Hi
I think I got a really stealthy malware today.
I'm using ESET Smart Security and it includes a powerful firewall. All I have is the information I got from it.
It received an attack from another computer of ours and that computer had a free antivirus which did not detect the virus. I bought a license for ESET for it too but it didn't detect it either.
See this photo:
It says:
I had no idea what ARP-cache was so I went ahead and did a quick google search. This thing seems to be valid and rather scary. This seems to be very dangerous as it hijacks webpages. Not on the infected computer, but on other computers on the same network. This sounds very dangerous, it's like a man-in-the-middle attack they could steal any information they want.
My computer seems to be clean (and this attempt was blocked) so let's focus on that IP address.
I tracked down the IP address (.106) and it was DHCP assigned to our downstairs family computer. It was running a popular free antivirus and I replaced it with ESET Smart Security hoping it would capture something but it did not. I also ran Norton Power Eraser. No results.
This must be some kind of well-hidden rootkit. The IP address clearly traces to that computer, and it *was* powered on at the time. The alert went off three times within a few minutes.
Can you help me how to get rid of this nightmare malware? I'll try Malwarebytes soon, is there anything else we could try too? How about the bootable CDs? Kaspersky has a recovery disk I heard. Is it good against rootkits?
I think I got a really stealthy malware today.
I'm using ESET Smart Security and it includes a powerful firewall. All I have is the information I got from it.
It received an attack from another computer of ours and that computer had a free antivirus which did not detect the virus. I bought a license for ESET for it too but it didn't detect it either.
See this photo:
It says:
Code:
Disabled network malware: ARP-cache poisoning
Source: 192.168.1.106
The ESET Personal Firewall blocked an attack attempt to protect your computer.I had no idea what ARP-cache was so I went ahead and did a quick google search. This thing seems to be valid and rather scary. This seems to be very dangerous as it hijacks webpages. Not on the infected computer, but on other computers on the same network. This sounds very dangerous, it's like a man-in-the-middle attack they could steal any information they want.
My computer seems to be clean (and this attempt was blocked) so let's focus on that IP address.
I tracked down the IP address (.106) and it was DHCP assigned to our downstairs family computer. It was running a popular free antivirus and I replaced it with ESET Smart Security hoping it would capture something but it did not. I also ran Norton Power Eraser. No results.
This must be some kind of well-hidden rootkit. The IP address clearly traces to that computer, and it *was* powered on at the time. The alert went off three times within a few minutes.
Can you help me how to get rid of this nightmare malware? I'll try Malwarebytes soon, is there anything else we could try too? How about the bootable CDs? Kaspersky has a recovery disk I heard. Is it good against rootkits?
My Computer
- Computer type
- Laptop
- Computer Manufacturer/Model Number
- HP Compaq 6720s
- OS
- Microsoft® Windows 7 Professional 64-bit
- CPU
- Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
- Motherboard
- Hewlett-Packard 30D8
- Memory
- 4,00 GB
- Graphics Card(s)
- (1) Mobile Intel(R) 965 Express Chipset Family (2) Mobile
- Sound Card
- (1) Bluetooth Hands-free Audio (2) Bluetooth Stereo Audio
- Screen Resolution
- 1280 x 800 x 32 bits (4294967296 colors) @ 59 Hz
- Hard Drives
- (1) Hitachi HTS542516K9SA00 ATA Device (2) Multi Flash Reader USB Device
