Solved Possible Network Intrusion.

[harlan4096]

Probably because some settings were set again to default.

Go to Settings -> Interface Settings -> Notifications -> Notifications Settings -> Intrusion Prevention

 

[valvaris]

That is what MalwareTips is all about. Great ppl helping out others Awesome!!!

 

[Xeno1234]

Programs can create temp files while running and delete them upon exit.

I do think there is a malware infection as show file extensions was disabled randomly. I’m not worried about malware since I plan on system resetting the system I just hope my entire network isn’t compromised - which according to you it seems like it isn’t.

Is this a safe website? I noticed this in my app privacy report but I can’t find a reference to it online.

 

[ForgottenSeer 107474]

Although my other posts may seem like I’m paranoid, I think this is a cause for concern.

Only when you see or feel the need for concern for new causes or issues all the time you could be considered a little paranoid.

But hey, you are among soul mates on MT, so you are not alone, repeat after me,

Hi my name is Lenny, I am a security software addict. I have to go into rehab now (my Linux desktop without security software)

 

[Xeno1234]

Only when you see or feel the need for concern for new causes or issues all the time you could be considered a little paranoid.

Since I’ve been hacked my mind has been racing wondering about new accounts and stuff. I’ve got myself the mentality of worrying about important accounts and nothing else until I get my PC back. I don’t care if my hypixel forums account is hacked, same with my like canva account.

 

[ForgottenSeer 109138]

Only when you see or feel the need for concern for new causes or issues all the time you could be considered a little paranoid.

But hey, you are among soul mates on MT, so you are not alone, repeat after me,

Hi my name is Lenny, I am a security software addict. I have to go into rehab now (my Linux desktop without security software)

The soul mates here all cheat on the other and of course follows the mental/verbal abuse, and don't even get me started on therapy, the cost, the ineffectiveness and how controlling. 🫣

Is this a safe website? I noticed this in my app privacy report but I can’t find a reference to it online.

Kinda why I have been posting about habits, uploading urls to VT is one of those.

 

[Xeno1234]

Kinda why I have been posting about habits, uploading urls to VT is one of those.

It’s 16 years old and clean. So it’s clean.

If a website is owned by “Google LLC”, is it safe? I know this sounds like a dumb question but I’m not sure if any websites using their domain service are also owned by Google LLC.

 

[ForgottenSeer 109138]

If a website is owned by “Google LLC”, is it safe? I know this sounds like a dumb question but I’m not sure if any websites using their domain service are also owned by Google LLC.

It's always good to check the legitimacy "research it" and also scan the URL of the websites.

 

[Xeno1234]

@Bot, do you or any other members know what setuphostapi.dll from WireGuard does?

 

[ForgottenSeer 109138]

@Bot, do you or any other members know what setuphostapi.dll from WireGuard does?

Yes, it is a configuration file from building the wintun driver as part of wireguard as I already stated.

 

[Xeno1234]

Yes, it is a configuration file from building the wintun driver as part of wireguard as I already stated.

So does it automatically like read network and this have possible access to my network, or is it not enough to do that?

 

[ForgottenSeer 109138]

So does it automatically like read network and this have possible access to my network, or is it not enough to do that?

Going to need you to be more specific with what you are seeing with a file you said appeared with wireguard which I have detailed where it comes from.

What's the file doing, where and how are you being alerted to it's presence, ect.

 

[Xeno1234]

Going to need you to be more specific with what you are seeing with a file you said appeared with wireguard which I have detailed where it comes from.

What's the file doing, where and how are you being alerted to it's presence, ect.

I’m just wondering what that file is meant to do, I can only see that it is running multiple times even when I’m not using vpn from system temp.

 

[ForgottenSeer 109138]

I’m just wondering what that file is meant to do, I can only see that it is running multiple times even when I’m not using vpn from system temp.

This is why being specific is important. It was my understanding you only seen it the day after you spotted wireguard.

Overall the setuphostapi.dll is used to perform tasks such as driver management and system configuration.

 

[Xeno1234]

This is why being specific is important. It was my understanding you only seen it the day after you spotted wireguard.

Overall the setuphostapi.dll is used to perform tasks such as driver management and system configuration.

I saw it the day of noticing wireguard. I noticed wireguard by seeing the file.

Thank you though for telling me what the file does. I’ll probably not worry about it too much as I don’t think I can do much on a router level as I’m on my parents network and they say it’s fine even though I’ve brought this up.

 

[Victor M]

perform tasks such as driver management and system configuration

I’ll probably not worry about it too much as I don’t think I can do much on a router level

@Xeno1234 . According to what Practical Repsonse said, it has nothing to do with a router. The DLL is present on YOUR PC. It can configure/install drivers and install things. Drivers can be malware. The software that the DLL is installing can be malware. I also call hacking tools malware, but AV's may not notice them.

 

[BSONE]

You need to engage more with the real world. Your family and friends are more important than the virtual world. Please talk to them.

 

[Trident]

I think it has been discussed now and made clear that the file could be legitimate. Without the file itself, it is difficult to provide more information.
This thread can now be locked, there is no solid evidence of intrusion.

 

[Xeno1234]

@Xeno1234 . According to what Practical Repsonse said, it has nothing to do with a router. The DLL is present on YOUR PC. It can configure/install drivers and install things. Drivers can be malware. The software that the DLL is installing can be malware. I also call hacking tools malware, but AV's may not notice them.

That’s better than a network intrusion. Ill usb reset it later today.

 

[ForgottenSeer 109138]

That’s better than a network intrusion. Ill usb reset it later today.

As I stated previously, you seen the file most likely after installation and configuration of the wintun driver associated with wireguard, which we already discussed is the protocol used by Kaspersky VPN.

Wintun is a driver that provides a network adapter for user space programs to read and write packets.

If you need further confirmation I would suggest the malware removal part of the forum and let them help you. At this time, without the file as stated above there is no way to determine.