Please can anyone offer any tech advice? Event 11005 MsmSecurity

Hi there

Apologies im new but desperately need some clarification.

Towards the end of last year I had some security issues with my asus laptop, windows 7 premium 64, it began with my bank cards being cloned and credit card details being used (5 separate incidents). The laptop kept crashing, unknown log on events and unknown IP log on to Facebook. I eventually had computer wiped cleaned and started again. That was at the end of Nov 2012.

It appears similar things are beginning to occurr again. For the last few days its been continuously crashing, programs failing to load, printer will not connect and nothing as far as I know has been changed.

During the last crash at 0217 hrs I found the event id 11005 WLAN auto config, wirless security suceeded showing details of a foreign MAC address

Please can anyone confirm that this is indeed strange, I was unable to convince friends and family last time and they thought I was being paranoid?

Any advice would be much appreciated
Many thanks

Welcome to Seven forums dinky.
Just a guess but since the issue resurfaced you are getting crap from a like or friend of a friend of a friend of a friend of a friend from Facebook. Is your WLAN WPA2 and have a good password?

Hi

Thanks so much for getting back to me. Really appreciate it.

Honestly I have no enemies, friends, family or otherwise that would be interferring. I dont actually use facebook that much. It was only becuase I was checking all my security that I happened to notice the unusual IP.

It is WPA2 and the password is a good one and only known by myself and my husband (believe me I have thought and accused him)

I agree totally with Britton30 here. What kind of security do you use on your machine?

I use Microsoft security essentials. Scans have never picked up on anything

FB has so many layers which interact it's very hard to tell who can access your wal or whatever it is. I had two friends whose PCs were corrupted by someone down the line in FB contacts.

You might try using this to do an offline scan and report back, it may take some hours to run.
http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html#post1424613

Thanks. Ill give that a try and get back to you. I have not had any further issues with facebook just problems with laptop crashing, mouse jumping about, very long start up, error messages when nothing different has been changed on computer. Just to give you an idea. Im starting a log of the ocurrences before I forget and will try the link. Thanks

You're welcome. What you're describing are symptoms of an infection of some sort, Virus, Trojan, keylogger, etc.

I would run this on your PC. I'm not affiliated with Symantec, just a satisfied customer...

Norton Power Eraser | Free Tool |Easily remove scamware that traditional virus scanning can

Good luck!!

Thanks. Any advice is welcome and appreciated. I'm yet to get chance to try suggestions but will get on it. Further look on event viewer showed that at same time as crash last night there was a special logon event from an IP address showing registered to 'hon hai precision ltd' in Taiwan

Surely this can't be authentic? Any ideas?

Give the scans a try to see how it turns out. Seems like you have a hole in your network. Change the network password and don't go near FB and see if you have any foreign log ins.

I've not been on Facebook for while. Last time was about week ago just to check all in order. Nothing suspicious since I wiped laptop in nov. trying scans and will let you know?

Just out of interest, if someone with legitimate access was monitoring my use could this cause these issues and how would I identify it?

Dinky said:

I've not been on Facebook for while. Last time was about week ago just to check all in order. Nothing suspicious since I wiped laptop in nov. trying scans and will let you know?

Just out of interest, if someone with legitimate access was monitoring my use could this cause these issues and how would I identify it?

Click to expand...

Hard to tell but I don't think someone with legitimate access would need a malware to monitor your activity.
BTW, just logging on FB could expose you to infections if all the right permissions, like, friends, etc. are already in place. The people who do that are quite smart, and ratbags.

If you haven't enabled MAC filtering on your router, do so. This will only allow authorised devices to connect and not others, even if they have the correct SSID and password. Incidentally, for your password go to https://www.grc.com/passwords.htm

Hi,

You've already received some good advice regarding malware scans and the MAC filtering on your router. I'd like to make a few more suggestions:

1. Perform a scan for rootkits using this tool:

https://support.kaspersky.com/viruses/solutions?qid=208280684

2. Also ensure that no one can access your computer remotely, by following these steps:

Click rb:
Right-click My Computer
Click Properties
Click Remote Settings

Ensure your panel looks like this:

In addition run a full Malwarebytes
and SUPERAntiSpyware.com - Downloads.

Once you are clear of infection, work through the Troubleshooting Steps for Windows 7 for establishing a Clean Boot, checking system resources for solving problems, Generate a System health report, check logs for repeat errors to resolve, SFC /scannow, and the rest. Report back results.