I had an intrusion? A virus attack?

My recommendation would be to use an up to date and secure browser. I really like brave and some of the privacy focused Firefox variants. The most important thing is just be vigilant on what you visit and watch what you click.

I used cuckoo sandbox. Reverting to an older recovery point should be fine. I’d also get a better AV. There’s a lot out there so pick what works best for you.

In my personal opinion, I don’t like running Windows bare metal. It might as well be malware itself. But that’s just my 2 cents and not everyone agrees.

Thanks
By the way, which anti virus software do you recommend? I installed Kaspersky on my parents computers a while back and it seems to work reasonably well.
I switched to linux (fedora) about two years ago, found everything that I need and I regret nothing

As far as I know, Windows Defender does a pretty decent job for most users, without interfering too much. Other AV software often has its own bunch of vulnerabilities, while also inspecting encrypted traffic and things like that.

Don’t get me wrong, it’s not a bad AV. I’ve worked with a few Microsoft TAMs that are really proud of it. But IMHO I would choose a company who focuses on security. Just my two cents, but everyone is free to choose what they want to run.

If I had my way, and it was affordable, I’d say everyone should be running carbon black, lol.

I actually like Kaspersky. ESET, avast and Trend Micro are all pretty good as well. Trend probably being my top pick for affordable home AV.

Thanks for your opinion. I always find it useful to know what’s around, have not heard about Trend and carbon black before. I never went into depth with AV software.

No, the US. We won’t loose our memes for at least another 6 months:)

It was running for about 2 seconds. About 1 second to realize what was happening, and another second to superman dive across the living room to pull the ethernet and hit the power switch. But this has me more worried. I will record for awhile with nothing running and see if I can post the file. I am a little slow and half retarded, so it might take me a while.
Thank you for looking at it. You are appreciated greatly.

Uhmmm, this could be bad? What happens when I have a solid internet connection and wireshark detects no network to capture on?
Edit- just checked and my npf has stopped and it will not start?

“In Windows, with Wireshark 2.0.4, running as Administrator did not solve this for me. What did was restarting the NetGroup Packet Filter Driver (npf) service:
Open a Command Prompt with administrative privileges.
Execute the command sc query npf and verify if the service is running.
Execute the command sc stop npf followed by the command sc start npf.
Open WireShark and press F5.”

Another edit- OK I was able to reinstall it and open it as admin. I will run it for a while and post results:)

OK, that went smoother than expected. Here is about 15 minutes worth.
In the background, I had MSI Afterburner and Corsair’s iCUE open, I’m hoping that didn’t affect it. Also showing in the background is Windows defender, Intel rapid storage, and Realtek HD audio manager.
To me it just looks like the router and pc talking back and forth. But I honestly don’t really understand what I am seeing, so I have no doubts I am wrong:)
It won’t upload the file…OK, I looked up how to convert a pcapng file, and I guess it can’t be converted easily. Can it be 7-zipped?

object linking and embedding!
this little trick is used by a lot of bots to link a word to direct you to their website, you see that often on some sites until the admin gets around to cleaning it up!
another trick is stegonagraphy! (hiding a transparent link) linking on an image or part of the image to send you some-place else.( this trick was used by a lot of child pornography distributors. (for example you would download a cute cat picture and while scrolling the mouse pointer over it you could watch the bar at the bottom of the browser or screen and it would tell you where the link was pointing to)

it can be, yes.

OK, I tried to zip it.
Wireshark 15 Min Capture.zip (9.6 KB)

You’re fine, nothing but normal traffic.

Very interesting thread. I really need to play with and learn Wireshark. Ive used it a little and it is quite amazing software.

Gods be praised! That is good news! I really appreciate someone a whole lot smarter than me looking at it.
Is it possible that this was not a malicious attack, but just a tactic to put a stop to digging deeper? I’m just wondering, because it isn’t a link or a file, it’s an actual .com address. And I would think a real hacker would be way more sophisticated than this.
The only thing I could think of is that it was obvious on purpose?

While this might be the case (albeit being illegal), I doubt it. Many attacks aren’t that sophisticated, which is why updating your system is a good approach most of the time. (Ublock and NoScript do their part as well though^^). It isn’t without reason that on sites like exploitdb the vulnerability rating factors in ease of use
Also, keep in mind that against a highly sophisticated attacker (coupled with enough resources) there is probably not much you can do. There is always some kind of way.

So the way this would work is browsers allowing changes to be made to system files through various means. This is also used legitimately by some websites, though o think it to be horrible and over-reaching design.

It’s most likely that either you weren’t vulnerable to whatever exploit it was trying to exploit, or you stopped it before it could complete it’s work.

Like others have said, just try to keep up with best practices, patch frequently, and be security minded and you’ll be fine.