Jump to content

Router infected with ZuoRAT?


Recommended Posts

From yesterday I'm having the following inbound blocked traffic logs:

Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application;Hash;User
30/06/2022 10:47:33;No application listening on the port;Blocked;92.245.188.58:443;192.168.1.191:49718;TCP;;;0000000000000000000000000000000000000000;
Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application;Hash;User
30/06/2022 13:17:28;No application listening on the port;Blocked;81.4.100.200:443;192.168.1.191:50315;TCP;;;0000000000000000000000000000000000000000;

Could it be that my router has been infected with ZuoRAT?

Link to comment
Share on other sites

45 minutes ago, Enrico said:

Could it be that my router has been infected with ZuoRAT?

Possible.

Do a hard reset on your router to set things back to default settings. Then monitor if the Eset Network log entries no longer appear.

Link to comment
Share on other sites

Thanks for the suggestion, I did a factory reset and then realized that I was using Marcos suggestion for the logs: https://forum.eset.com/topic/32651-web-access-protection-the-url-address-is-too-broad/?do=findComment&comment=152084

So it was a false alarm (after diggin' discovered that IP's were from website tracking and imaps).

Edited by Enrico
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...