Weird Network Problems

[lukethomas209]

So I checked on my network, just recently, and I saw some strange names connected. I saw BOYKA, KYLO-PC, RADULOVIC-PC, and my computer. I was freaking out, so I went to the DHCP Reservation on my routers setup and checked the devices connected. It was just my devices. But I still changed the password, but I was kind of reassured of the fact that it was probably just a program that accesses the network. But I googled all the names and no kind of software came up that may use these names displayed on the network, nor anyone else having this problem. I am worried that a people are accessing my network. Also, no one around my house has any of those names.

UPDATE: Also I cannot create a homegroup because the user KYLO already has one on the network.

 

[sewalk]

Sounds like you need to secure your wireless network. Turn on WPA2 (or WPA if that's all your wireless hardware supports) and set a key to secure your network. You'll have to enter the same key on every device you want to connect so be sure you can remember it.

 

[lukethomas209]

My network is secure. It is WPA2 and it has been. I changed it when i first saw people connected. Then, checked back and they were still connected.

 

[sewalk]

If they're not connected via wireless, the only other ways are through ethernet (though having to connect cables to your router makes this highly unlikely) or through some kind of virtualization which means a computer on your network has been compromised.

 

[lukethomas209]

Can you tell me more about virtualization because I believe that is what it is?

 

[mcnumpty23]

even wpa2 is breakable due to gpu accelerated password cracking

are you using a decent strength password?

not something thats only 8 digits or similar

you need a mixture of upper case,lower case and special characters and pad it out



and if your router has wps that needs to be turned off immediately as thats now easily breakable

due to a recently discovered flaw--and is turned on by default in most routers that have wps

and if your router is named belkin or something thats popular change it to something unusual--this

prevent use of pre-computed rainbow tables against networks named belkin etc

 

[sewalk]

Another tip for security: turn off broadcast of the SSID (name) of your network. If you are seeing these other PCs on your network immediately after changing your WPA2 key, it's almost certainly not password cracking unless you're using unbelievably simple keys and your intruder is using scripts to automatically start cracking as soon as the network connection is broken.
By virtualization, I mean some kind of malware attack that essentially uses your PC as a proxy/gateway for someone else's traffic. Run a good malware scanner and check Task Manager for suspicious programs or services.

 

[lukethomas209]

Another tip for security: turn off broadcast of the SSID (name) of your network. If you are seeing these other PCs on your network immediately after changing your WPA2 key, it's almost certainly not password cracking unless you're using unbelievably simple keys and your intruder is using scripts to automatically start cracking as soon as the network connection is broken.
By virtualization, I mean some kind of malware attack that essentially uses your PC as a proxy/gateway for someone else's traffic. Run a good malware scanner and check Task Manager for suspicious programs or services.

Ok I am downloading MalWare Bytes. I think it is that because they were still connected after I changed the name. I also disabled broadcast SSID, but now how will I connect all my devices?

 

[mcnumpty23]

you can as said turn off broadcasting your ssid

and turn on mac filtering as well

though these wont stop some one who knows what they are doing at all

they will just spoof the mac address and any decent linux program shows hidden ssid names

and it also doesnt have to be password cracking--once some one has already accessed your

network they can capture any new password you enter into your router

though as already suggested

Run a good malware scanner and check Task Manager for suspicious programs or services anyway

best bet is a full reload of windows to be sure your pc is clean then

disable the wireless on your router then change the password and security settings etc before

using wireless

chances are if you are being hacked its wireless--and they can do it from hundreds of yards

away so dont need to be right next to you to do it

and make sure to change the router page login from admin and 1234 or whatever it is

 

[sewalk]

I also disabled broadcast SSID, but now how will I connect all my devices?

You have to set up each wireless connection manually rather than just click on an existing network. Alternatively, you can enable the SSID when connecting a new device and disable it when you're done if your devices make it tricky to connect to a hidden SSID.

mcnumpty23's comments about how hard it is to stop someone who really knows what they are doing are right on the money. For maximum security, once you run a malware scan, connect to the router via ethernet rather than wireless to make your configuration changes. This will make intercepting the new password damn near impossible.

A summary of recommended security steps:
Use a wired connection to make changes to your router config
Disable remote access to the router config utility
Use a strong WPA2 key
Make sure WPA2 is using AES encryption rather than TKIP
Use a strong WPA2 key
Use a strong router password
Use MAC filtering
Hide your SSID
Reduce ACK timing to limit the range of your wireless network

Not every router will support all these features but implement as many as you can and your network will be far more secure than it was previously. With any luck, this will make any dedicated intruders look elsewhere for an easier network to penetrate.

 

[mcnumpty23]

and also do a google on your router model to make sure there are no known vulnerabilities

surprising as it sounds sky broadband sent out god knows how many routers of a certain make

and model number where they calculated the wireless password and default user name by using

the mac address of the router


this is one of the dumbest things i have ever seen as your router broadcasts its mac address

wirelessly--so with the mac address you can calculate the default password and user name

and sky are aware of it but didnt recall them--their excuse when i spoke to them about this was it

let them calculate peoples password if they phoned sky because they had forgotten their password

 

[lukethomas209]

I installed Malware Bytes, and ran a scan and it found 3 threats: It found tracking cookies and a Trojan of some sort. I deleted it and the computers connected to my network were gone. I am still worried though, as they could have gotten some of my personal information. I will probably be switching from AVG Free to Avast.

Thank you everyone for your help!

 

[mcnumpty23]

make sure to still implement some of the suggestions to secure your wireless network

you have to be paranoid about wireless security unfortunately

 

[lukethomas209]

Yes this has made me a bit paranoid. I thought that I was being careful, I would change the password every few months. I will now be sure to follow those steps, but I am still having trouble when hiding the SSID. I will enable it then connect my iPhone, but then when I disable SSID, the phone loses connection.

 

[sewalk]

Some devices, including many using iOS or Android often have trouble dealing with networks using a hidden SSID. It's surprising that both Apple and Google have had such poor wireless stacks. It seems to be improving, at least on Android. I can't speak for iOS since I won't pay the silly prices Apple demands for its products but I've heard its getting better, too.

 

[mcnumpty23]

dont have an iphone but have a friend who does and have had to help him with the same problem

as far as i remember before FW 3. I this wasnt an issue but since then autoconnect to hidden ssid

has been broken

quite honestly hiding the ssid wont stop some one who has the knowledge to hack your network

even windows 7 can see theres a hidden network there just calls it other network

but most hackers use linux and it will still read your network name even if its hidden--the make of

your router as well as other stuff

so as long as you use a really strong password and the other stuff mentioned earlier hiding your

ssid wont really matter so might as well unhide to allow your iphone access

 

[lukethomas209]

The computers have shown up again on my network, this time there is an ANDRE-PC.
I am really worried. What do I have to do to keep these hackers out? I have hidden the SSID.

 

[mcnumpty23]

when you ran malwarebytes did you turn off system restore?

may be possible for the trojan to re-install itself from there

 

[lukethomas209]

I can't remember but it is running right now, so I will check when it is done. This time it is a different name though.

Thanks again to everyone for your helpfulness and patience.

 

[szaboaz]

The computers have shown up again on my network, this time there is an ANDRE-PC.
I am really worried. What do I have to do to keep these hackers out? I have hidden the SSID.

Does it disappear, if you switch off wifi?

 

[CaedenV]

this is most likely a windows issue, not a network issue
1) what version of windows, and is it updated
2) what type of antivirus (Malwarebyets, as good as it is, is no substitute for antivirus)
3) when you disconnect from the network are the computers still there?
4) reset/flash your router, just in case. Also, move to Tomato or some similar router OS if your device supports it. It will give you many more options, and be much more secure than your plain vanilla d-link/linksys/netgear stuff.
5) backup all of your data and prepare to reformat your system if necessary (it truly is the only way to remove a virus sometimes)

 

[lukethomas209]

this is most likely a windows issue, not a network issue
1) what version of windows, and is it updated
2) what type of antivirus (Malwarebyets, as good as it is, is no substitute for antivirus)
3) when you disconnect from the network are the computers still there?
4) reset/flash your router, just in case. Also, move to Tomato or some similar router OS if your device supports it. It will give you many more options, and be much more secure than your plain vanilla d-link/linksys/netgear stuff.
5) backup all of your data and prepare to reformat your system if necessary (it truly is the only way to remove a virus sometimes)

Windows is up to date.
I am using AVG Free, and Malwarebytes.
I only see the computers connected in windows explorer on my computer, not on any other computers in my house.
My computer is the only one connected to the router via Ethernet.
The connected computers do not show up in the DHCP Reserve, only on my PC's network tab.
Also, when I click on ANDRE-PC in the Media Devices TAb under my Network, Media Player opens, and contains my audio files.
AVG keeps having pop-ups for tracking cookies and they end in ".FASTCLICK"