dw222016

I guess I can go out and buy one. I'm getting very tired of this, my ISP has been contacted and given logs of these attacks and was told they'd change my IP address..which they didn't. My PC is supposedly clean, I've checked every security option in the router I know to check, etc. For a time, the attacks had ceased knocking me offline, a very short time but a time. Now whomever these people are have started hitting me hard again and knocking my connection out. I don't really want to spend money on a new router and then come home with it and the attacks still continue, but since I have no other ideas and my ISP isn't all that interested in doing much, I guess I'll just do it.

Yes I do actually. In fact I updated it successfully a couple of days ago.

Even if the downloader is not currently running? It wouldn't have explained the remote lan access or being knocked offline with every scan attack either. I've never had the downloader do this before, and we've had WoW for some time now. Forgive all the questions, I'm just a newbie to this sort of thing and concerned about hacks and data theft.

That is so strange, I don't understand why I'm being hit like this then if there are no botnets, rootkits, etc on the system. I'm certainly happy about a clean PC...but then it makes figuring out how to stop these attacks that much more complicated (to me at least since I've not a clue how all this works on a technical level).

Hello, here's the log you asked for. I hope the post comes through okay, I was just hit with another scan/attack while posting and it may mess it up. Fixlog.txt

Hello, here are the files you requested. I think I am slowing figuring this out, TwinHeaded. You see, one of my younger family members plays World of Warcraft, and of course ports are needed to be forwarded. Well, he looked here for that information: https://us.battle.net/support/en/article/configuring-router-and-firewall-ports. Port 80 and 443 don't seem to be ports one should be forwarding haphazardly, according to Google. So, I went in and took those two ports off the forwarding list. Sure enough, no more "remote lan access" messages since then. That being said, I am still being knocked offline at times by these "Syn/Ack" and "Dos Chargen" attacks. So I'm not quite out of the woods yet. I tell you, I've ran multiple malware scans with other programs such as Malwarebytes Anti-Rootkit and Hitman Pro along with MBAM Premium and Avast..and they just are not finding any infections. I hope these logs attached provide some kind of answers. I'll use whatever other tools and upload whatever other logs you need to get this thing settled. Addition.txt FRST.txt

Unfortunately it doesn't seem so. This is what I am seeing in my router logs: "[DoS Attack: SYN/ACK Scan] from source: 23.235.39.193, port 80, Saturday, November 28, 2015 14:29:49 [LAN access from remote] from 220.167.100.13:6000 to 192.168.1.150:80, Saturday, November 28, 2015 13:50:29[LAN access from remote] from 185.106.94.2:57578 to 192.168.1.150:80, Saturday, November 28, 2015 13:26:09[DoS Attack: SYN/ACK Scan] from source: 104.71.249.130, port 80, Saturday, November 28, 2015 13:21:47[DoS Attack: ACK Scan] from source: 169.54.233.119, port 53, Saturday, November 28, 2015 13:16:23[admin login] from source 192.168.1.150, Saturday, November 28, 2015 13:13:58[DoS Attack: SYN/ACK Scan] from source: 45.58.135.130, port 6667, Saturday, November 28, 2015 13:13:32[DoS Attack: ACK Scan] from source: 93.186.251.13, port 80, Saturday, November 28, 2015 13:01:46[LAN access from remote] from 54.162.124.221:59983 to 192.168.1.150:443, Saturday, November 28, 2015 12:42:29[LAN access from remote] from 54.159.78.53:53779 to 192.168.1.150:80, Saturday, November 28, 2015 12:38:00" I know that port scans are a common thing and not necessarily an issue, but these remote log ins are unexplained.

TwinHeadedEagle, it looks like I've found two issues, my current DoS issue and a kid playing on the wrong side of the internet. I found this "pre-crack" and the game that was with it. It's gone now.

Hello, I totally understand and will be glad to do so, but I'm not quite certain which software you're referring to? I'm in a multi-member household and haven't installed anything myself that I knew to be pirated.

Hello there, thank you for the reply and any help you can give. I very much appreciate it. I ran this Farbar last night after realizing I was supposed to before I asked for help, but couldn't edit my post. I've attached both the Addition files from that first scan, and a FRST scan from just a few minutes ago so that it can be certain nothing has changed between those times. Addition.txt FRST.txt

Hi everyone, this is my first time here. I've got a major problem happening with my router and internet connection. First thing's first, the symptoms are very frequent network disconnections that are there and gone in seconds, along with even more frequent router logs telling me about remote lan access log ins and various Syn/Ack and "Chargen" DoS attacks. I'm using a Netgear WNDR 4300V3, and I've done all the securing I understand how to do on it, yet these attacks just keep coming and seemingly succeeding. I don't have UPnP enable, nor Remote Access, I've locked it down with a good password, changed DNS to OpenDNS, etc. I'm fearing a botnet or rootkit issue, but I've ran both Avast and MBAM premium and neither one of them have found a thing. I tried running HijackThis, but I just don't have the knowledge to read it and understand it. Some entries it says are suspicious, but "visitors say it's safe"..I just don't want to muck with it without knowing what I'm getting into. I'd really like to settle this without having to reformat everything, but I'll do what I have to do to get these people/person out of my hair. If a HijackThis log is requested, I can easily post it. Thanks.