Portscanning problem in our home setup

Status
Not open for further replies.

Frika

New Member
Thread author
Sep 28, 2023
11
It was kindly brought to my attention on the Avira forum that there is another forum with people who can help with malware detection and removal.
So I am posting my problem here again and hope that someone can help me solve this problem. One computer's Firewall (Avira) has been reporting a port scanner attack frequently lately. Two computers (Windows 10) are connected to our router. And the attacker's address is one of the two computers. So I suspect that the "attack" is coming from inside. A comprehensive malware detection with different apps did not bring any result. Is there any explanation why one computer is scanning the ports of the other? What can I do to find out which program is performing this port scanning action? This has been going on for about two weeks now. Is there any way to find out what application is doing this type of port scanning? Or is there an advanced scanning option to find out if the attacker's computer is infected?
Used the computers for work, media and browsing.
Thanks in advance
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,413
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The computers could be synced that would possibly explain why.

The find out more issues run this scan on the computer which is scanning the ports of the other computer.
Post the FRST.TXT and Addition.txt logs for my review.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
 

Frika

New Member
Thread author
Sep 28, 2023
11
Hello Nasdaq, I am glad that you are willing to help me. Is it a problem if the log files are in german? I could not set a language so the program just took the set computer setting (German).
Would it be possible to send the log files only to your hands?
Best Regards
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,413
Hi,

Just rename FRST to FRSTENGLISH.exe for English report.

Would it be possible to send the log files only to your hands?

No. If you get a reply from anybody else ignore it. I will see it and delete the message.
 

Frika

New Member
Thread author
Sep 28, 2023
11
Attached the logfiles
 

Attachments

  • FRST.txt
    44.5 KB · Views: 2
  • Addition.txt
    55.9 KB · Views: 3

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,413
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Before you do please execute this.

Comment: Delete/Restore quarantined files.

How to: Delete/Restore quarantined files.

Follow the directives on the page to delete all the files in the quarantine folder.

Restart the computer when done.
<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

p.s.
If the problem persists and Edge is Synced with other devices follow this directive.

Edge Syncing.
If the problem persists and you are Syncing Edge with other devices reset it.

How to:

Restart the computer to remove all traces.

If the problem persists and Chromium Edge is Synced with other devices disable it.

Open Microsoft Edge.
Click the Settings and more (three-dotted) button from the top-right.
Click the Settings option. ...
Click on Profiles.
Click the Sync option. ...
Click the Turn off sync button.

Restart the computer.

You can reset the Sync when all is well.
 

Attachments

  • Fixlist.txt
    3.9 KB · Views: 3

Frika

New Member
Thread author
Sep 28, 2023
11
I now observe it for another day, thank you
 

Attachments

  • Fixlog.txt
    130.7 KB · Views: 1

Frika

New Member
Thread author
Sep 28, 2023
11
Unfortunately, this morning when starting the 2nd computer was again a firewall message. And the address belongs again to the first computer which seemed to be cleaned now. Is there anything that can be used to track which program triggers these port scans?
 

Attachments

  • Screenshot 2023-10-04 110118.jpg
    Screenshot 2023-10-04 110118.jpg
    33.3 KB · Views: 4

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,413
Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.
 

Attachments

  • Fixlist.txt
    655 bytes · Views: 10

Frika

New Member
Thread author
Sep 28, 2023
11
Here comes the FIxlog.txt.
 

Attachments

  • Fixlog.txt
    9.6 KB · Views: 4

Frika

New Member
Thread author
Sep 28, 2023
11
Maybe, it doesn't look bad but give me a few more days to see if it stays that way. Thank you.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top