Missing Network Shares - Compromised Network?

Posted on 2006-05-01
Medium Priority
Last Modified: 2012-05-05
Saturday I installed a NetGear router.  It's attached between my main computer and my cable modem.

The setup program told me to turn off all programs, including firewalls and AV, before installing.  I did.  And then I got sidetracked by a neighbor.  I was open to the Internet for several hours without AV or firewall.

Sunday, all four of my computers on the network started behaving strangely.  I first notiiced them being sluggish, taking a long time to load things.  Then my main computer started just hourglassing forever at bootup.  I'd start a Windows Explorer window, and it would just churn without evre opening it.

I lost connectivity to my router's web interface.

The administrative shares on the two XP machines are gone.  If I re-enable them in the registry, they are gone again next time I reboot.

I pulled the plug on the Internet last night after reading a Microsoft help page that indicated that these symtoms--especially the missing admin shares--were likely a sign of a compromised system.

My plan is to wipe the machines and start from scratch.  But I sooooo don't want to do that if I'm missing another cause/solution.
Question by:StuartGriffen
  • 3
  • 2

Accepted Solution

IPKON_Networks earned 1000 total points
ID: 16580979
I would disconnect all computers from the network and one by one boot using a AV bootable CD. Make sure it is up to date DAT files and scan each device. You will find that you will have a worm virus somewhere and this is overriding your shares etc. This shoudl clean each one up. However, if not, then you may need to reinstall the lot. Of course, you have the night befores backup, right????

As you clean each computer, rebuild the network slowly. Only add in computers that you know to be clean.
Then, you can add in your firewall once you are sure you have turned on the security.
Finally, connect the modem and get internet access.

Hope this helps

Author Comment

ID: 16581396
Thanks Barny

It's a home network, and I have everything backed up.  Been down that road too many times.

I'm a little fuzzy on the virus situation.  I've run multiple virus and malware scans on the machines already; none of them from a boot CD, though.  If this is just some hacker's home-grown trojan with the aim of turning me into a zero-day site or spam server, will an AV program catch it?

I like your suggestion.  My favorite part about it is not reinstalling all four machines. :)
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1000 total points
ID: 16581498
I really don't have any thing positive to add as for troubleshooting, but assuming the Netgear was installed between the computers and the Internet the risks would have been very minimal. The Netgear should have provided sufficient firewall protection against attacks, and if the systems were not in use the chances of obtaining a virus on all 4 systems or on 1 and it spreading to the others is not impossible, but very slim. I would continue to look for a solution. Other than the lost admin shares I would question connectivity of the router.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 78

Expert Comment

by:Rob Williams
ID: 16581511
Forgot in your previous post you mentioned you had a server. If this is a domain and the workstations cannot find the DNS server, possibly due to a bad router, they would hang for up to 10 minutes on boot up. Can you test with another router or switch, even without an Internet connection?

Author Comment

ID: 16640841
Thanks guys.
LVL 78

Expert Comment

by:Rob Williams
ID: 16640868
Thanks Stuart,

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question