[my_name]

I just saw something about a program called RKill that's supposed to aid in detecting botnets and other malware when other programs can't see these things.  Do you know anything about this program?

[Advertisements]

You're welcome, my_name.

Hold off for a moment with you question about RKill, please... Thank you.

Did you intentionally install potplayer, winpcap and wireshark?

It is best to uninstall from the Control Panel to ensure a clean uninstall.

Do you use your ISP client for your email or some other client?

[DonnaB]

You're welcome, my_name.

Hold off for a moment with you question about RKill, please... Thank you.

Did you intentionally install potplayer, winpcap and wireshark?

It is best to uninstall from the Control Panel to ensure a clean uninstall.

Do you use your ISP client for your email or some other client?

[my_name]

Potplayer is my video playing software and wireshark is something I recently downloaded to try to detect the botnet activity, but I couldn't figure out how to use it. Is winpcap associated with wireshark?

I don't understand your other question about email client.

[DonnaB]

Winpcap and wireshark both are similar in nature that they both monitor networks.

I don't understand your other question about email client.

Do you use an email client provided by your Internet Service Provider (ISP) or another such as Yahoo, Gmail, etc?

[my_name]

I use Outlook (MSN) for my email mostly with Microsoft's mail software on the computers, occasionally gmail, but nothing from my ISP.  

 

I'm getting very sporadic or no email alerts about your replies on this forum.  I haven't figured out why, but 2 nights in a row I got about 5 email alerts in a row from Geeks to Go with your responses from either earlier in the day or the previous night.  Occasionally, I got an instant email alert about your reply, but it's very strange, they are mostly many hours late or next day late.  I haven't noticed any other problems with receiving emails.

[DonnaB]

Ok thank you for the email information. May I ask who your ISP is?

What is the make and model of your router.

[my_name]

Our ISP is just a small local company that uses fixed wireless technology for rural customers.  Our router is a TP-Link  TL-WR841N

[DonnaB]

Hi my_name,

Is your ISP Congent Communications or PSINET INC.? I found an interesting thread here pointing out that Congent is buying out PSINET and you're not the only one experiencing issues.

What I found pretty much confirms my thoughts. This is an ISP issue and your systems are not infected. We can bypass all the heartache you are experiencing by following the instructions I found for you in your routers owner manual.

The instructions for TCP/IP configuration can be found here and the instructions to configure your PC(s) can be found here, unfortunately they are for Windows XP. I found the instructions for Windows 10 here.

If you are not comfortable doing this on your own or have trouble with the instructions and would like for me to prepare some easier to understand instructions for you I would be more than happy to do that, though it is getting late and I need to sign off for the night (work tomorrow ). Let me know how you get along and tomorrow we can pick up where we left off.

Donna

[my_name]

Thank you so much, Donna, for your patience and research into this situation.  It sounds like I am in kind of an unusual setup with my internet situation.  After you started mentioning these things about the network, I did some research online and found out some things I didn't know anything about before.  I am far from an expert in networking, and this is just what I was piecing together from internet research.  It seems like our ISP is buying their internet from Cogent Communications.  Our WAN IP address on our router's administrative page shows a private 192.... address, which indicates, apparently, that we don't have our own public IP address and must be sharing it with other people, in what is called a double NAT.  (Maybe the malware infections are coming from someone else's network, since the IP address is being shared?)

 

If this is in fact the case, do you think the steps for setting up a static IP on Windows will work in our situation? It's all very confusing for me, but I think we finally are getting somewhere with this.  You were on the right trail, all this time, with checking into the network. 

[DonnaB]

Good morning my_name,

Networking is not my specialty either and I would never have guessed from the start this is where your problem would lead us. I had never heard of such a setup. I live in a small town (don't blink or you'll miss it) myself but I do not partake in the ISP provider offered here. I wonder if the setup is the same? I bet it is and your situation is not as unusual as we think...

If this is in fact the case, do you think the steps for setting up a static IP on Windows will work in our situation?

I do believe this to be the case and setting up a static IP should fix this. Give it a go and let me know how it turns out.

[my_name]

It looks like changing the public IP address to static has to be done through the internet provider, which won't work due to their limitations.  So, is it safe to use all my passwords again on the 2 computers we cleaned?  What about the 3rd one, do you think we should scan that one to be sure?

[DonnaB]

Hi my_name,

Have you contacted your ISP to see what they had to say? Let's check the router logs to see if they tell us anything before we check the last computer. The instructions to find those logs are found on Page 62 under 4.12.7 System log. Not sure if there is a way to copy and paste them into the reply box so you may have to take a screen shot and attach to the post.

[my_name]

I am attaching the system log for the router.  Is this what you were asking about?

Attached Files

•  Syslog.txt   15.55KB   182 downloads

[DonnaB]

Hi my_name,

Sorry for the delay again. I have been reading through the manual for your router and can't seem to find what I am looking for. I am looking for the firewall log. Is the firewall enabled on your router? If so, I would think that it would keep a log. Can you check that out for me and let me know, please?

[my_name]

I'm sorry, Donna, I'm really clueless with this stuff.  I don't know.  I do know the router has a built-in firewall and it's on, that's all.

 

Are you confident that the 2 computers we cleaned up are malware-free and I would be safe to do my financial business on them again?