What to look for when identifying the malware infection

KnoThnx
KnoThnx Member Posts: 5
First Comment Photogenic

So I have been dealing with a a security issue for a little over a year but didn’t catch it the first 4 months of that year. I recently saw that my internet was set up to have a Psuedo Loopback interface when I ran netsh interface ipv4 commands on my pc. When I ran fings network scanner the details for my router my vendor showed up differently, (showed up as technocolor), which I know is a legit vendor. Now when I inputed the gateways ip (https://10.0.0.1) in order to access the admin tools to make changes to my router and look at the details this is what showed up: (I think the core revision is the only thing that changed when I restarted my router a few days ago btw)

When I have tried to make certain changes most times it has told me I made them and then those same changes when I look back, revert back to the previous settings every time I log out as if I’m in this fake version of the gateway. There are settings that I should be able to change that I can’t because they are greyed out. Would it be possible for someone to use software that was created to emulate identical sites and interfaces that trap others in a virtual machine that where, as long as you are a person who uses a computer on a basic functional level that you could be trapped in a virtual machine and not know it? I know that things like this are typically very sophisticated processes to put in the time and effort to deploy but nowadays can’t people who aren’t sophisticated hackers just buy a program from someone who is and have that programs AI do the work for them? Please share any thoughts it would really help and I am going to be asking more questions regarding my tech issues because I feel like I have exhausted ideas and I have asked many techs and I’ve gotten many ideas of what I could be dealing with, RATs, Rootkits, Man in the Middle. If you guys need me to comment a brief description of when I discovered it through a bullshit virus alert let me know, it could provide some help, I just didn’t wanna overwhelm ppl with too much writing. Thank you so much.

KnoThnx👾

Answers

  • EricArtille
    EricArtille Member Posts: 2
    Photogenic First Comment
    edited May 30, 2022 #2

    I have the exact same issue as you however it effects me on every device I have.. I’ve gone through 4 Android devices, 1 Chromebook, and now my 2nd iOS device. I switched to iOS because I originally thought this was an Android issue only.. and at first it seemed to work.. but 2 days later my new iPhone 11 is completely compromised .. Fing is completely compromised so asking for advice on here is pointless. . As you can see no one will reply .. so this is a known breach I believe.. Google finally released a statement about it although they lied and said they didn’t know of any instances of the failures being used by any hackers against anyone or whatever.. the issue is they have access to your operating system and admin privileges etc.. so factory resets don’t work, as you mentioned things you should be able to turn off or delete you are no longer able to, this is because you are not the owner or admin or your devices .. no virus scans or anything will even detect it.. vpns do not work because it’s able to turn on and off at will.. support emails are no good because it won’t send them.. it’s very very frustrating and I have been unable to find any help. ExpressVPN support actually said they could not help me because i mentioned having a virus.. Google support chat was telling people complaining of this same issue that what they were talking about was impossible and could not happen .. they still are saying that despite publicly acknowledging the critical failures which allowed this to happen.. I don’t want to overwhelm either.. so I digress.. happy to speak with you and share what I know, I actually had it contained for about 3 months then I got cocky and ran an update and synced my devices and it was back within 30 seconds on all my devices.. (Number Removed) as I said, happy to talk.. as you mentioned as well, most people don’t even notice it.. can you spot the difference in these pics?


  • Paulb9877
    Paulb9877 Member Posts: 1
    Photogenic Name Dropper First Comment
    edited May 17, 2022 #3

    So far I've noticed 3 things different arrow next to battery is white with black outline in second pic and clock is 2 mins faster and top says welcome other is your name. Which is right? I believe to be in same situation but now I think it is happening to my home security and cams as well. Would love to here more info from u guys. Wait @EricArtille your in my area npr. What are the chances of that. @KnoThnx where u from I notice Arris router Spectrum customer?

  • Crowgrandfather
    Crowgrandfather Member, Beta Tester Posts: 91
    Second Anniversary 5 Answers 25 Likes 10 Comments
    ✭✭✭

    So there's a lot of "what's" in this post.


    First off what do you mean by a Pseduo Loopback interface? Can you provide a screenshot of your netsh command?


    Next what is the make and model of your router? Is it an ISP device or do you own it? Is it a modem and a router or just a router?


    Before we go down rabbit holes with regards to VMs and emulation let's start with those questions.

    KnoThnx
  • JJVegas
    JJVegas Member Posts: 1
    First Comment

    I’ve had the same thing happen over the past 8 months. Gone through about 6 devices. Any customer support I try to talk to just says to change my passwords and It’ll be secure. Anyone else I talk to about it just thinks I’m being dramatic and crazy.

  • Marc
    Marc Moderator, Beta Tester Posts: 3,109
    250 Answers 1,000 Likes 2500 Comments 250 Awesomes
    ✭✭✭✭✭✭✭

    I have the exact same issue as you however it effects me on every device I have.. I’ve gone through 4 Android devices, 1 Chromebook, and now my 2nd iOS device. I switched to iOS because I originally thought this was an Android issue only.. and at first it seemed to work.. but 2 days later my new iPhone 11 is completely compromised .. Fing is completely compromised so asking for advice on here is pointless. . As you can see no one will reply .. so this is a known breach I believe.. Google finally released a statement about it although they lied and said they didn’t know of any instances of the failures being used by any hackers against anyone or whatever.. the issue is they have access to your operating system and admin privileges etc.. so factory resets don’t work, as you mentioned things you should be able to turn off or delete you are no longer able to, this is because you are not the owner or admin or your devices .. no virus scans or anything will even detect it.. vpns do not work because it’s able to turn on and off at will.. support emails are no good because it won’t send them.. it’s very very frustrating and I have been unable to find any help. ExpressVPN support actually said they could not help me because i mentioned having a virus.. Google support chat was telling people complaining of this same issue that what they were talking about was impossible and could not happen .. they still are saying that despite publicly acknowledging the critical failures which allowed this to happen.. I don’t want to overwhelm either.. so I digress.. happy to speak with you and share what I know, I actually had it contained for about 3 months then I got cocky and ran an update and synced my devices and it was back within 30 seconds on all my devices.. (Number Removed) as I said, happy to talk.. as you mentioned as well, most people don’t even notice it.. can you spot the difference in these pics?

    @EricArtille, I removed your phone number as its probably not a great idea to post that in an open forum. You are better off using Direct messaging (a feature of this forum) for private conversations and then share your number via it once someone responds.

    Thats Daphnee, she's a good dog...