I've got the GT-AX6000 setup with the latest merlin firmware on my sisters house. I have enabled AiProtect which I had thought would stop outbound "attacks".
No. Need to get rid of malware on the teenager's computers.
MALWARE FAMILY: 911-socks5-proxy:
Threat actors infected +10K devices worldwide with 'PrivateLoader' and 'Amadey' loaders to recruit them into the proxy botnet 'Socks5Systemz.'
securityaffairs.com
From this link, it hints that 911-socks can be associated with installing TOR?
I think that is a really bad thing. No teen should have TOR installed. Sorry.
How can I use the features of this router to help determine the machine responsible?
Possibly but: You need a good antivirus/security software program running on EACH machine, and I would install that AFTER a clean install of Windows on each of those machines.
Bitdefender or Kaspersky: Kaspersky has that Russian association which is a negative for many, so Bitdefender. A five pack is often on sale on Amazon or Newegg.
Any help would be appreciated as they say they are going to terminate our account as this problem is affecting the network.
You said this is the fourth warning?
"I am running a debian server at her location also for home assistant."
Who is the admin for this debian server? How often is it updated and maintained?
"But before it has to get that involved I I should perhaps format some pcs. There's only really 5 pcs running windows"
In my opinion they all need a bare metal clean install.
"I am at least going to have to gain remote access to them to run some tests and uninstall any sketchy software..."
Malware writers are very good. Doubt you are going to find the sketchy software.
"We bought the router to solve the problem so I hope we can find some solution. The ISP has already warned us 4 times."
Router wasn't the weak link. Teenagers: weak link, and their computers.
If the teens give permission for things to install, they can install, router can't prevent that.
I agree with Tech9:
"You have days long project reformatting and reinstalling 5x Windows PCs alone. It is a client, it is most likely a PC, try to catch which one is contacting this IP and how often. The more changes and blockers you introduce in the mix the more you mask the problem and make it harder for you to diagnose."
Get some frosty beverages, a phone or iPad to browse while things process.
Oh; important files are already backed up, in more than one place? Hashtag teens: I doubt it!
""Well so far it's just adguard and skynet. The AiProtect stuff is all turned on as well."
That's not going to solve this problem.
"What software should I run on the pcs, I am gaining remote access soon one pc at a time, they are giving me whatever time I need to clean the pc."
Up to date patched Windows, fully activated.
Bitdefender or Kaspersky.
"So far skynet has 0 outbound blocks. Looks like I may not get remote access. They are refusing and it's causing a huge mess. Damn little hackers."
Who is refusing? Teens or malware writers?
"I am a days drive including a seven hours fairy ride away, so I can't be on site."
A fairy ride: jeez, that is complicated! I hope they will stock plenty of fairy dust!
A ferry ride? Time for dramamine! Or even better: scopolomine patches
If you can't get there: zoom call to teens and have them do the reinstall of windows?
Learn how to use the installation media to reinstall Windows on your PC.
support.microsoft.com
Good time for them to learn about drivers and the whole windows system.
Driver install order I prefer:
- Windows, reboot
- Chipset driver, reboot (Intel or AMD)
- Graphics driver, reboot (Nivida or AMD or Intel)
- Then ethernet, wireless ethernet, sound, mouse, KB, etc.
- Then antivirus/security software, bitdefender is what I would recommend
- Then problems like word/games/etc
- Then restore the BACKED UP DATA files that ideally are backed up on a regular basis in more than one place.
Going to take hours. Good.
If they have TOR on system, or Torrent programs (you probably know this but these are very different, and I do not think TOR for a teen is a good idea at all.)
Please let us know how it goes!!!