flash, Steam htmlcache => 150708336 B
Windows/system/drivers => 280 B
Edge => 10476 B
Chrome => 376055577 B
Firefox => 229376 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 22662140 B
NetworkService => 55160 B
cpu2 => 4872066 B
 
RecycleBin => 24897518 B
EmptyTemp: => 570.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:57:20 ====


#9 cadeteh

cadeteh
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 15 August 2016 - 03:07 PM

I did a scan with panda cloud cleaner and still keep getting intrusion attempts and access attempts 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:28 PM

Posted 16 August 2016 - 08:05 AM

Panda is most likely protecting you.

Is there an option in the program that can stop these messages from being shown.

I have Norton 360 and if I wanted I could see when it's blocking the attacks. But I choose not to see them.

#11 cadeteh

cadeteh
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 16 August 2016 - 11:22 PM

I changed antivirus to 360 total security and installed windows firewall control, dont know if I did good.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:28 PM

Posted 17 August 2016 - 08:30 AM

Work with the computer for a couple of days.

Let me know of any issues?

#13 cadeteh

cadeteh
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 17 August 2016 - 11:43 PM

I searched in regedit remotecontrol and it appeared :/

 

 

 

 

 

 

 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:28 PM

Posted 18 August 2016 - 08:29 AM



Please run the Farbar Recovery Scan Tool. Enter remotecontrol in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#15 cadeteh

cadeteh
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 18 August 2016 - 09:26 AM

Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by cpu2 (18-08-2016 09:26:04)
Running from C:\Users\cpu2\Desktop
Boot Mode: Normal
 
================== Search Registry: "remotecontrol" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBD71B6B-F717-4A61-A914-2337BC50B0D6}]
""="WBEM WIN32_TSREMOTECONTROLSETTING Provider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\SecuredHostProviders]
"Root\cimv2\TerminalServices:__Win32Provider.Name="Win32_WIN32_TSREMOTECONTROLSETTING_Prov""="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"RemoteControl"="0x03000000F015B586DEF7D101"
 
====== End of Search ======





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users