non stop attack to my pc

Simon91
Simon91 Mr
edited May 16 in Antivirus Free

Hi,

I receive huge quantity of attacks everyday. at least 80-150 atttacks per day.

  1. bruteforce attack blocked

Multiple failed login attempts were made by 220.121.17.195(change alaways. We blocked the connection to stop the attacker from gaining access to your credentials and compromise your privacy.

2 Bruteforce other type of attack.

Multiple failed login attempts were made by 152.89.198.241 (change alaways using the RDP protocol. We blocked the connection to stop the attacker from gaining access to your credentials and compromise your privacy.

I switch off router to change ip and always some problem. I have Windows 11genuine with all the latest updates. All my software is legal and updated.

What can I do to fix my problem? is it normal?

Comments

  • Nunzio77
    Nunzio77 Defender of the month mod

    Hello,
    the IP 152.89.198.241 has a low detection impact, so it could also be a false positive:


    https://www.virustotal.com/gui/ip-address/152.89.198.241

    It could also be a legitimate app attempting a legitimate connection and BD blocking it.

    Try reporting it here for verification:

    https://www.bitdefender.com/consumer/support/answer/29358/

    Nunzio ·

    Bitdefender Plus, Windows 10 Pro-32 Bit, CPU Intel Core2 Duo T7500, RAM 4 Gb - Bitdefender Mobile Security

  • Simon91
    Simon91 Mr

    Hi,

    no I continue to receive attacks from evil ip.

    https://www.abuseipdb.com/check/87.251.75.145

    Multiple failed login attempts were made by 77.68.119.144 using the RDP protocol. We blocked the connection to stop the attacker from gaining access to your credentials and compromise your privacy https://www.abuseipdb.com/check/77.68.119.144

    Multiple failed login attempts were made by 115.243.85.101. We blocked the connection to stop the attacker from gaining access to your credentials and compromise your privacy. https://www.abuseipdb.com/check/115.243.85.101

    Multiple failed login attempts were made by 110.10.193.201. We blocked the connection to stop the attacker from gaining access to your credentials and compromise your privacy.Add to exceptions https://www.abuseipdb.com/check/110.10.193.201

    Multiple failed login attempts were made by 220.121.17.195. We blocked the connection to stop the attacker from gaining access to your credentials and compromise your privacy.Add to exceptions

    Multiple failed login attempts were made by 50.208.207.234. We blocked the connection to stop the attacker from gaining access to your credentials and compromise your privacy.

    Multiple failed login attempts were made by 152.89.198.241 using the RDP protocol. We blocked the connection to stop the attacker from gaining access to your credentials and compromise your priva

    Multiple failed login attempts were made by 212.70.149.146 using the RDP protocol. We blocked the connection to stop the attacker from gaining access to your credentials and compromise your privacy

    Always the same attack. I check all the exeptions in my PC'S, rules, updates and nothing.

    What can i do? I turn off and switch my ip from my router many times also.

  • Flexx
    Flexx mod
    edited May 26

    Kindly check if the following steps help you:

    1) Restart your PC in safe mode. You can follow this guide: https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234

    2) Open the Run command and execute the following commands one by one:

    temp – delete all the files in the folder.

    %temp% – delete all the files in the folder.

    prefetch – delete all the files in the folder.

    3) Restart your PC in normal mode by unselecting the option to run the system in Safe Mode, then click 'Apply.'

    4) Reset your web browsers:

    Google Chrome: https://support.google.com/chrome/answer/3296214?hl=en

    Mozilla Firefox: https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

    Microsoft Edge: https://malwaretips.com/blogs/reset-microsoft-edge/

    Opera: https://browsersolution.com/reset-opera-browser

    Vivaldi: https://help.vivaldi.com/desktop/install-update/full-reset-of-vivaldi/

    Brave: https://support.brave.com/hc/en-us/articles/360017903152-How-do-I-reset-Brave-settings-to-default

    5) Reset the Windows host file to default. You can find instructions here: https://support.microsoft.com/en-us/topic/how-to-reset-the-hosts-file-back-to-the-default-c2a43f9d-e176-c6f3-e4ef-3500277a6dae

    6) Run Disk Cleanup using this guide: https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68

    7) Open the Run command and execute the following commands one by one:

    ipconfig /release

    ipconfig /flushdns

    ipconfig /renew

    netsh int ip reset

    netsh winsock reset

    If issue persists, kindly contact Bitdefender support by visiting https://www.bitdefender.com/consumer/support/help

    Select, How to's & Troubleshooting Bitdefender productsTroubleshootingI don't knowContact Support→ You will get the option of chatcall or email.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Simon91
    Simon91 Mr

    Hi.

    Only one problem.. restoring ethernet connection I got ethernet connection disabled. After resting connection it works. Strange and suspicious.

    I try all exept contacting Bitdefender.

  • Flexx
    Flexx mod
    edited May 27

    The reason your Ethernet connection was disabled temporarily after running these commands is likely due to the netsh int ip reset command. This command resets the TCP/IP stack, which can include resetting network interfaces. During this process, network adapters are momentarily disabled and then re-enabled, which can cause a brief disruption in the network connection.

    If the Ethernet connection does not get enabled automatically, try to manually re-enable it, open the Run command by pressing Windows Key + R, type ncpa.cpl, and press Enter. This will open the Network Connections dialog box. Select your Ethernet connection, right-click on it, and choose Enable if it is disabled.

    To verify and configure the Wired AutoConfig service, open the Run command again by pressing Windows Key + R, type services.msc, and press Enter to open the Services dialog box. Search for Wired AutoConfig, right-click on it, and select Properties. In the Properties dialog box, set the Startup type to Automatic. Then click Start under Service status, and click Apply and OK.

    Kindly let us know if this re-enables the Ethernet connection or if you are having any issues.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Simon91
    Simon91 Mr

    1) Restart your PC in safe mode. You can follow this guide:  https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234

    done

    2) Open the Run command and execute the following commands one by one:

    temp – delete all the files in the folder.

    %temp% – delete all the files in the folder.

    prefetch – delete all the files in the folder.

    done

    3) Restart your PC in normal mode by unselecting the option to run the system in Safe Mode, then click 'Apply.'

    4) Reset your web browsers:

    Google Chrome: https://support.google.com/chrome/answer/3296214?hl=en DONE

    Mozilla Firefox: https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings DONE

    Microsoft Edge: https://malwaretips.com/blogs/reset-microsoft-edge/ DONE

    5) Reset the Windows host file to default. You can find instructions here:  https://support.microsoft.com/en-us/topic/how-to-reset-the-hosts-file-back-to-the-default-c2a43f9d-e176-c6f3-e4ef-3500277a6dae

    6) Run Disk Cleanup using this guide:  https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68 DONE

    clean all. I know the cleaning of system files extra

    7) Open the Run command and execute the following commands one by one:

    ipconfig /release

    ipconfig /flushdns

    ipconfig /renew

    netsh int ip reset

    netsh winsock reset

    DONE ALL

    I try also to restore ehternet connection. Restoring i found disabled. I try to restore again and works. This thing for me is suspicious. I receive also now attacks.

  • Flexx
    Flexx mod
    edited May 27

    Can you tell us exactly what the issues are that you are currently facing, and if possible, could you share screenshots of them? What does 'suspicious' mean here? The links are all provided by Microsoft. Also, below is the breakdown of the commands that were executed as per scenarios to understand them better.

    ipconfig /release: Imagine your computer is holding onto a phone number (IP address) for a while. This command tells it to hang up and stop using that number.

    ipconfig /flushdns: Your computer remembers website addresses (like a browser history). This command tells it to forget all those addresses, so it starts fresh.

    ipconfig /renew: After letting go of its old phone number, your computer asks for a new one. It's like getting a new phone number from the network.

    netsh int ip reset: Sometimes, the way your computer talks to the internet gets messed up. This command resets all the talking rules to default settings, like hitting a reset button.

    netsh winsock reset: Just like the previous command, this one fixes the way your computer talks to the internet, but specifically for Windows computers. It's like fine-tuning the way it communicates online.

    Well, you see, these are the basic commands, and the solution was provided by Intel (https://www.intel.com/content/www/us/en/support/articles/000058982/wireless/intel-killer-wi-fi-products.html)

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Simon91
    Simon91 Mr

    Hi, I really appreciate your answer. It's also very detailed and useful.

    I made a Hard reset of the router Fritz Box 7530AX and the attacks disappeared now. I also apply a light fresh start of Window 11. Now it seems ok, 9 hours without attacks.

    Inside the router I found some very weird settings. Something happened, but now it's ok.

  • That means the issue was with the router facing a DDoS attack. Resetting it did the job. It's nice to know that everything is fixed now.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Simon91
    Simon91 Mr

    Thanks for all Flexx :)

  • Simon91
    Simon91 Mr

    Exploit attempt blocked10 hours agoFeature:Online Threat PreventionAn attempt to access your device by exploiting a vulnerability was made by 51.8.223.99. We blocked the connection to prevent the attacker from gaining access over your data and system resources.

    This is recente. No other attacks. Should I do something?