Unsecure Computer to Computer network

Acer / Aspire 5610z
June 1, 2009 at 10:15:43
Specs: Windows XP Pro SP3, Intel 1.6 Dual core
I am not sure what this is. It shows up in the Wireless Network Connections. It just started this about a week ago. I have not added any routers or wireless devices. It shows up with one bar no matter where I am. I tried to connect but I cannot connect. I did some research and found this could be a result from a hacker? Maybe the way a haker uses it to connect to my PC? You can see in the general forum i have had some issues with harrassing e-mails also in the security forum ive had issues with infections. All infections are clean now though.

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


See More: Unsecure Computer to Computer network

Report •


#1
June 1, 2009 at 10:54:24
Wireless NICs tend to show whatever routers are in range. You will see duplicate names from time to time but that doesn't mean they are the same connection. If I connect to your router, you'll see it in the DHCP list of IP addresses in the router interface. Most people don't ever look at it. Once I connect to your router, I can only view your files if you have file sharing enabled or there is a trojan running.

To secure your wireless network, change the router's default password, enable MAC filtering & enable WPA encryption.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
June 1, 2009 at 16:30:26
Like I said it just showed up last week. If I walk down to my dads house I still get 1 bar on the signal. No matter where I go I get that WLAN computer to computer even if I go to town about 15 miles I still get 1 bar on the WLAN. I am thinking this is some backdoor a hacker is useing. Maybe I am crazy but its strange even when I went on a trip lastweek over 100 miles away I still got the WLAN Computer to Computer with 1 bar signal. I am going to back everything up with ghost format and reinstall Windows and see what happens.

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#3
June 1, 2009 at 16:40:33
Having hacked a number of wireless networks myself, I don't think it's a back door at all. How could a hacker be following you everywhere you go? How could it send a wireless signal 100 miles away when it barely goes 200 feet?

Boot the laptop, don't open any windows except a command prompt.
Run netstat -ano

That will show all your connections.
Post the output if you don't understand it.

How do you know when a politician is lying? His mouth is moving.


Report •

Related Solutions

#4
June 1, 2009 at 16:55:04
What I meant was a backdoor to get into my computer and get my personal info not exactly hacking my router. I am going to try what you just said. Also I am going to try another wifi adapter and see what it shows. btw thanks for the help.

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#5
June 1, 2009 at 17:01:17
netstat -ano results.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\User>netstat -ano

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1032
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2804 0.0.0.0:0 LISTENING 2080
TCP 0.0.0.0:5101 0.0.0.0:0 LISTENING 1672
TCP 127.0.0.1:1028 127.0.0.1:2804 ESTABLISHED 588
TCP 127.0.0.1:1032 0.0.0.0:0 LISTENING 3380
TCP 127.0.0.1:2048 127.0.0.1:2049 ESTABLISHED 1672
TCP 127.0.0.1:2049 127.0.0.1:2048 ESTABLISHED 1672
TCP 127.0.0.1:2804 127.0.0.1:1028 ESTABLISHED 2080
TCP 127.0.0.1:3385 127.0.0.1:10080 TIME_WAIT 0
TCP 127.0.0.1:10080 0.0.0.0:0 LISTENING 2148
TCP 127.0.0.1:10080 127.0.0.1:3325 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3329 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3335 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3337 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3339 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3343 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3345 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3351 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3357 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3359 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3361 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3363 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3367 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3369 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3371 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3373 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3375 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3377 TIME_WAIT 0
TCP 127.0.0.1:10080 127.0.0.1:3379 TIME_WAIT 0
TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING 2708
TCP 127.0.0.1:13128 0.0.0.0:0 LISTENING 2148
TCP 127.0.0.1:18080 0.0.0.0:0 LISTENING 2148
TCP 192.168.2.102:139 0.0.0.0:0 LISTENING 4
TCP 192.168.2.102:3020 76.13.15.54:5050 ESTABLISHED 1672
TCP 192.168.2.102:3028 68.142.233.117:443 ESTABLISHED 1672
TCP 192.168.2.102:3220 209.62.185.19:80 LAST_ACK 2148
TCP 192.168.2.102:3226 96.17.160.98:80 TIME_WAIT 0
TCP 192.168.2.102:3252 168.75.199.140:80 TIME_WAIT 0
TCP 192.168.2.102:3254 208.22.87.8:80 TIME_WAIT 0
TCP 192.168.2.102:3258 209.85.133.100:80 LAST_ACK 2148
TCP 192.168.2.102:3261 209.85.133.100:80 LAST_ACK 2148
TCP 192.168.2.102:3264 149.174.254.214:80 TIME_WAIT 0
TCP 192.168.2.102:3282 96.17.160.98:80 TIME_WAIT 0
TCP 192.168.2.102:3298 208.22.87.56:80 TIME_WAIT 0
TCP 192.168.2.102:3312 208.71.124.95:80 TIME_WAIT 0
TCP 192.168.2.102:3324 91.103.138.62:80 FIN_WAIT_1 2148
TCP 192.168.2.102:3332 216.52.167.81:80 TIME_WAIT 0
TCP 192.168.2.102:3354 149.174.254.214:80 TIME_WAIT 0
TCP 192.168.2.102:3386 208.22.87.48:80 TIME_WAIT 0
TCP 192.168.2.102:3388 208.22.87.48:80 TIME_WAIT 0
TCP 192.168.2.102:3390 208.22.87.48:80 TIME_WAIT 0
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 800
UDP 0.0.0.0:4500 *:* 800
UDP 127.0.0.1:123 *:* 1072
UDP 127.0.0.1:1900 *:* 1204
UDP 127.0.0.1:2051 *:* 1672
UDP 192.168.2.102:123 *:* 1072
UDP 192.168.2.102:137 *:* 4
UDP 192.168.2.102:138 *:* 4
UDP 192.168.2.102:1900 *:* 1204

C:\Documents and Settings\User>

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#6
June 1, 2009 at 17:16:50
I tried the wireless adapter. Still I get the WLAN Unsecure Computer to Computer. Even when I disable the onboard built in wifi it shows WLAN Unsecure Computer to Computer.

I ran startup recovery to a frest install. Backup was made before it was even online.
looked in the wireless connections and no WLAN Unsecure Computer to Computer. This is so wierd. I may sound crazy but I still think its some backdoor. Here is the netstat of my desktop.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\User>netstat -ano

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1024
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 1236
TCP 0.0.0.0:5101 0.0.0.0:0 LISTENING 2008
TCP 127.0.0.1:1025 127.0.0.1:1026 ESTABLISHED 2008
TCP 127.0.0.1:1026 127.0.0.1:1025 ESTABLISHED 2008
TCP 127.0.0.1:1030 0.0.0.0:0 LISTENING 1396
TCP 127.0.0.1:1170 127.0.0.1:15050 ESTABLISHED 2008
TCP 127.0.0.1:10080 0.0.0.0:0 LISTENING 2440
TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING 2580
TCP 127.0.0.1:13128 0.0.0.0:0 LISTENING 2440
TCP 127.0.0.1:15050 127.0.0.1:1170 ESTABLISHED 2440
TCP 127.0.0.1:18080 0.0.0.0:0 LISTENING 2440
TCP 192.168.2.103:139 0.0.0.0:0 LISTENING 4
TCP 192.168.2.103:1171 68.180.217.29:5050 ESTABLISHED 2440
TCP 192.168.2.103:1193 68.142.233.91:443 ESTABLISHED 2008
TCP 192.168.2.103:1405 149.174.254.214:80 TIME_WAIT 0
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 760
UDP 0.0.0.0:4500 *:* 760
UDP 0.0.0.0:9370 *:* 2068
UDP 127.0.0.1:123 *:* 1092
UDP 127.0.0.1:1054 *:* 2008
UDP 127.0.0.1:1262 *:* 5432
UDP 127.0.0.1:1900 *:* 1236
UDP 192.168.2.103:123 *:* 1092
UDP 192.168.2.103:137 *:* 4
UDP 192.168.2.103:138 *:* 4
UDP 192.168.2.103:1900 *:* 1236

C:\Documents and Settings\User>


Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#7
June 1, 2009 at 19:31:09
TCP 192.168.2.102:3220 209.62.185.19:80 LAST_ACK 2148

I don't see any back door connections although the connection I listed could be considered spyware. Run the command again. If it still has the same PID, run

taskkill /pid 2148


If there is an unsecured opened wifi in your area, it's no big deal. Delete it & reboot. Does it reappear? It could be cached in the registry.

Also, it appears that you have file sharing enabled. If you don't need it, disable it.

How do you know when a politician is lying? His mouth is moving.


Report •

#8
June 2, 2009 at 03:20:14
I do not have file shareing enabled.

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#9
June 2, 2009 at 04:38:08
Ok, good.

How do you know when a politician is lying? His mouth is moving.


Report •

#10
June 2, 2009 at 06:11:40
I made a backup of everything. I am restoreing Windows Vista although I hate Vista I will work with it a few days and see how things go if the WLAN shows back up. It may show it when I get it loaded back up. I just can't figure out what it is. And why its always 1 bar on the signal no matter if I am 200 feet from my home or 200 miles that WLAN whatever it is shows up as 1 bar.

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#11
June 2, 2009 at 12:52:37
There is no reason to do all that work for that. You're making something out of nothing.

How do you know when a politician is lying? His mouth is moving.


Report •

#12
June 2, 2009 at 16:56:09
Ok I tried to reload Vista with the recovery disk. It gave some error. So I am restoreing the ghost image of XP. I will explain this. The laptop came with Vista and I hate Vista so I bought XP Professional and downgraded. The laptop works about 95% better with XP. The 5% is a webcam issue that me Acer or my warranty company cannot figure out.
<edit>
can=cannot :)

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#13
June 3, 2009 at 04:55:41
There is a registry key that stores that info. I'm not sure but I think it's
HKLM
System
CurrentControlSet
Control
Network

I'll look for it when I have time but I bet you can remove it from there.

How do you know when a politician is lying? His mouth is moving.


Report •

#14
June 3, 2009 at 08:57:10
Stores what info?

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#15
June 3, 2009 at 15:53:44
The registry stores all the wireless networks that you see in the 'connect to' list. It's too complicated to explain in a post but you can search the registry for the name of that connection.

How do you know when a politician is lying? His mouth is moving.


Report •

#16
June 3, 2009 at 16:05:15
Sounds to me like someone was playing with setting up a wireless ad-hoc connection which would explain that no matter where the "connection" still showed up. Though it was not connected to anything.

Report •

#17
June 3, 2009 at 16:19:06
I agree that it was never connected.

How do you know when a politician is lying? His mouth is moving.


Report •

#18
June 3, 2009 at 16:20:47
I just found a rootkit on my desktop. I still believe it is a backdoor trojan of some kind.
I can post a log from Antimaleware Bytes.
Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#19
June 3, 2009 at 17:20:31
Clean the system & see if the connection is still listed. Post whatever you want. I'd like to see it.

How do you know when a politician is lying? His mouth is moving.


Report •

#20
June 3, 2009 at 18:59:43
Here it be.

Malwarebytes' Anti-Malware 1.37
Database version: 2224
Windows 5.1.2600 Service Pack 3

6/3/2009 7:06:23 PM
mbam-log-2009-06-03 (19-06-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 164008
Time elapsed: 45 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{37abfa27-c5fc-456b-b4b2-f4903d70cca5}\RP39\A0015334.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.


Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#21
June 3, 2009 at 19:02:11
Given your previous posts it is a waste of time to continue further.

You need to reload your system from scratch. No restore of data. No restore of backup. They are infected. Only if you can import data into an application are you "fairly" safe.

Nothing is safe on the internet anymore.

BTW if you found a rootkit you have not been hacked. You have gone somewhere/got something. But if you had been hacked you would not have found the rootkit. The hacker would have removed it after what it started called home to let the hacker in. Rootkit is just the beginning.

You need to readup and understand safe computing.


Report •

#22
June 3, 2009 at 19:27:50
I have already restored to a fresh and clean backup of vista. I will wait and see how it doese. Oh and I do have more clean backups.
No need for a fresh install from scratch that would be a waste of time. :)

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#23
June 6, 2009 at 10:44:06
Will someone please help?

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#24
June 6, 2009 at 13:11:02
wanderer already gave you the best recommendation, which was to do a clean install.

Your reply was:
"No need for a fresh install from scratch that would be a waste of time."

Why would you think that? A clean install will take far less time than you've already spent.


Report •

#25
June 6, 2009 at 16:13:52
If you insist on a clean install, make sure you have all the drivers first. Also, be aware that you might see that same connection again.

How do you know when a politician is lying? His mouth is moving.


Report •

#26
June 19, 2009 at 14:05:12
A clean install is totally unnecessary here...

Ad-Hoc (computer-to-computer networks) are stored semi-permanently in your connection list after even one connection attempt, whether it was successful or not. At some point, your wireless card either tried to roam onto the next available network (ie. that one, in range at the time) or you inadvertently tried to connect to it yourself.

It will be in the connection list until you remove it manually (which is possible through the GUI, no registry tweaking or anything like that is needed at ALL!)

This is 100% normal behaviour and is not a security threat on its own.


Report •


Ask Question