Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer hacked


  • Please log in to reply

#31
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Hi Ron,

 

possible, about six month ago I had problems with getting internet accssess, after trying out all sorts of things because I was scared it was a problem with my computer and the internet provider would charge me for services, I replaced my old router with a new one, thats what did the job.

 


  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

What make and model router do you have?  You need to log on to it and change the default passwords to increase your security.


  • 0

#33
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Last night Windows tried to make an update but computer got frozen, so I turned off updates for the moment after it failed second time round too. It also overheated after that.
 

Name of router is NETGEAR Router WNR1000v3.

 

When I go to online Router Login/ advanced/administration/set password and I click it there is this moving circle for a second and then nothing happens, I use the default passwords.
 


Edited by janji, 12 February 2015 - 04:54 AM.

  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

The default login and password for your router is admin and password.  Your router has IP address of 192.168.1.1

 

If you open a browser and point it at your router (192.168.1.1) then login with admin and password password.it should let you in.  The first thing it wants to do is check for an update:

 

The Firmware Upgrade Assistant screen will display. 3. Click Yes to check for new firmware (recommended). The router will automatically check the NETGEAR database for a new firmware image file. If no new firmware version is available, the message “No New Firmware Version Available” will display. (If you select “No,” you can check for new firmware later; see the online User Manual.) 4. If new firmware is available, click Yes, and the router will automatically upgrade itself with the latest firmware.

 

 

It says under Maintenance on the Main Menu should be Set Password

 

I'm looking at the user manual:

 

http://www.downloads...M_21OCT2010.pdf  Page 38-39


  • 0

#35
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Hi Ron,

 

I've updated the firmware and reset the password, is there anything else I can do?


  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Let's try a traceroute:

 

copy the 4 next lines:


 

tracert google.com > \junk.txt
tracert -d f1.com >> \junk.txt arp -a >> \junk.txt netstat -rn >> \junk.txt notepad \junk.txt

 

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
Tracert will show the path the packets take on their way to google and to f1.  It's unlikely but possible that the new router has been tampered with and this should show if it goes where it should.  Will take a few minutes to complete.  arp -a will show us what else is connected to your local network.  We only care about the dynamic ones.  192.168.1.1 is your router and top entry will be your PC which is usually 192.168.1.2.  iphones, tablets, etc will also show up if they have been active recently.  netstat looks at your routing table to make sure it hasn't been tampered with.
 
If you go back into your router can you find the DNS address that it is using when it talks to your ISP?  This is normally assigned using DHCP but it would be possible to put in a static entry and send your packets to a bogus proxy.

  • 0

#37
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I copy and pasted the four lines, waited a bit and then hit enter but notepad didn't open, only C:Windows\system32> appeared. Have attached screenshot.

Attached Thumbnails

  • Capture.PNG

  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

I lost the format somehow.  Let's try again:

tracert google.com > \junk.txt
tracert -d f1.com >> \junk.txt 
arp -a >> \junk.txt 
netstat -rn >> \junk.txt 
notepad \junk.txt

  • 0

#39
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Got it:

Tracing route to google.com [173.194.112.174]
over a maximum of 30 hops:

  1    <1 ms     1 ms     1 ms  192.168.1.1
  2    11 ms     9 ms     9 ms  10.205.128.1
  3     9 ms     9 ms    17 ms  de-fra04a-ra1-ae10-1040.fra.unity-media.net [80.69.103.81]
  4     8 ms    28 ms    12 ms  de-fra04a-rc1-ae8.fra.unity-media.net [81.210.129.225]
  5    11 ms    11 ms    21 ms  7111a-mx960-01-ae1.fra.unity-media.net [81.210.129.234]
  6    49 ms    49 ms    49 ms  72.14.213.197
  7    10 ms    11 ms     8 ms  72.14.238.46
  8     9 ms     9 ms     9 ms  72.14.238.57
  9     9 ms     8 ms    16 ms  fra07s32-in-f14.1e100.net [173.194.112.174]

Trace complete.

Tracing route to f1.com [69.58.188.49]
over a maximum of 30 hops:

  1     1 ms    <1 ms    <1 ms  192.168.1.1
  2     9 ms     9 ms     8 ms  10.205.128.1
  3    35 ms     8 ms     7 ms  80.69.103.81
  4    48 ms    29 ms    34 ms  81.210.129.225
  5    20 ms    19 ms    21 ms  84.116.132.17
  6    69 ms    29 ms    21 ms  84.116.133.14
  7    52 ms    20 ms    21 ms  195.66.225.46
  8    91 ms    91 ms    91 ms  199.7.62.59
  9    93 ms    94 ms    97 ms  199.7.62.18
 10   110 ms   105 ms   104 ms  199.16.95.58
 11    94 ms    95 ms   103 ms  69.58.176.194
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

Trace complete.

Interface: 192.168.1.3 --- 0x13
  Internet Address      Physical Address      Type
  192.168.1.1           4c-60-de-33-e9-4c     dynamic   
  192.168.1.255         ff-ff-ff-ff-ff-ff     static    
  224.0.0.22            01-00-5e-00-00-16     static    
  224.0.0.251           01-00-5e-00-00-fb     static    
  224.0.0.252           01-00-5e-00-00-fc     static    
  239.255.255.250       01-00-5e-7f-ff-fa     static    
  255.255.255.255       ff-ff-ff-ff-ff-ff     static    
===========================================================================
Interface List
 23...00 ff 79 d9 fe ac ......Anchorfree HSS VPN Adapter #2
 21...00 ff c1 ae 10 c1 ......Anchorfree HSS VPN Adapter
 20...1e ac 4c 0a f2 4d ......Microsoft Virtual WiFi Miniport Adapter #2
 19...5c ac 4c 0a f2 4d ......Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
 14...c8 0a a9 f3 0d be ......Realtek PCIe FE Family Controller #2
  1...........................Software Loopback Interface 1
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 28...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 51...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 53...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 54...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 28     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 28     58 2001::/32                On-link
 28    306 2001:0:5ef5:79fd:2859:104e:4d35:e0e0/128
                                    On-link
 19    281 fe80::/64                On-link
 28    306 fe80::/64                On-link
 28    306 fe80::2859:104e:4d35:e0e0/128
                                    On-link
 19    281 fe80::3910:5e71:6d7c:76b/128
                                    On-link
  1    306 ff00::/8                 On-link
 28    306 ff00::/8                 On-link
 19    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

Interface: 192.168.1.3 --- 0x13
  Internet Address      Physical Address      Type
  192.168.1.1           4c-60-de-33-e9-4c     dynamic   
  192.168.1.255         ff-ff-ff-ff-ff-ff     static    
  224.0.0.22            01-00-5e-00-00-16     static    
  224.0.0.251           01-00-5e-00-00-fb     static    
  224.0.0.252           01-00-5e-00-00-fc     static    
  239.255.255.250       01-00-5e-7f-ff-fa     static    
  255.255.255.255       ff-ff-ff-ff-ff-ff     static   


  • 0

#40
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

 


If you go back into your router can you find the DNS address that it is using when it talks to your ISP?  This is normally assigned using DHCP but it would be possible to put in a static entry and send your packets to a bogus proxy.

 

 

Does this help?


Edited by janji, 12 February 2015 - 12:55 PM.

  • 0

Advertisements


#41
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

OK.  It doesn't show anything suspicious.


  • 0

#42
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Great. I removed attachement.


  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

I take that back.  Something odd with your traceroute compared to what your router claims.  Your tracert says you go to 

 

  1    <1 ms     1 ms     1 ms  192.168.1.1  <==First stop is your router.
  2    11 ms     9 ms     9 ms  10.205.128.1  <==I do not know where this is.  The 10. net is a private one.  Don't see how the router can get here.  Your router says it has 178.202.31.31
  3     9 ms     9 ms    17 ms  de-fra04a-ra1-ae10-1040.fra.unity-media.net [80.69.103.81]

 

80.69.100.198 is your DNS and it matches with the 3rd hop so it's probably OK.  Perhaps the ISP's router has multiple IP addresses assigned and is reporting the primary address rather than the secondary.  These are in or near Cologne Germany.  Does that sound right?  You have HotSpot Shield installed and that may also be playing games tho it shouldn't mess with the router.


  • 0

#44
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I'm staying in Frankfurt, Germany and use Unitymedia. I'm not sure why it's set to the US but maybe because of the English language selection for Netgear.


  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Good to know.  I was thinking you were in the UK because your OTL scan said the PC was running a UK version of Windows.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP