New
#1
How to check incoming LAN connections on XP?
Hi!
I have an old XP machine running which serves as a file sharing PC.
It is connected to the internet and to my local network also.
I found some strange files on some shared folders, actually some of the files are decrypted.
I know, there was some cryptolocker malware attack.
The files are junk files, so I don't worry about them.
Avira is running 24/7 on that machine, up-to-date.
Is there any possibility to check backward on XP who or from what IP address was some connections in the past?
I checked Avira's log's and quarantine but nothing was recorded.
I also checked with Avast, F-secure, MalwareBaytes etc... for possible infections on that machine, but nothing was recognized as an infection...
Now I setup Wireshark to log the LAN, but at the moment when that happen there was no logger app installed.
It look's for me like somebodies PC was infected who was connected to my PC and the malware found the shared folders and they encrypted the content of the folders remotely, and didn't jumped over to my pc.
I have also a .txt file where is writing how to contact the guys who can enecrypt my unused files.
Btw. I have also a full backup all the time. So I 'm not worried about the content of that folder.
Is this a logical explanation?
Thanks for any idea.