Solved Possible Network Intrusion.

Status
Not open for further replies.

Xeno1234

Level 14
Thread author
Jun 12, 2023
699
Programs can create temp files while running and delete them upon exit.
I do think there is a malware infection as show file extensions was disabled randomly. I’m not worried about malware since I plan on system resetting the system I just hope my entire network isn’t compromised - which according to you it seems like it isn’t.

Is this a safe website? I noticed this in my app privacy report but I can’t find a reference to it online.
 

Attachments

  • IMG_0008.jpeg
    IMG_0008.jpeg
    39.8 KB · Views: 51
F

ForgottenSeer 107474

Although my other posts may seem like I’m paranoid, I think this is a cause for concern.
Only when you see or feel the need for concern for new causes or issues all the time you could be considered a little paranoid. :)

But hey, you are among soul mates on MT, so you are not alone, repeat after me,

Hi my name is Lenny, I am a security software addict. I have to go into rehab now (my Linux desktop without security software) 😉
 
Last edited by a moderator:

Xeno1234

Level 14
Thread author
Jun 12, 2023
699
Only when you see or feel the need for concern for new causes or issues all the time you could be considered a little paranoid. :)
Since I’ve been hacked my mind has been racing wondering about new accounts and stuff. I’ve got myself the mentality of worrying about important accounts and nothing else until I get my PC back. I don’t care if my hypixel forums account is hacked, same with my like canva account.
 
Mar 10, 2024
474
Only when you see or feel the need for concern for new causes or issues all the time you could be considered a little paranoid. :)

But hey, you are among soul mates on MT, so you are not alone, repeat after me,

Hi my name is Lenny, I am a security software addict. I have to go into rehab now (my Linux desktop without security software) 😉
The soul mates here all cheat on the other and of course follows the mental/verbal abuse, and don't even get me started on therapy, the cost, the ineffectiveness and how controlling. 🤦🤔🤪🫣😁💪

Is this a safe website? I noticed this in my app privacy report but I can’t find a reference to it online.
Kinda why I have been posting about habits, uploading urls to VT is one of those.
 

Xeno1234

Level 14
Thread author
Jun 12, 2023
699
Kinda why I have been posting about habits, uploading urls to VT is one of those.
It’s 16 years old and clean. So it’s clean.

If a website is owned by “Google LLC”, is it safe? I know this sounds like a dumb question but I’m not sure if any websites using their domain service are also owned by Google LLC.
 
Mar 10, 2024
474
So does it automatically like read network and this have possible access to my network, or is it not enough to do that?
Going to need you to be more specific with what you are seeing with a file you said appeared with wireguard which I have detailed where it comes from.

What's the file doing, where and how are you being alerted to it's presence, ect.
 
  • Like
Reactions: Trident

Xeno1234

Level 14
Thread author
Jun 12, 2023
699
Going to need you to be more specific with what you are seeing with a file you said appeared with wireguard which I have detailed where it comes from.

What's the file doing, where and how are you being alerted to it's presence, ect.
I’m just wondering what that file is meant to do, I can only see that it is running multiple times even when I’m not using vpn from system temp.
 
Mar 10, 2024
474
I’m just wondering what that file is meant to do, I can only see that it is running multiple times even when I’m not using vpn from system temp.
This is why being specific is important. It was my understanding you only seen it the day after you spotted wireguard.

Overall the setuphostapi.dll is used to perform tasks such as driver management and system configuration.
 
  • Like
Reactions: Trident

Xeno1234

Level 14
Thread author
Jun 12, 2023
699
This is why being specific is important. It was my understanding you only seen it the day after you spotted wireguard.

Overall the setuphostapi.dll is used to perform tasks such as driver management and system configuration.
I saw it the day of noticing wireguard. I noticed wireguard by seeing the file.

Thank you though for telling me what the file does. I’ll probably not worry about it too much as I don’t think I can do much on a router level as I’m on my parents network and they say it’s fine even though I’ve brought this up.
 

Victor M

Level 9
Verified
Well-known
Oct 3, 2022
424
perform tasks such as driver management and system configuration
I’ll probably not worry about it too much as I don’t think I can do much on a router level
@Xeno1234 . According to what Practical Repsonse said, it has nothing to do with a router. The DLL is present on YOUR PC. It can configure/install drivers and install things. Drivers can be malware. The software that the DLL is installing can be malware. I also call hacking tools malware, but AV's may not notice them.
 
Last edited:

BSONE

Level 1
Feb 17, 2024
18
You need to engage more with the real world. Your family and friends are more important than the virtual world. Please talk to them.
 
  • Like
Reactions: Trident

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,763
I think it has been discussed now and made clear that the file could be legitimate. Without the file itself, it is difficult to provide more information.
This thread can now be locked, there is no solid evidence of intrusion.
 

Xeno1234

Level 14
Thread author
Jun 12, 2023
699
@Xeno1234 . According to what Practical Repsonse said, it has nothing to do with a router. The DLL is present on YOUR PC. It can configure/install drivers and install things. Drivers can be malware. The software that the DLL is installing can be malware. I also call hacking tools malware, but AV's may not notice them.
That’s better than a network intrusion. Ill usb reset it later today.
 
Mar 10, 2024
474
That’s better than a network intrusion. Ill usb reset it later today.
As I stated previously, you seen the file most likely after installation and configuration of the wintun driver associated with wireguard, which we already discussed is the protocol used by Kaspersky VPN.

Wintun is a driver that provides a network adapter for user space programs to read and write packets.

If you need further confirmation I would suggest the malware removal part of the forum and let them help you. At this time, without the file as stated above there is no way to determine.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top