Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ongoing efforts of hacking likely by printer + prob. rootkit virus now


  • Please log in to reply
1 reply to this topic

#1 fx2017

fx2017

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 10 November 2017 - 08:57 AM

Dear forum members,

 

I do have two items burning on my nails, but for which I found no infos yet on the net. It would be great if you could point me in the right direction!

 

 

The first is, that I assume that my Brother ink printer seems to be repeatedly attacked: It appeared as a distinct drive in the explorer, it tried to execute something with administrator rights without any prompt, becomes active on its own and so on. I read an article that printers were mass-hacked by a 15 year old some time ago and I guess it is something like this.

But I found nothing on how to disable WAN, bluetooth and other non-LAN interfaces. I have them at not activated in the printer menue, but if it's like the mobile phones then this means nothing. You likely have to deactivate some other services as well.

Do you have any suggestion how to prevent the printer being an open door?

 

 

The second is that I am likely now having a root virus or something of that calibre installed by the attackers. A short bar without window appeared for some time after windows surface started and then dissapeared. My outlook webexchange mail client started to act strange like dropping the html format for txt only or no longer holding mails under work. And finally, I have a brand new windows update waiting for me without any further information. Avira, Kapersky and Malaware found nothing.

I assume I have to reinstall. But how to defend against such directed hostile attacks? I had similar experiences earlier this year and re-installed as well. I can't hardly re-install every 6 months.

 

 

My system: WIN 7 all updated until 9.11.2017 for described reasons, former Avira/now Kapersky+Comodo Firewall

I use LAN for the PC and WLAN for other devices, the printer is connected by cable.

 

 

It would be great if some experts have some thoughts about this.

 

Thanks in advance and best regards

 

Frank

 



BC AdBot (Login to Remove)

 


m

#2 fx2017

fx2017
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 10 November 2017 - 09:09 AM

Some additional information: Remote printing services are always concerned by any system restore I did. Now, system restore does no longer work as the points have been disabled by making them unreadable. That is why I think it is a root kit.

 

I also observed that my PC did not go into sleeping mode during the night and, when checking, found that it was the printer preventing it. This behavior disappeared when reinstalling the printer software only to resume some time later.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users