Hello guys! um ive been hacked 2 times while using 2 diffent asus routers

[Deee]

hello guys , i will try explain everything so 1st time i got hacked i didnt notice anything was wrong until my logs said i was getting ddos land attack from within my own network, at the time i was using Express VPN, Mcafee total security and malwarebytes , vpn and mcafee was the paid versions malware was on trail , anyways mcafee and malwarebytes didnt pop up nothing, only when i logged into my router i could see ddos scan and ddos land attack warnings, this was my 1st time ever getting hacked, but as soon as i saw the ddos attacks i spent 5 days trying to figure out what is going on and how i do get to the bottom of this, eventually he was already in my router, i remember loggin in to my router and i saw this weird ip address in my network, so i googled it up and the ip adresss was coming from china , so then i saw that he has opened so much ports though netbios or natstat, so i disconnnect the router from the internet and begin to google every open ip on my netstat and eventually i added all of them to my block list on my router. but that did not work , the hacker managed to rootkit my motherboard, and my ssd, i couldnt properly install windows and even it i did managed to get it to install and tooookk ages... i knew the rootkit is in the hhds aswell the rootkit was bypassing every virus /malware/rootkit program i used , it did stop me from using spy hunter i couldnt even get it to install on a fresh windows, cause even after a formatt i could feel the computer was very sluggish, so i knew a newbie like me couldnt save it the infected parts, even my router after a hardreset and frimware reinstall, his backdoors was still in then router, so i bit the bullet and chucked out everything i think is infected with the kits and went out and got new parts of whatever i thought was infected , anyways i waited a week before i even plugged my new moderm back in , and called my isp to change ip address and ask them to check there end if they got compromised , recieved a email back from them saying there end is all good. so after that week has past , i started putting my new pc together , and plugged and config my router to the bestest i can using guides and reading what does what. anyways everything was all good for these past 4 days , so this time around i was using different vpn and antivrus suits , okay so what i noticed with my vpn is that only when i turn the computer on for the 1st time , heaps of active connections will pop up in my router page , but it eventually all goes away and leaving me only with my pvn as the only one that is using my ip in active connects, after the 1st incident I'm very paranoid so i will always check the logs, so i was looking at active connections and my ip had two coming from port 18017 and 18016 so i quickly search up the ip , one of them was from microsoft in description of the search when when i clicked the the abuse website for more info, alot of users from differnt countrys and there was some from mine stating that this was a hacker / ddoser /scanner , after i saw this i turned off my router and and reformated my whole pc straight away , he only established connection for only 1 min b4 i noticed he was no good, so after the reformat (this time the install was fast and it didnt feel like sluggish) so i think i pulled it just in time b4 he could install anything . i had my isp router from when i signed up but never used, im am using that atm and everything seems good, no attack logs , any everything is smooth . from my understanding from what ive witnessd and researched about , asus has a flaw on there no internet redirecting ports, because the 1st time that it happened it was the same ports that they used to get me the 1st time , lucky i remember the ports and was on high alert after i saw it, so i think i manged to dodge this one, what do you guys think??? im thinking of buying some really high end router.. ive been soo stressed tryin to keep my network safe. i even have timers on my router and my dslam which turns off 2 times every day and stays off for 10 mins and i turn my computer off to , the dlsam will turn on 1st and 1minute later the router gets turned on , and after that i wait till everything connects and then i turn back 0n my computer, if you guys can please recommend me a really really good router with top security please!

 

[ColinTaylor]

I think you are misunderstanding the information you are looking at on the router. I suspect there is no problem at all with it.

The next time you see these things that worry you take screen shots of them and upload them here (or provide a link on https://imgur.com/).

 

[OzarkEdge]

hello guys , i will try explain everything so 1st time i got hacked i didnt notice anything was wrong until my logs said i was getting ddos land attack from within my own network, at the time i was using Express VPN, Mcafee total security and malwarebytes , vpn and mcafee was the paid versions malware was on trail , anyways mcafee and malwarebytes didnt pop up nothing, only when i logged into my router i could see ddos scan and ddos land attack warnings, this was my 1st time ever getting hacked, but as soon as i saw the ddos attacks i spent 5 days trying to figure out what is going on and how i do get to the bottom of this, eventually he was already in my router, i remember loggin in to my router and i saw this weird ip address in my network, so i googled it up and the ip adresss was coming from china , so then i saw that he has opened so much ports though netbios or natstat, so i disconnnect the router from the internet and begin to google every open ip on my netstat and eventually i added all of them to my block list on my router. but that did not work , the hacker managed to rootkit my motherboard, and my ssd, i couldnt properly install windows and even it i did managed to get it to install and tooookk ages... i knew the rootkit is in the hhds aswell the rootkit was bypassing every virus /malware/rootkit program i used , it did stop me from using spy hunter i couldnt even get it to install on a fresh windows, cause even after a formatt i could feel the computer was very sluggish, so i knew a newbie like me couldnt save it the infected parts, even my router after a hardreset and frimware reinstall, his backdoors was still in then router, so i bit the bullet and chucked out everything i think is infected with the kits and went out and got new parts of whatever i thought was infected , anyways i waited a week before i even plugged my new moderm back in , and called my isp to change ip address and ask them to check there end if they got compromised , recieved a email back from them saying there end is all good. so after that week has past , i started putting my new pc together , and plugged and config my router to the bestest i can using guides and reading what does what. anyways everything was all good for these past 4 days , so this time around i was using different vpn and antivrus suits , okay so what i noticed with my vpn is that only when i turn the computer on for the 1st time , heaps of active connections will pop up in my router page , but it eventually all goes away and leaving me only with my pvn as the only one that is using my ip in active connects, after the 1st incident I'm very paranoid so i will always check the logs, so i was looking at active connections and my ip had two coming from port 18017 and 18016 so i quickly search up the ip , one of them was from microsoft in description of the search when when i clicked the the abuse website for more info, alot of users from differnt countrys and there was some from mine stating that this was a hacker / ddoser /scanner , after i saw this i turned off my router and and reformated my whole pc straight away , he only established connection for only 1 min b4 i noticed he was no good, so after the reformat (this time the install was fast and it didnt feel like sluggish) so i think i pulled it just in time b4 he could install anything . i had my isp router from when i signed up but never used, im am using that atm and everything seems good, no attack logs , any everything is smooth . from my understanding from what ive witnessd and researched about , asus has a flaw on there no internet redirecting ports, because the 1st time that it happened it was the same ports that they used to get me the 1st time , lucky i remember the ports and was on high alert after i saw it, so i think i manged to dodge this one, what do you guys think??? im thinking of buying some really high end router.. ive been soo stressed tryin to keep my network safe. i even have timers on my router and my dslam which turns off 2 times every day and stays off for 10 mins and i turn my computer off to , the dlsam will turn on 1st and 1minute later the router gets turned on , and after that i wait till everything connects and then i turn back 0n my computer, if you guys can please recommend me a really really good router with top security please!

I suspect the routers you have are fine. I would hire someone to clean up and secure your network and clients, and then practice safe computing at home and when mobile.

OE

 

[Deee]

i would love to believe that aswell, but i remember with my 1st asus router i hard reset and reintsalled firmware but his back door was there , as soon as i plug my pc in i can see his ports in active connections just swam my ip address , i reflashed the firmware so many times. and his backdoor manged to stay on there, the 2nd asus router i was using , it was working flawlessly , the pages loaded fast, but as soon as they established port 18017 the router pages was loading really slow. i knew something was up, and as i said port 18017 and 18016 is how they got though in the 1st place. using netbios or netstats. im using a different brand router and reformatted my pc. everything seems fine, and my logs are good aswell

 

[ColinTaylor]

The process using ports 18017 and 18018 is wanduck. This is perfectly normal and nothing to worry about.

 

[Deee]

and the motherboard i couldnt even install windows, at one stage, at the beginning i did a non usb windows install though windows itself, and it took me like 2 hours to restall windows. i know that the rootkit is there. my pc is fast aswell. ssd too so there should be no reason for it to install that slow if there wasnt any malware/rootkits and the pc was really really sluggest, i can feel and see the lag. dude ive been onto this for 2weeks now. i know something is wrong. ive been building and using computers for a long time. i would not lie to you guys about what i witnessed and experienced to far.

 

[Deee]

i was getting ddos land attack non stop and port scan aswell and it was coming within my network i remember the logs telling me, and i saw the hacker in my home network. as i said i searched the ip that was in my home network and the ip was from china

 

[ColinTaylor]

We're not saying you haven't got problems with your PC. We're just saying that nothing you have said so far would necessarily indicate a problem with the router.

i was getting ddos land attack non stop and port scan aswell and it was coming within my network i remember the logs telling me, and i saw the hacker in my home network. as i said i searched the ip that was in my home network and the ip was from china

So none of that would indicate a problem with the router itself. Next time take a screenshot.

 

[K-2SO]

1st time i got hacked

Someone hacked your keyboard. Is the first post one sentence? Nobody hacked your router. You're going to hack yourself soon with all the chaotic use of scanners and tools downloaded from Internet. Calm down and relax. DDOS attack from inside your network is AiProtection over-reaction.

at the beginning i did a non usb windows install though windows itself

This is something interesting. How did you install Windows through Windows itself?

 

[Deee]

you dont seem to be believing in what im saying. two routers and this expliots they using got me twice , even after a fresh pc and brand new router. ive been reading articles , asus update server was compromised a few years back and apperently 500000 of there routers has been hacked and used as bots

 

[Phil Outram]

Sounds like you browsed something dodgy on the pc and it became infected and now the router is detecting it as infected under ai protection.

Can I offer my opinion as an IT professional?

This means the pc, your browsing habits and to be honest the very poor AV product installed are the likely problem.

Rootkit viruses tend to install themselves into a hidden boot partition on the hard drive. You'll need to manually remove all partitions before reinstalling windows from scratch.

Then get a good quality antivirus product installed if you're browsing suspect content. Mcafee is pretty poor to be perfectly honest. I'd get Sophos, Norton or Bitdefender installed. Most of these AV products also have a root kit removal tool if required as well.

Better still set up a hyper-V vm in Windows once you have the pc back up and running. Make sure the AV is installed on it, set it with a static IP and make sure your router sends all it's traffic over a reputable vpn service. Take a snapshot of the vm whilst it is clean. Then do all your dodgy browsing, torrenting etc through the vm. If it gets infected revert to the snapshot which will instantly clean it up again. This way there is no risk to your physical pc.

 

[ColinTaylor]

you dont seem to be believing in what im saying. two routers and this expliots they using got me twice , even after a fresh pc and brand new router. ive been reading articles , asus update server was compromised a few years back and apperently 500000 of there routers has been hacked and used as bots

No we don't believe that the router has been hacked because you have provided no coherent evidence. The things you mention are either normal operation (wanduck, netbios, etc.) or are the "scary messages" that AiProtection puts out all the time.

You need to understand what you are looking at before jumping to conclusions. If you don't understand what you are looking at post a screenshot here for us to explain.

 

[K-2SO]

you dont seem to be believing in what im saying

I believe you hacked me good with the first post. I need some time to adjust my eyes now.

 

[Deee]

K-2so , im using the Built in tools from the asus router, netstat logs in router and active connections logs in asus router..... and the general logs in the router itself. i only have use 1 total security software for my pc and a malware software, you guys seem to lack the info or never been compromised like this before. this is my last resort coming here for advice , ive tried everything in my knowledge to fix this by myself. theres a flaw in the asus routers. im using a TP link router right now, and everything is normal

 

[K-2SO]

ive tried everything in my knowledge

This part I understand perfectly. You're panicking for nothing based on my knowledge.

im using a TP link router right now, and everything is normal

Good. If you get really hacked with this one it won't show you anything. You get a better life though.

 

[Deee]

hrm i explaining everything that has happened. im not making nothing up. and you guys seem to be trolling me??? i dont get it??

 

[Deee]

i thought this was one of the best forum to get help, im explaining everything that has happened. and you guys just laughing away ...

 

[K-2SO]

hrm i explaining everything that has happened

What if I tell you internal network DDOS attack is a common AiProtection over-reaction? Would you believe me?

i thought this was one of the best forum to get help

It probably is. You already diagnosed issues and took actions before asking for help. And you don't accept any advice.

 

[Deee]

Ai protection didnt give me any hit of nothing. the ddos scan dds land attack was coming from the main logs in asus, and i checked my mcafee firewall logs at that time and it was telling me the same thing. and plus he ddosed me that much my internet crashed on my pc and anti virus program was disabled.

 

[Deee]

and any logs that are not know to me . google is your best friend.