Do I have a virus

T

Tricker312

New member
Hi guys,

So I was playing a video game and I noticed my ping kept fluctuating. Weird, because nobody else in my house was using the internet. I click on network and there's a mobile device that I've not seen before (see image).
yh.PNG

So at this point I get paranoid and think it must be a neighbour stealing our internet, and I change the router settings to only specified devices to access the router. This didn't fix the problem - when playing the video game again, I notice I still get fluctuations in my connection. I click on network, and there's another mobile device (this time a different one).

I go on task manager and there's something running called 'COM surrogate'. I click on it and it comes up with a mobile device.

I clicked end task, I'm curious and afraid that maybe I have a virus or something on my laptop.

Could anyone help me out?
 
Last edited by a moderator:
Rakk

Rakk

The Awesome
Moderator
Though one interesting fact is that I know when I used to connect to my work VPN (old place I worked so I can't retest it), I would always get a random phone show up like that, so maybe its some weird connection.
 
Scott

Scott

Behold The Ford Mondeo
Moderator
Set the router to allow nothing but your PC and see what happens. From there, add your devices one at a time to see when the device pops up. Does your router have a SIM port or anything like that? What about your PC itself?
 
T

Tricker312

New member
Tony1044 said:
Hard to say. From another machine download and burn a bootable AV DVD or USB and run a scan.

A COM surrogate is a process called outside of another process. See here: https://blogs.msdn.microsoft.com/oldnewthing/20090212-00/?p=19173

That at least is likely to be harmless.
Click to expand...

Thanks for all the responses.

(Note: I already changed security settings to only allow our 2 laptops internet access).

I did a full scan with windows defender on my laptop and it came back all clear. Then I did a system restore. I then go onto network and there's another device still there.

I then wonder if I turn off my laptop and go on my parent's laptop, if anything will come up. Sure enough... it did.
yh3.PNG

Something also a little bit weird (see image) yh2.PNG
Google seems to think my parent's laptop is an android for some reason. (?)

Currently doing a full scan on their laptop.
 
Scott

Scott

Behold The Ford Mondeo
Moderator
Turn everything off. Turn on your computer and see if it shows. If it does..... it's either your computer or something to do with the router. If it doesn't, it's likely something to do with your parents PC.

If you're comfortable navigating around your router settings have a look and see what devices are currently connected. Also, the MAC address should be unique... if you open up CMD and type ipconfig /all and then hit enter this will show the MAC addresses of the network controllers on your PC.... same can be done with your parents PC etc.
 
T

Tricker312

New member
The_Scotster said:
Turn everything off. Turn on your computer and see if it shows. If it does..... it's either your computer or something to do with the router. If it doesn't, it's likely something to do with your parents PC.

If you're comfortable navigating around your router settings have a look and see what devices are currently connected. Also, the MAC address should be unique... if you open up CMD and type ipconfig /all and then hit enter this will show the MAC addresses of the network controllers on your PC.... same can be done with your parents PC etc.
Click to expand...

Before when my ping was going sky high on my pc, my parents pc was off, so I guess it rules out their pc being the culprit then?

I went on parent's pc with mine off and a mobile device came up, but has disappeared and in a few hours has not reappeared.

There are currently no other devices connected to the router. However, in the logs there keep coming up with intrusions:

Sep 9 20:17:23 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=86.59.138.253 DST=176.249.194.114 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=21835 PROTO=TCP SPT=20579 DPT=23 WINDOW=1320 RES=0x00 SYN URGP=0 MARK=0x8000000

I noticed this yesterday as well, should I be worried about this at all?
 
Scott

Scott

Behold The Ford Mondeo
Moderator
Tricker312 said:
Before when my ping was going sky high on my pc, my parents pc was off, so I guess it rules out their pc being the culprit then?

I went on parent's pc with mine off and a mobile device came up, but has disappeared and in a few hours has not reappeared.

There are currently no other devices connected to the router. However, in the logs there keep coming up with intrusions:

Sep 9 20:17:23 (none) user.alert kernel: Intrusion -> IN=pppoa0 OUT= MAC= SRC=86.59.138.253 DST=176.249.194.114 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=21835 PROTO=TCP SPT=20579 DPT=23 WINDOW=1320 RES=0x00 SYN URGP=0 MARK=0x8000000

I noticed this yesterday as well, should I be worried about this at all?
Click to expand...

Very difficult to diagnose over the internet I'm afraid. You need to spend some time logically going through some steps, randomly turning on/off PCs and seeing what happens isn't a good way to diagnose anything I'm afraid.

Again....

Turn everything off, including the router..... everything, modem (if it's separate) the lot.
Turn the router on and chose a PC to connect to the router with.
Monitor it for a while, browse around, play games if it's on your PC, etc.
Take note if the mobile device shows up.
Turn everything off again, including the router, etc.
Turn the router on then turn on the OTHER PC to see what happens.

If it happens with both PCs then that would suggest it's the router.
If it happens on one PC then that would suggest it's the PC.
 
T

Tricker312

New member
The_Scotster said:
Very difficult to diagnose over the internet I'm afraid. You need to spend some time logically going through some steps, randomly turning on/off PCs and seeing what happens isn't a good way to diagnose anything I'm afraid.

Again....

Turn everything off, including the router..... everything, modem (if it's separate) the lot.
Turn the router on and chose a PC to connect to the router with.
Monitor it for a while, browse around, play games if it's on your PC, etc.
Take note if the mobile device shows up.
Turn everything off again, including the router, etc.
Turn the router on then turn on the OTHER PC to see what happens.

If it happens with both PCs then that would suggest it's the router.
If it happens on one PC then that would suggest it's the PC.
Click to expand...

Ok thanks. I realized that the mobile device/s show up on both pc's (tested when one was off and vice-versa). When I click on network to see, it's not usually there, and when it is it will disappear after a few seconds. This makes me think that the person behind it knows that I'm aware of their presence (or am I just being silly?). I downloaded malwarebytes antimalware for my laptop and during the setup it had the language selected for Brazilian (wtf?).
 
Scott

Scott

Behold The Ford Mondeo
Moderator
If it shows up on both PCs then it's connected through your router. If you have restricted the devices to MAC address access via your router then I'm not really sure what else to suggest. Have you turned on network sharing on your PCs?
 
You must log in or register to reply here.
Top