G
Gregory_Beck
My router was hacked and they were able to install a root virus on my Mac. Everytime I plug the Mac in the router locks me out. I can see the virus code constantly working to access the network and change the router settings even though I removed it from the network. I changed the router password and security, now that the infected Mac is not on the network the router settings remain correct.
I am trying to make sense of the logs on the windows machines on my network to see if any/all have been hacked. I ran Windows antivirus, security checks and Kaspersky TDSSkiller but found nothing but also found nothing on the Mac. I don't know what is normal security events or even if that is where I should be looking for root virus activity. I brought a clean rarely used computer home from work and accessed the locked network with no other computers attached, only android phones/tablets. The security event ID codes have been consistent for months - Audit Failure Microsoft Windows security Event ID 5152 Filtering Platform Packet Drop up until recently.
Now recently I noticed different codes showing up on this clean Windows machine-
Audit Success 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5379 User Account Management
Audit Failure 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5152 Filtering Platform Packet Drop
Audit Failure 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5152 Filtering Platform Packet Drop
Audit Failure 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5152 Filtering Platform Packet Drop
Audit Failure 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5152 Filtering Platform Packet Drop
Audit Success 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5379 User Account Management
Audit Failure 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5152 Filtering Platform Packet Drop
Audit Success 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5379 User Account Management
Audit Success 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5379 User Account Management
Audit Failure 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5152 Filtering Platform Packet Drop
Are these normal or have I somehow corrupted another PC even thought the router password has not changed? I don't have any idea if one of the android devices copied code to this clean PC, highly unlikely.
Any help on how to determine if this or any of the other Windows machines are compromised would be appreciated. The only one I am positive about is the Mac. I can provide more info if it would help figure this out.
Thanks!
Continue reading...
I am trying to make sense of the logs on the windows machines on my network to see if any/all have been hacked. I ran Windows antivirus, security checks and Kaspersky TDSSkiller but found nothing but also found nothing on the Mac. I don't know what is normal security events or even if that is where I should be looking for root virus activity. I brought a clean rarely used computer home from work and accessed the locked network with no other computers attached, only android phones/tablets. The security event ID codes have been consistent for months - Audit Failure Microsoft Windows security Event ID 5152 Filtering Platform Packet Drop up until recently.
Now recently I noticed different codes showing up on this clean Windows machine-
Audit Success 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5379 User Account Management
Audit Failure 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5152 Filtering Platform Packet Drop
Audit Failure 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5152 Filtering Platform Packet Drop
Audit Failure 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5152 Filtering Platform Packet Drop
Audit Failure 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5152 Filtering Platform Packet Drop
Audit Success 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5379 User Account Management
Audit Failure 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5152 Filtering Platform Packet Drop
Audit Success 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5379 User Account Management
Audit Success 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5379 User Account Management
Audit Failure 3/2/2021 2:26:25 PM Microsoft Windows security auditing. 5152 Filtering Platform Packet Drop
Are these normal or have I somehow corrupted another PC even thought the router password has not changed? I don't have any idea if one of the android devices copied code to this clean PC, highly unlikely.
Any help on how to determine if this or any of the other Windows machines are compromised would be appreciated. The only one I am positive about is the Mac. I can provide more info if it would help figure this out.
Thanks!
Continue reading...