So, we have a PFSense router running our main LAN and a Microtik running the Guest LAN, and I've been struggling with a network infection for a few months now. Got WebRoot and Malwarebytes installed on all the PCs and my PC also runs Symantec. The first thing we're noticing is a blocked Trojan when web browsing. The site doesn't seem to matter, it's the same blocked Trojan every time: xmr omine org and IP 59 127 213 219, the port changes every time. The second thing we've noticed is porn popups from the site bongacams when web browsing. Third is reported by Symantec when I navigate to our Microtik's IP address: "Web Attack: JSCoinminer Download 61." To troubleshoot, I've run regular scans with Malwarebytes, WebRoot and SuperAntiSpyware on every computer. Then, I've reinstalled Windows 10 on computers reporting the popups. Finally I installed Snort on our PFSense router and configured it to use the security IPS profile and enabled blocking after removing some false-positives. Nothing has stopped the infection, and I'm not entirely sure what to do next. Any suggestions?
No comments:
Post a Comment