StuartGriffen
asked on
Missing Network Shares - Compromised Network?
Saturday I installed a NetGear router. It's attached between my main computer and my cable modem.
The setup program told me to turn off all programs, including firewalls and AV, before installing. I did. And then I got sidetracked by a neighbor. I was open to the Internet for several hours without AV or firewall.
Sunday, all four of my computers on the network started behaving strangely. I first notiiced them being sluggish, taking a long time to load things. Then my main computer started just hourglassing forever at bootup. I'd start a Windows Explorer window, and it would just churn without evre opening it.
I lost connectivity to my router's web interface.
The administrative shares on the two XP machines are gone. If I re-enable them in the registry, they are gone again next time I reboot.
I pulled the plug on the Internet last night after reading a Microsoft help page that indicated that these symtoms--especially the missing admin shares--were likely a sign of a compromised system.
My plan is to wipe the machines and start from scratch. But I sooooo don't want to do that if I'm missing another cause/solution.
The setup program told me to turn off all programs, including firewalls and AV, before installing. I did. And then I got sidetracked by a neighbor. I was open to the Internet for several hours without AV or firewall.
Sunday, all four of my computers on the network started behaving strangely. I first notiiced them being sluggish, taking a long time to load things. Then my main computer started just hourglassing forever at bootup. I'd start a Windows Explorer window, and it would just churn without evre opening it.
I lost connectivity to my router's web interface.
The administrative shares on the two XP machines are gone. If I re-enable them in the registry, they are gone again next time I reboot.
I pulled the plug on the Internet last night after reading a Microsoft help page that indicated that these symtoms--especially the missing admin shares--were likely a sign of a compromised system.
My plan is to wipe the machines and start from scratch. But I sooooo don't want to do that if I'm missing another cause/solution.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Forgot in your previous post you mentioned you had a server. If this is a domain and the workstations cannot find the DNS server, possibly due to a bad router, they would hang for up to 10 minutes on boot up. Can you test with another router or switch, even without an Internet connection?
ASKER
Thanks guys.
Thanks Stuart,
--Rob
--Rob
ASKER
It's a home network, and I have everything backed up. Been down that road too many times.
I'm a little fuzzy on the virus situation. I've run multiple virus and malware scans on the machines already; none of them from a boot CD, though. If this is just some hacker's home-grown trojan with the aim of turning me into a zero-day site or spam server, will an AV program catch it?
I like your suggestion. My favorite part about it is not reinstalling all four machines. :)