wifi router being hacked

PP Mguire

Build Guru
Messages
31,318
Location
Fort Worth, Texas
Do you know of a way/program that will scan the bios? Or is there a way to copy bios content without having to flash it?
Flashing is the only COA but even then not guaranteed.

I would try wiping everything first because it is not definately the BIOS
Sounds like he tried that. Although I'm still a bit confused on what the actual issue is, and a BIOS can most definitely get infected.

So for clarification, your issue is you turn your wifi off, and it turns back on itself? Is this the only recurring problem here? What about those MWB scan results, you didn't really specify only said confusing results.
How many people are there with you in that place with all these machines?
 

lepend

Solid State Member
Messages
17
Location
uk
Flashing is the only COA but even then not guaranteed.

Sounds like he tried that. Although I'm still a bit confused on what the actual issue is, and a BIOS can most definitely get infected.

So for clarification, your issue is you turn your wifi off, and it turns back on itself? Is this the only recurring problem here? What about those MWB scan results, you didn't really specify only said confusing results.
How many people are there with you in that place with all these machines?
Ok.. already tried by formating hdd then installing new os, new router with security configured.. but then wifi was coming on by its self and other things on computer started to not work.. ie could not copy paste to usb's
I can only assume malware is on other parts of pc appart from hdd
Therefore for me to be sure I would like to view at least the data stored in the bios
Regarding results from mwb and other anti malware software for example avg bootable disk showed loads of viruses.. but others including mwb eiter showed none or just a few.. got a little confused with which ones actually showed viruses or not...
Regarding the number of machines here I meant to type 2 not 22 and the neighgour at some point is going to give me theirs...! sorry for conusion...
What I do know is that by configuring router to not switch on wifi and it switches on anyways intermitently there is a problem.. shortly after a new fresh install of the os the computer does not allow me to copy paste files to a usb there is a problem (files were clearly shown to be copied successfully to usb but would vanish on removal of usb???
These things amongst other things happening to pc was telling me I had a visitor in my system.. previously they were in my router without it showing in the routers interface!
Before flashing BIOS i want for find a way to read what is actually written within the BIOS

If someone knows how this is possible please let me know
 

PP Mguire

Build Guru
Messages
31,318
Location
Fort Worth, Texas
Ok.. already tried by formating hdd then installing new os, new router with security configured.. but then wifi was coming on by its self and other things on computer started to not work.. ie could not copy paste to usb's
I can only assume malware is on other parts of pc appart from hdd
Therefore for me to be sure I would like to view at least the data stored in the bios
Regarding results from mwb and other anti malware software for example avg bootable disk showed loads of viruses.. but others including mwb eiter showed none or just a few.. got a little confused with which ones actually showed viruses or not...
Regarding the number of machines here I meant to type 2 not 22 and the neighgour at some point is going to give me theirs...! sorry for conusion...
What I do know is that by configuring router to not switch on wifi and it switches on anyways intermitently there is a problem.. shortly after a new fresh install of the os the computer does not allow me to copy paste files to a usb there is a problem (files were clearly shown to be copied successfully to usb but would vanish on removal of usb???
These things amongst other things happening to pc was telling me I had a visitor in my system.. previously they were in my router without it showing in the routers interface!
Before flashing BIOS i want for find a way to read what is actually written within the BIOS

If someone knows how this is possible please let me know
UEFI infections can only be cleared by a fresh flash of the most recent bios. If the problem persists it's elsewhere.

Even most cheap routers today have a system log. If the system log doesn't show changes then it's not being changed by a person. The log can't be tampered, only cleared. If it's been enabled from the factory and the log is clear, then somebody cleared it.

no,the virus would be stored on a different computer.
This is why I told the OP to take all machines off the network when doing a sweep.
 

lepend

Solid State Member
Messages
17
Location
uk
UEFI infections can only be cleared by a fresh flash of the most recent bios. If the problem persists it's elsewhere.

Even most cheap routers today have a system log. If the system log doesn't show changes then it's not being changed by a person. The log can't be tampered, only cleared. If it's been enabled from the factory and the log is clear, then somebody cleared it.

This is why I told the OP to take all machines off the network when doing a sweep.
I am not using this router anymore... but I was intermitently looking at the log files and I was supprised to see one day several pages but then a couple of days later for example I would see less or almost none at all (i can only assume this is down to it been cleared... and it wasnt me!)


Before I connect again using router.. I will be flashing the bios on any computer that i allow network access.. (dont know what to do with mobile phones though?) but before flashing any UFEI/BIOS I want to see if my concerns are correct and read what information is stored them... is this simply not possible?


At the moment I am tethering mobile phone to get internet from a pc thats got fresh os install but I dont know if thats been compromised????
 
Last edited:

TechnoChicken

Professional Amature
Messages
618
Location
Orbiting Jupiter
/tethering your phone is a good idea but what I would do is shut down all computers tablets and phones and then take one computer,flash the BIOS and then reset the router and see what happens
 

PP Mguire

Build Guru
Messages
31,318
Location
Fort Worth, Texas
I am not using this router anymore... but I was intermitently looking at the log files and I was supprised to see one day several pages but then a couple of days later for example I would see less or almost none at all (i can only assume this is down to it been cleared... and it wasnt me!)
Look at the settings and see how long the log is supposed to be retained.

Before I connect again using router.. I will be flashing the bios on any computer that i allow network access.. (dont know what to do with mobile phones though?) but before flashing any UFEI/BIOS I want to see if my concerns are correct and read what information is stored them... is this simply not possible?
You would need a hex editor and ability to read the bios itself to dump.

At the moment I am tethering mobile phone to get internet from a pc thats got fresh os install but I dont know if thats been compromised????
That one's easy, are you experiencing the same oddness from before?

what I would do is shut down all computers tablets and phones and then take one computer,flash the BIOS and then reset the router and see what happens
He needs to disable all internet connectivity and do each machine individually then try one at a time WITHOUT home ISP and see if any machine is compromised. If he doesn't experience anything out of the ordinary we can conclude it's an external attack or compromised piece of network gear. Without proper process of elimination the OP will only keep going in circles trying to rectify the situation.


As an aside, this is a good example of why a strong IPS/IDS system is necessary these days. I had 6 blocked threats trying to attack my PS4 Pro from the 24th to the 30th of last month. A closed system and they were just scanning to find a point of entry. On the 19th I had 52 attempts alone from the Netherlands and Russia. Russia of which I have GeoIP blocked.
 

Attachments

  • PS4 Attack.PNG
    PS4 Attack.PNG
    26.6 KB · Views: 2

lepend

Solid State Member
Messages
17
Location
uk
As an aside said:
Hi PP Mguire.. Bit of a late reply to this post... I was just hoping you could tell me what SW you are using to see the attacks on your network.. or if anyone else can advise what is a good SW to use to see this?
Thanks
legepe
 
Top