Suspicious activity. How to find it?

Zecha

Level 2
Thread author
Mar 2, 2020
69
Yes I checked few weeks/months ago and I was hacked. I have a facebook account hacked by 4000 times or something like that and others by 10-30 times.
I checked with kaspersky password manager. I pressed a button to introduce my passwords there and to check if they were hacked.
The problem is that I could enter maximum 10 or 15 passwords and to check them and cant change them there.

Kaspersky password manager was checked with the same website you linked I think.
 
  • Like
Reactions: plat and Nevi

Zecha

Level 2
Thread author
Mar 2, 2020
69
If I have a new phone, and I use mobile data from SIM, exists a risk if I dont connect to my home wifi?
If my wifi is virused.
Can the phone be connected to my wifi without my permission?

And another question : What things should I allow on my phone? Galery if asking for permissions should I allow?
Or another apps to allow.

Im scarry to connect my phone to wifi. I reseted few months ago but im still in doubt if I should connect or no.
 

Zecha

Level 2
Thread author
Mar 2, 2020
69
I am thinking about using an application on windows named Netcut.
Can someone tell if is it safe to use and download?
I saw on youtube about this application and can block the hacker from using my wifi.
I downloaded on my android phone an app named Wi-fi inspector and he found 3 devices, 1 with X that is unknown, 1 that is mine and 1 Gateway.

Can someone tell today if the app is safe? I want to download the app in the next 1-2 hours and I dont want to get another malwares or viruses.

Thanks!

Edit : I used Netcut and I dont have any suspect connection using my wifi network.
If my Wifi was virused, I should see any device connected? Can be virused with another type? To slow down my internet and collect data without the hacker be conneced?
 
Last edited:

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
If I have a new phone, and I use mobile data from SIM, exists a risk if I dont connect to my home wifi?
If my wifi is virused.
Can the phone be connected to my wifi without my permission?
I am thinking about using an application on windows named Netcut.
Can someone tell if is it safe to use and download?
I saw on youtube about this application and can block the hacker from using my wifi.
I downloaded on my android phone an app named Wi-fi inspector and he found 3 devices, 1 with X that is unknown, 1 that is mine and 1 Gateway.
Can someone tell today if the app is safe? I want to download the app in the next 1-2 hours and I dont want to get another malwares or viruses.
You're being unnecessarily worried about all possible situations. Do you think someone is after you? This paranoia can lead you to download unknown tools that may or may not be safe. Every such app has counterparts meaning to take undue advantage of fear of security.
Just do basic Wifi security checks and you're good. Change the default admin username and password. Update your router firmware to latest version. Basic security settings like encryption, SPI Firewall etc should be default in your router configuration. Verify that it uses WPA/WPA2 security (and AES encryption) instead of the older WEP. You can revise them with some guides.
If you really want to learn in depth about wifi security, you can start with this thread https://malwaretips.com/threads/five-ways-to-check-if-your-router-is-configured-securely.79268
Your phone will only connect to wifi if you enable wifi and connect to it. Use mobile data or wifi, doesn't matter. Relax.
The site that hosts Netcut app looks old and genuine but it's not encrypted. Anyways, instead of using such apps just secure your basic router settings like I said. You already have a good internet security to provide network protection to your PC. You can use an android antivirus like Sophos that has WiFi security check, privacy and security advisor etc.
And another question : What things should I allow on my phone? Galery if asking for permissions should I allow?
Or another apps to allow.
You could allow permissions that system apps ask for, as they seem necessary. Gallery will surely ask for "storage" access to access your media, besides contacts and other permissions for extra functionality. Just don't download/use unknown, non-famous, not-much-downloaded apps... don't download from 3rd party app stores and have an AV for your peace of mind :)
 
Last edited:

Zecha

Level 2
Thread author
Mar 2, 2020
69
Thanks! I will try to update my router firmware and change password when I have time for that.
My router is kinda old I think and I didnt changed the firmware. Only for old router I changed the firmware.
Im kinda paranoia because I have spikes on games similar to ping from internet but when I check the ping is 1-5 ms. My image freezes in some days for 3-7 seconds and when my image get back I have 200-250 ms and he is decreasing etc.
Now another question if Im not too insistent. I will try to update my firmware and password but just as a fact, if I will change my router, my problems will go? Or I have to ask Internet Provider to change my IP or another request to change my current identity with a new one.
I think im somehow safe but I still receive on emails code verification, now I started to receive from paypal (fake one i think because has weird name) that my account has been hacked.

I dont know from where they come but I started to receive them after November/December 2019 after I got a message on my phone that my phone was virused and I have to pay a tax to be safe.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
My router is kinda old I think and I didnt changed the firmware. Only for old router I changed the firmware.
I will try to update my firmware and password but just as a fact, if I will change my router, my problems will go? Or I have to ask Internet Provider to change my IP or another request to change my current identity with a new one.
Changing router would be like getting a new car. Even the newer tech car can develop mechanical failures or damages. Or getting a newer gen CCTV camera. The security might increase but it's again vulnerable to attacks.
Besides, you're just speculating that your router needs a doctor. No surity if it's the router or something on your machine causing the issue. For router, you can just reset it and do the checks I mentioned in the earlier post.
Im kinda paranoia because I have spikes on games similar to ping from internet but when I check the ping is 1-5 ms. My image freezes in some days for 3-7 seconds and when my image get back I have 200-250 ms and he is decreasing etc.
I am not very sure how are you connecting that with the issue. You haven't reset your system (with or without USB) yet, if I can recollect. Without that, you can speculate on a number of other things. Again -
You're just speculating that your router needs a doctor. No surity that it's the router or something on your machine.
but I started to receive them after November/December 2019 after I got a message on my phone that my phone was virused and I have to pay a tax to be safe.
Rest assured that that's fake. Fear-mongering. Social engineering. Rather, your machine could have been safe as it is and opening such suspicious pages/emails/attachments/links could compromise your system. Stay away from these.
 
Last edited:

Zecha

Level 2
Thread author
Mar 2, 2020
69
Rest assured that that's fake. Fear-mongering. Social engineering. Rather, your machine could have been safe as it is and opening such suspicious pages/emails/attachments/links could compromise your system. Stay away from these.
Opening the email dont give me something malicious right? To check the email address I receive and the text inside.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Opening the email dont give me something malicious right? To check the email address I receive and the text inside.
Modern email clients and websites restrict ways with which a user could get infected by just opening emails. So in general, that's a safe action. Everyone does that to verify the sender and other details.
Some users use programs like sandboxie to isolate the email client/browser for further protection.
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
542
Modern email clients and websites restrict ways with which a user could get infected by just opening emails. So in general, that's a safe action. Everyone does that to verify the sender and other details.
Some users use programs like sandboxie to isolate the email client/browser for further protection.
Such vulnerable apps...actually every installed apps...should work in system on the lowest privileges as possible...Sandboxie is the good example of restricting/isolating apps.
 

Zecha

Level 2
Thread author
Mar 2, 2020
69
Today I was in a game, I moved 5-10 secs, he got me back, I had 80 ms and I lost connection to the game.
I quit the game and Bitdefender blocked a threat (2).
Can someone tell what threat is? I didn't open any page while I was playing the game.
This is Infected webpage detected :
We blocked this dangerous page for your protection: http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5809/5808/833cce5901c5a36bee57e04b77d000b1dd80f2d744048932c8265cdbfaada1d8.crxd Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.

And Infected web resource detected :
Feature:Online Threat Prevention
We blocked this dangerous page for your protection: http://storage.googleapis.com/update-delta/hfnkpimlhhgieaddgfemjhofmfblmnib/5809/5808/833cce5901c5a36bee57e04b77d000b1dd80f2d744048932c8265cdbfaada1d8.crxd Accessed by: svchost.exe Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.
 
Last edited by a moderator:

Zecha

Level 2
Thread author
Mar 2, 2020
69
Someone who knows what is this threat?
Because I received today again same threats blocked.
What is this svhost? Should I delete that somehow or what? Maybe is infected or idk.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Someone who knows what is this threat?
Because I received today again same threats blocked.
What is this svhost? Should I delete that somehow or what? Maybe is infected or idk.
svchost.exe is system service process, just open windows taskmanager(details) there are many processes as svchost.exe
It's impossible to delete as all running as service processes, but svchost.exe could be abused as process hollowing by malware.
 

Zecha

Level 2
Thread author
Mar 2, 2020
69
svchost.exe is system service process, just open windows taskmanager(details) there are many processes as svchost.exe
It's impossible to delete as all running as service processes, but svchost.exe could be abused as process hollowing by malware.
Yes, I know that svchost is part of windows services. But if is infected I cant try to remove it somehow?
Keep in mind that I reinstalled windows few times. So if svchost was infected could pass throught windows install?

Can you help me with finding svchost in task manager?
I have only Service Host there at Processes tab.
Those are all svchost? Because I have for example Service Host: cbdhsvc_38eeb and many others. This is svchost and should be located at System32?
I can scroll for 10 seconds until I dont have Service Host anymore. So they are many and I dont know if everyone should be located at System32.

Edit: I found them at Details.
Unfortunately I could not find any svchost that is not from system32.

I dont know from where to start. And from where are these infection pages and threats in general on bitdefender.
Threats are very random.
Now I see that my pc runs better and I dont have lag spikes.
But im afraid about those emails I receive, to dont steal my accounts.
 
Last edited:

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Yes, I know that svchost is part of windows services. But if is infected I cant try to remove it somehow?
Keep in mind that I reinstalled windows few times. So if svchost was infected could pass throught windows install?
It won't pass though a clean re-install. One cannot just remove svchost. If svchost is outside of System32 folder, it would be malicious. If it is inside System32, it may have been clean and was used to download something OR it was infected by a malware.
And the below post that I had shared also has methods including scanners that can potentially identify and fix infected svchost.
Those are all svchost? Because I have for example Service Host: cbdhsvc_38eeb and many others. This is svchost and should be located at System32?
Screenshot (639).png
I dont know from where to start. And from where are these infection pages and threats in general on bitdefender.
The link Bitdefender blocked for you is apparently a browser file/extension. Cannot say how it got a hit. The link might be a false positive ie. Bitdefender is blocking a safe link. I read on another forum that the link is not being blocked anymore.
Anyway, since the link got blocked and assuming you didn't want that action and everything is working fine, there's no need to panic.
Now I see that my pc runs better and I dont have lag spikes.
Congratulations ;)
 

Zecha

Level 2
Thread author
Mar 2, 2020
69
You recommended an application for checking task manager while im in gaming.
Can you tell me from where I can download that app?
I want to check my usage because sometimes I have ping and Im not sure if they are servers, my internet or something hidden in background.
SysInternals Process Explorer (I think this was the app).
I found on ytb that this program can be downloaded from microsoft? So I know that the site is legit.

Can I see the log on this app? I just extracted and im not sure if I can see the log.
I dont want to see real-time as I see on task manager because the process can dissapear realy fast.

Thanks again!
 
Last edited:

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
I want to check my usage because sometimes I have ping and Im not sure if they are servers, my internet or something hidden in background.
Can I see the log on this app? I just extracted and im not sure if I can see the log.
AFAIK you won't be able to log. And SysInternals won't be helpful in this case.
Have you been having ping/lags only since some time or it has been forever? Do you have a good enough Graphics Card and PC overall?

You can use the below methods to identify the cause —
  1. Run a speed test to verify that internet speed. Ping above 100-150ms can be bad for gaming. Meaning your internet speed/ router config/ router strength is not enough.
  2. Use ping in cmd to ping the game server and see if packet loss occurs or if it's taking unusually high time for replies. Use IP address of the game server if available, otherwise use the hostname/domain name of the gaming server. You can also evaluate ping inside some games.
  3. Also you can check if other network-intensive games are having the latency. If yes, chances are that it's not the game server but something on your side.
  4. Set Task Manager to "Always on Top" and then launch it when gaming (you can do it at least 1ce or 2ce for diagnosis right?) and check the CPU and GPU usage.
  5. Also do this while keeping the game running, open Task Manager > Performance tab > open Resource Monitor. Go to Network tab > TCP Connections. Here you can check latency figures. If the game is not active though, it may not reflect the game-time latency you usually face.
  6. Set your WiFi connection in Windows as "metered connection' so that Windows does not download updates in background (be sure to download any important updates later). OR just reduce the update bandwidths. Disabling/limiting background updates will allow your game to use a larger bandwidth.
  7. You can try closing unnecessary background apps/ sync clients/ torrent etc, check the Windows startup items in Task Manager and disable unnecessary items.
  8. Possibly try to get closer to router. Try switching off router (and modem if used) and plugging it off, then plug it on after a few secs and turn it on. Other devices connected to your router can also have impact.
  9. See if you can manage to connect your router to PC using a high-speed LAN cable.
  10. See if you can increase the frequency of your router
1588090878967.png
Other than that, you can just google it to see how other gamers check and address ping issues.
 

Zecha

Level 2
Thread author
Mar 2, 2020
69
AFAIK you won't be able to log. And SysInternals won't be helpful in this case.
Have you been having ping/lags only since some time or it has been forever? Do you have a good enough Graphics Card and PC overall?

You can use the below methods to identify the cause —
  1. Run a speed test to verify that internet speed. Ping above 100-150ms can be bad for gaming. Meaning your internet speed/ router config/ router strength is not enough.
  2. Use ping in cmd to pingthe game server and see if packet loss occurs or if it's taking unusually high time for replies. Use IP address of the game server if available, otherwise use the hostname/domain name of the gaming server. You can also evaluate ping inside some games.
  3. Also you can check if other network-intensive games are having the latency. If yes, chances are that it's not the game server but something on your side.
  4. Set Task Manager to "Always on Top" and then launch it when gaming (you can do it at least 1ce or 2ce for diagnosis right?) and check the CPU and GPU usage.
  5. Also do this while keeping the game running, open Task Manager > Performance tab > open Resource Monitor. Go to Network tab > TCP Connections. Here you can check latency figures. If the game is not active though, it may not reflect the game-time latency you usually face.
  6. Set your WiFi connection in Windows as "metered connection' so that Windows does not download updates in background (be sure to download any important updates later). OR just reduce the update bandwidths. Disabling/limiting background updates will allow your game to use a larger bandwidth.
  7. You can try closing unnecessary background apps/ sync clients/ torrent etc, check the Windows startup items in Task Manager and disable unnecessary items.
  8. Possibly try to get closer to router. Try switching off router (and modem if used) and plugging it off, then plug it on after a few secs and turn it on. Other devices connected to your router can also have impact.
  9. See if you can manage to connect your router to PC using a high-speed LAN cable.
  10. See if you can increase the frequency of your router
View attachment 238263
Other than that, you can just google it to see how other gamers check and address ping issues.
I will try to follow some steps because I dont understand all of them.
I made several speedtest and I had 2 ms Ping and 0 ms Jitter with 900+ Download and 500+ upload.
I use ethernet cable on my pc. I remember that before when I had laptop and I used wi-fi I had many disconnect compare to now.
But I dont have only problems with ping in games. I have other strange things.
I will try the step with task manager on top. I hope I will find something.

Sometimes I have problems with render on games. Im not sure if this can be a problem related to malwares. Maybe no. This can be the graphics card or cpu I think.
Im not 100% sure I have something malicious on background but still....I receive from time to time reports on my antivirus without browsing on malicious websites. I received 3-4 times and every time I was afk and I saw the reports.
And about packet loss, im not sure what is that about but I set that setting on my game and I had 0% packet loss when ping occurs.
 
  • Like
Reactions: Parsh

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Im not 100% sure I have something malicious on background but still....I receive from time to time reports on my antivirus without browsing on malicious websites
Could be that some of your games are connecting to web resources that Bitdefender falsely flags a number of times, as seen before. Could be.
And I would suggest you don't keep relating all glitches and slowdowns to malware. Software can have a number of factors causing them you know :)
 
  • Like
Reactions: Protomartyr

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top