Stratego 0 Posted September 7 Share Posted September 7 Hi there, Just finished up re-setting my laptop after a complete wipe from a suspected hack / malicious activity and already I'm seeing unexplained network connectivity and transfers. Details: Lenovo X1 Carbon - Gen 8 - Windows 10 Pro 19045. All Windows and Lenovo updates and firmware. Running ESET Smart Security Premium. Whether I'm at home or at the office, I'm noticing unwanted connections coming from 20+ IP addresses. From my office, I've had over 3000x attempt and attacks by 7 workstations, 2 phones, and 1 printer, through ports: 137, 138, 7680, 1900, and 5355. I noticed over 1GB of data transfer so far. From Home, I'm getting similar attacks as well from the above mentioned ports. Everything is going through masks uses of svchost.exe, spoolsv.exe, jhi_service.exe, msedge.exe. I believe they've manipulated ESET as well, because when I see the IP addresses and I try to right click it, I can't Deny the connection, it won't allow me too. I can't Deny the service of the file as well as it's greyed out. My browser also had the Green Border missing earlier this afternoon. I don't believe there's any Malware on the system itself as I didn't click on anything or install anything unwanted or questionable as it's a brand new setup. I have also been going through this for the last 2 months. This is some sort of script or a really bored indivdual(s) using Windows exploits to get in. How do I stop this? What can I do? Thank you, Quote Link to comment Share on other sites More sharing options...
Stratego 0 Posted September 7 Author Share Posted September 7 In addition to the above, this is the 3rd time Windows Update has notified me that 22H2 update is available and ready to be installed. I've done this twice already. WTH is going on here!? Quote Link to comment Share on other sites More sharing options...
Stratego 0 Posted September 8 Author Share Posted September 8 600MB Has been sent to ESET so far??? Quote Link to comment Share on other sites More sharing options...
Stratego 0 Posted September 8 Author Share Posted September 8 Normal for all these connections? Quote Link to comment Share on other sites More sharing options...
itman 1,751 Posted September 8 Share Posted September 8 (edited) 14 hours ago, Stratego said: From my office, I've had over 3000x attempt and attacks by 7 workstations, 2 phones, and 1 printer, through ports: 137, 138, 7680, 1900, and 5355. I noticed over 1GB of data transfer so far. From Home, I'm getting similar attacks as well from the above mentioned ports. For starters, set your Eset network connection profile to Public. When the network connection is set to Public, it will block any inbound connections from both the Internet and your local subnet to ports 137, 138, 1900, and 5355. As far as port 7680 goes, it is used for Delivery Optimization for Win 10 updating: https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-faq . Refer to the below screen shot. If you haven't disabled "Allow downloads from other PCs settings," your PC is basically being used as part a Microsoft botnet for updating of its software. This will also account for the high volume of Internet network traffic you are observing. Also, allowing this network traffic is a potential security risk. Edited September 8 by itman Quote Link to comment Share on other sites More sharing options...
itman 1,751 Posted September 8 Share Posted September 8 15 hours ago, Stratego said: In addition to the above, this is the 3rd time Windows Update has notified me that 22H2 update is available and ready to be installed. I've done this twice already. WTH is going on here!? Appears to be a Windows Update issue. Refer to this posting: https://answers.microsoft.com/en-us/windows/forum/all/windows-10-22h2-repeatedly-updates-despite-the/edaef2f5-ffa0-488b-8b6a-385d751569ce . Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.