Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I do not know what is going on


  • Please log in to reply
No replies to this topic

#1 Annylu

Annylu

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:50 AM

Posted 04 April 2018 - 10:51 AM

Hello guys,
I am new on these forums and I do not know whether I have became paranoid about security.
I apologize for describing many problems at the same time, but I do not know what is going on :( or if they are related,  thank you in advance.

A couple of months ago I bought a WiFi Linksys router. I installed the device, changed the default credentials, disabled remote management and downloaded the WiFi router management App on my phone. The router is connected to a PC (Windows 8) via Ethernet cable, then the Internet cable to the router, no modem. My other devices are connected through WiFi, including another wireless PC (Windows 8.1).

Everything was working fine, but couple of weeks ago Avast! network scan on the PC wired to the router showed the message "your device is not configured correctly/It is vulnerable from within your network/attackers can control completely this device". Solution: disable this device/update the firmware if possible appeared. Tech support told me it was no problem. Suddenly my AV show no message for a couple of days, then it started again, this time every day. For weeks Support  kept telling me it was a "false posive" coming from my AV since my other PC (wireless and using McAfee) was not showing me anything (does not have the option) I decided to look for the problem within Avast! and it was not a " false positive" but the firmware.
After weeks waiting for a new firmware and checking my network everyday, I bought an Asus router. Went to the page to return the other one and there was a firmware update. Using just the Ethernet cable I changed passwords and checked the security, run the network scan and this time: "your device is problem-free".

Then, what is the problem?
I do not know if my router was compromised even if my AV never showed more than advices and now is telling me everything is OK (that happened before).

With the new firmware the option to disable the router remote management does not exist anymore. Just the option to disable WiFi management but if I do that, the App does not work.
I have the firewall router enabled, NAT enabled, WPS disabled, UPnP disabled and automatic DNS.

Following some some post I have performed some task, I have not experience so I did what I thought was no dangerous, I hope.

I installed Malwarebytes and found two PUM on the wired PC and one on the wireless PC. I removed them and I started the secure mode on both, without internet connection and run disk cleaner, then I run Malwarebytes again, found no threats and then my AVs (none of them had detected them). My Samsung tablet also has Malwarebytes and it says "your device is safe."

I checked the wired PC for open ports and all were stealth, exept for a closed one: "Port 1035 Multidropper/unknown protocol for this port." The next scan found the 1034 closed but the description was not available, also confirmed the UPnP port was closed.

McAfee running in the wireless PC shows me the incoming connections blocked at real time, but yesterday it started showing me two or three recurrent IP addresses trying to get connection, they start with the same digits and change the three of the middle or the last ones, and it says "the source IP is on your local network"  I check my network App and everything seems OK. But I do not know what does this mean...

Today showed two IP addresses described as UDP/TCP ports saying "if more connections are attempted, maybe you should report the incident" but why, where or how???
I have also noticed that the page logo in the bookmarks tool changes. For example, when I open "Apple" the next day the logo is showed in the "my kitchen" bookmark instead of the site original logo... Is this a problem?
I have started signing in as a guest.
I run F- secure router checker: no issues found. Now I am using Fing, too

It has something to do with the router, with the PCs or something else? Maybe do I need to change my AVs too... I still have the new router (withTrend Micro included to protect it) but I do not know if I should sart using it before knowing what is going on.

Your help will be much appreciated. Thank you!

Mod Edit..moved fro AII to Win 8.1 ~~ boopme

Edited by boopme, 04 April 2018 - 12:35 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users