Portscanning problem in our home setup

[Frika]

It was kindly brought to my attention on the Avira forum that there is another forum with people who can help with malware detection and removal.
So I am posting my problem here again and hope that someone can help me solve this problem. One computer's Firewall (Avira) has been reporting a port scanner attack frequently lately. Two computers (Windows 10) are connected to our router. And the attacker's address is one of the two computers. So I suspect that the "attack" is coming from inside. A comprehensive malware detection with different apps did not bring any result. Is there any explanation why one computer is scanning the ports of the other? What can I do to find out which program is performing this port scanning action? This has been going on for about two weeks now. Is there any way to find out what application is doing this type of port scanning? Or is there an advanced scanning option to find out if the attacker's computer is infected?
Used the computers for work, media and browsing.
Thanks in advance

 

[nasdaq]

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The computers could be synced that would possibly explain why.

The find out more issues run this scan on the computer which is scanning the ports of the other computer.
Post the FRST.TXT and Addition.txt logs for my review.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====

 

[Frika]

Hello Nasdaq, I am glad that you are willing to help me. Is it a problem if the log files are in german? I could not set a language so the program just took the set computer setting (German).
Would it be possible to send the log files only to your hands?
Best Regards

 

[nasdaq]

Hi,

Just rename FRST to FRSTENGLISH.exe for English report.

Would it be possible to send the log files only to your hands?

No. If you get a reply from anybody else ignore it. I will see it and delete the message.

 

[Frika]

Attached the logfiles

 

[nasdaq]

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Before you do please execute this.

Comment: Delete/Restore quarantined files.

How to: Delete/Restore quarantined files.

Restore quarantined files in Microsoft Defender Antivirus

You can restore quarantined files and folders in Microsoft Defender Antivirus.

docs.microsoft.com

Follow the directives on the page to delete all the files in the quarantine folder.

Restart the computer when done.
<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

p.s.
If the problem persists and Edge is Synced with other devices follow this directive.

Edge Syncing.
If the problem persists and you are Syncing Edge with other devices reset it.

How to:

Turn On or Off Sync Microsoft Edge Settings across Windows 10 Devices

How to Turn On or Off Sync Microsoft Edge Settings across Windows 10 Devices

www.tenforums.com

Restart the computer to remove all traces.

If the problem persists and Chromium Edge is Synced with other devices disable it.

Open Microsoft Edge.
Click the Settings and more (three-dotted) button from the top-right.
Click the Settings option. ...
Click on Profiles.
Click the Sync option. ...
Click the Turn off sync button.

Restart the computer.

You can reset the Sync when all is well.

 

[Frika]

I now observe it for another day, thank you

 

[Frika]

Unfortunately, this morning when starting the 2nd computer was again a firewall message. And the address belongs again to the first computer which seemed to be cleaned now. Is there anything that can be used to track which program triggers these port scans?

 

[nasdaq]

Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

 

[Frika]

Here comes the FIxlog.txt.

 

[nasdaq]

Is the problem solved?

 

[Frika]

Is the problem solved?

 

[Frika]

Maybe, it doesn't look bad but give me a few more days to see if it stays that way. Thank you.