[SOLVED] Network Monitor Showing Someone w/ Unauthorized Remote Access

Doc H

Reputable
Nov 1, 2014
7
0
4,510
Hi there,

Long time lurker, 2nd time poster. I can typically figure these kinds of things out on my own, but not so much lately. To be candid, I've fallen behind on the technology front, exponentially so regarding Windows 10.

So here's what's going on, I think. I've noticed some unusual activity on my network - significant drops in network stability (only on the laptop in question), random and significant events triggering massive CPU, RAM, and network usage. Also I have a few specific questions regarding what I believe to be - unauthorized users on my network remotely. I know there were unauthorized users (read: neighbors) at some points in the past, however I've changed both my network IDs and WiFi passwords. So, before I ramble on in scatterbrain mode any further, my first request:

1. I only just discovered Resource Monitor (Win10 Factory version) yesterday March 15, 2019. I KNOW, I know... ( ._.) ... I'm not proud. After poking around with it for a while I noticed what/who I believe to be a remote intruder. On the Network tab, listed under Network Activity I saw a few questionable images running. But what really bothered me (and brought me back to this wonderful community) is the image of svchost, which isn't cause for alarm in and of itself. What IS however, what the address it was running from, which was: "MyLaptopName.Ian"

Am I being paranoid or is that a definitive indication that someone (or more) is snooping around my computer? Any help, suggestions, explanations, would be greatly appreciated!

Some background info that has the possibility of being relevant:
-I was gifted this laptop from my former business partner. We ran an independent GameShop until it was no longer lucrative and we went our separate ways. So this laptop came from a former customer on trade-in. I have reason to believe it was traded-in by the legitimate owner; he knew the login and BIOS passwords, and typed them in quickly like he was used to it. He's not a junkie nor was he hurting for cash; he took the store credit even. Giving this background into has jogged my memory as well.
2. When former boss gifted me this, he said something to the tune of "I took all my stuff off, go ahead and format it or reset it or whatever". I've never been able to fully reinstalled Windows, as I usually do on any of my machines, using either the original CDs or an image on USB. I was able to "reset" the laptop remove all Win10 apps and other 3rd party software installed by a user and start with a .... sorta-fresh install of Windows, which doesn't do a whole lot. My thinking is that if the C drive is exclusively for the OS on this machine (Windows 10), and the issues lie in my downloads on the D: partition, will they even be found?

ONCE AGAIN ANY AND ALL GENUINE HELP OR ASSISTANCE is appreciated.
- Danny_BonaDocHe
 
Solution
Hello, thanks for the reply. I did attempt to do a clean install, but what I actually did was just "reset Windows 10 (Pro btw)", which is nothing close to a clean install according to what I've read. I'm going to post another thread, but this time I'll be more concise and not so wordy. Also will post it here, so if there's anything you can help me with, I sure appreciate it!
0qHPpDp.jpg

Oh silly boy, it's not Ian, but "LAN". I had a similar misunderstanding when my router had 'Ian' setup in its domain name/search domain name. Search for "Lan in search domain" <---- exact line, or something along those lines. Like, "lan router's search domain config"...

When in doubt, always do an IP look up of...

geniusdevil

Commendable
Jun 13, 2016
31
0
1,530
Hi there,

Long time lurker, 2nd time poster. I can typically figure these kinds of things out on my own, but not so much lately. To be candid, I've fallen behind on the technology front, exponentially so regarding Windows 10.

So here's what's going on, I think. I've noticed some unusual activity on my network - significant drops in network stability (only on the laptop in question), random and significant events triggering massive CPU, RAM, and network usage. Also I have a few specific questions regarding what I believe to be - unauthorized users on my network remotely. I know there were unauthorized users (read: neighbors) at some points in the past, however I've changed both my network IDs and WiFi passwords. So, before I ramble on in scatterbrain mode any further, my first request:

1. I only just discovered Resource Monitor (Win10 Factory version) yesterday March 15, 2019. I KNOW, I know... ( ._.) ... I'm not proud. After poking around with it for a while I noticed what/who I believe to be a remote intruder. On the Network tab, listed under Network Activity I saw a few questionable images running. But what really bothered me (and brought me back to this wonderful community) is the image of svchost, which isn't cause for alarm in and of itself. What IS however, what the address it was running from, which was: "MyLaptopName.Ian"

Am I being paranoid or is that a definitive indication that someone (or more) is snooping around my computer? Any help, suggestions, explanations, would be greatly appreciated!

Some background info that has the possibility of being relevant:
-I was gifted this laptop from my former business partner. We ran an independent GameShop until it was no longer lucrative and we went our separate ways. So this laptop came from a former customer on trade-in. I have reason to believe it was traded-in by the legitimate owner; he knew the login and BIOS passwords, and typed them in quickly like he was used to it. He's not a junkie nor was he hurting for cash; he took the store credit even. Giving this background into has jogged my memory as well.
2. When former boss gifted me this, he said something to the tune of "I took all my stuff off, go ahead and format it or reset it or whatever". I've never been able to fully reinstalled Windows, as I usually do on any of my machines, using either the original CDs or an image on USB. I was able to "reset" the laptop remove all Win10 apps and other 3rd party software installed by a user and start with a .... sorta-fresh install of Windows, which doesn't do a whole lot. My thinking is that if the C drive is exclusively for the OS on this machine (Windows 10), and the issues lie in my downloads on the D: partition, will they even be found?

ONCE AGAIN ANY AND ALL GENUINE HELP OR ASSISTANCE is appreciated.
- Danny_BonaDocHe
Is it Home or Pro edition? Cuz Windows 10 could create virtual adapters, drives--depending your configuration.
I'd have done a clean installation if received a devices from someone. You should always start fresh, fresh ip, fresh cache etc., 🌚
 

Doc H

Reputable
Nov 1, 2014
7
0
4,510
Is it Home or Pro edition? Cuz Windows 10 could create virtual adapters, drives--depending your configuration.
I'd have done a clean installation if received a devices from someone. You should always start fresh, fresh ip, fresh cache etc., 🌚
Hello, thanks for the reply. I did attempt to do a clean install, but what I actually did was just "reset Windows 10 (Pro btw)", which is nothing close to a clean install according to what I've read. I'm going to post another thread, but this time I'll be more concise and not so wordy. Also will post it here, so if there's anything you can help me with, I sure appreciate it!
0qHPpDp.jpg
 

geniusdevil

Commendable
Jun 13, 2016
31
0
1,530
Hello, thanks for the reply. I did attempt to do a clean install, but what I actually did was just "reset Windows 10 (Pro btw)", which is nothing close to a clean install according to what I've read. I'm going to post another thread, but this time I'll be more concise and not so wordy. Also will post it here, so if there's anything you can help me with, I sure appreciate it!
0qHPpDp.jpg

Oh silly boy, it's not Ian, but "LAN". I had a similar misunderstanding when my router had 'Ian' setup in its domain name/search domain name. Search for "Lan in search domain" <---- exact line, or something along those lines. Like, "lan router's search domain config"...

When in doubt, always do an IP look up of whichever unknown ip you doubt on. Google "Ip lookup <ip address>" , and then analyze its geographic location, the company's name, its purpose to be inside your machine etc., :)

What kind of Firewall are you using?
I would suggest 'Windows Firewall Control' which is bought by Malwarebytes now. You should learn to use it though. I learned through reading its help catalog. It teaches in detail. To begin with, I usually delete all the firewalls rules that Windows/Microsoft creates + the leftovers from cache, precious installations etc., then I ask Windows Firewall Control to create recommended basic rules for common internet activities... and then ask it to allow programs that are digitally signed; this way I know that any unknown(not digitally signed) app doesn't get the access.

The default Microsoft firewall rules block incoming connections, but leave the outgoing open... so if there's any malware or app that's not fully removed and still present somewhere, will initiate outgoing connections.... Windows Firewall Control(Malwarebytes) blocks Incoming and Outgoing both, and then allows apps according to the rules you set. You're the boss with this app, what goes in and out in terms of data/connection. It also has boot feature which blocks all the connections to internet until the system comes to Windows, and then you manually select the WFC connection from Strict to Medium(security).

Look into this app, you'll save yourself from disastrous antivirus' Firewalls...

And don't worry about lan (Lan). What router do you have? Check it's settings and you might see lan somewhere. I think I had it on my Apple router, or Dlink. Can't seem to remember.
 
Solution