D-Link Forums

D-Link FAQ => Router FAQs => FAQs => Topic started by: consigliere on June 19, 2012, 07:25:32 PM

Title: I think I'm being hacked!
Post by: consigliere on June 19, 2012, 07:25:32 PM
My PC was diagnosed with several malware and trojan infections by experts in www.bleepingcomputer.com. After seemingly removing all the threats, there continues to be odd behaviour such as:
1. PC activity LED in the modem does not stop blinking while no applications are running,
2. Kaspersky notice appeared advising of 53 open network connections that would be closed if Kaspersky is disabled, which is odd since my home network is pretty small with 3 pc's and 3 networked peripheral devices,
3. My PC appears twice in the DHCP client list. One with a seemingly valid MAC address, the other one with a strange MAC address.

I reset my router to see if this would fix it but it continues to happen. Please help!
Title: Re: I think I'm being hacked!
Post by: FurryNutz on June 19, 2012, 07:30:00 PM
Try using MalWareBytes and to scan your PCs fully as a 2ndary measure.
Windows firewall enabled?
Router FW up to date?
Are you wired or wireless?
Setup DHCP reserved IP addresses for all devices ON the router.
Ensure devices are set to auto obtain an IP address.
What ISP do you have?
What ISP Modem do you have?
Buy a new router from someplace that has a return policy and see if the new router exhibits the same thing.

Title: Re: I think I'm being hacked!
Post by: consigliere on June 21, 2012, 05:07:46 PM
Malwarebytes detected nothing.
Windows firewall enabled
Router firmware up to date
Affected PC is hardwired to router, however, at any time, there are at least 3 wireless clients
DHCP is enabled on the router to assign IPs automatically
ISP is Atlantic Broadband, modem is Motorola SB5101
Router is Dlink WBR-1310
Over the weekend, I'll see if I can get my hands on a brand new router to test it. Thanks.
Title: Re: I think I'm being hacked!
Post by: mdklassen on January 05, 2013, 11:46:54 AM
> advising of 53 open network connections ...

From a command-line prompt:

  netstat -a -n -o | find "ESTABLISHED"

The '-o' option shows the PID -- in XP, open Windows Task Manager, click the 'Performance' tab,
click 'View', and enable showing of the 'PID' column.

Use the PID to correlate the open TCP/UDP connections with the process that is using each connection.