Hacker/leech on my network and I can't get 'em off

[xrook1]

Setup:

I have a home network which consist of a Comcast modem, a dlink 601 wireless router and several devices connected both wirelessly and hardwired. All systems run win7 and android. 

 

Situation:

I've noticed my internet has been extremely slow. I've also noticed my wife's mouse move by itself, words typed in a search box by itself and my external HD showed activity when the computer its connected to was sleep. So now I'm convinced someone has hacked into my network.

 

Measures taken:

I reset the router - stronger password, MAC filtering enabled

Created NEW SSID, WPA2 w/ AES encryption, 64bit encryption/password 

I have Microsoft security essentials as antivirus software, malwarebytes as backup, and zone alarm for firewall.

I've re-installed win7 on all devices.

Downloaded "whos on my wifi" software - nothing outside of Known MAC addresses

 

Results:

My internet is still moving really slow, mouse flickers as if someone took control of it for a second.

IE freezes on some websites.

 

Need help, I don't know what else to do

 

[jnelsoninjax]

Do you have any proof that someone is on your network? You say "Downloaded "whos on my wifi" software - nothing outside of Known MAC addresses" that sounds like your answer, no foreign connections are present, does your router give you an option to see attached devices? My router can at glance tell me what is wired and wirelessly connected. I would suggest you contact Comcast and ask them for help, also do a Speedtest from a computer plugged into the router (not wi-fi)  and see what your speeds are vs what you are paying for, you will notice in my signature that I have the comcast speedtest results, I'm paying for a 50 Mbs/ down but getting much more then that.

[sc302 Veteran]

Well it probably isn't coming from internal. Your computer is probably compromised and is attaching to someone through the internet.

Wipe and rebuild would be a good course of action.

[ensiform]

Sounds more like they have control over the computer via a remote vnc type thing or an exploit in Windows/some software you have.

 

Can you run with that device offline for a while just to see?  Check the programs running and check programs installed list very carefully.  Wiping it is probably for the best.  And probably all devices running Windows on the network.

[Dot Matrix]

Was your wife's machine a laptop? A desktop? Did this occur on all of the devices, or just one?

 

If someone was in your network, MAC filtering and stronger passwords/encryption are the way to go, which I've seen you set. Your router should allow you to monitor connected devices (you can usually connect to it by typing 192.168.1.1 into the address bar of a hardwired machine), so installing extra software may not be needed. This extra software might be the reason you're seeing performance issues.

 

Also, do you use any type of Remote Desktop applications? You can check to see if that's enabled or disabled by searching for Remote Desktop in Start.

[+BudMan MVC]

"I've re-installed win7 on all devices."

"I have Microsoft security essentials as antivirus software, malwarebytes as backup, and zone alarm for firewall."

Well you say you reinstalled the OS and your still having the problem.. Points to something your running... ZA on all your machines? Sure not going to make it zipper ;) Kind of freaking pointless, your behind a router - are you worried about your other machines on your network attacking your other machines? Why is the built in windows firewall not good enough?

Mouse flickers??? Not sure what that means or has to do with anything? How exactly did you reinstall? Internet running slow points to internet issue not someone controlling your machines, etc.. Does it happen on all of them? IE freezes, well yeah its freaking IE ;)

Mac filter btw is just pointless added overhead in admin of your own network.. It might be useful if you don't want your kids devices to get on the network, and you post the wifi password on the frig door for example. Other than that it really has little value.. It sure an the hell is not going to keep a "hacker" off your network ;) After he busted through your WPA2 secure psk, etc.....

[Anibal P]

Sounds more like glitchy hardware than a so called "hacker" 

[The Evil Overlord]

Sounds more like glitchy hardware than a so called "hacker"

Was going to say more or less the same thing,

OP although I don't know this for a fact, have you also tried disabling remote assistance?

I am not 100% sure of what is does/give access to, but my systems run just as well with that disabled.

(Budman, soon I'll have a question for you specifically, just waiting for a couple of things to come to fruition)

[remixedcat]

Use RADUIS (username and password) on a domain controller and tighten your router's security. If not get a new router.

[+Warwagon MVC]

I would disconnect all devices from the network accept 1 and speed test each device 1 device at a time. Until you plug one device in and your speeds plummets (if that happens at al)

[offroadaaron]

I would disconnect all devices from the network accept 1 and speed test each device 1 device at a time. Until you plug one device in and your speeds plummets (if that happens at al)

^^ Exactly what I would do to try and eliminate the problem.

[Xerino]

If you are using that all in one Arris router / modem combo, go into your gateways settings, show connected devices, find that persons computer or other devices and remove them, the only way he will be able to connect is if your router gets reset to factory default

 

 

Keep in mind though, make sure you dont remove devices you know and trust, otherwise you wont be able to reconnect either.

[primexx]

If you are using that all in one Arris router / modem combo, go into your gateways settings, show connected devices, find that persons computer or other devices and remove them, the only way he will be able to connect is if your router gets reset to factory default

 

setup.jpg

 

Keep in mind though, make sure you dont remove devices you know and trust, otherwise you wont be able to reconnect either.

 

a) there's probably nobody on his network anyway

 

b) that just deletes the IP lease from the router, doesn't do ###### to disconnect the client.

[articuno1au]

First thing I thought when reading this was it sounded like wireless keyboard and mouse interference.

 

It would explain random text and mouse inputs, and if there was a lot of interference, can explain the computer pausing up for a bit.

 

Would be surprised if you have been "hacked".