Both cameras were connected by ethernet.

After finally managing to do a factory reset on my router, the default router login was the standard Netgear admin/password which was the first thing I changed. Logged back in and then went to wireless setup and that was the wi-fi password. I changed the SSID and the password. But had to do it a coupld of times before it stuck.

I've got all those bases covered I think. Wireless turned off, both 2.4 and 5GHz and WPS is switched off. Remote management on router is disabled. No powerline extenders, they don't work for me so I ran cabling all over the house some time ago. There was a recent Beta Security update from Netgear which I've installed. 40 digit wifi password for occasional use (when I need to download the next book to my iPhone and briefly switch wifi on).

No sign of any intrusion this morning and no IP's unnacounted for so for the time being all seems OK.

I�d say keep the WiFi on all the time, just change the password periodically eg every 60 days.

The WiFi password sounds about right to me, my netgear had a similar odd password.

Hopefully it�s all resolved now!

FYI, something amusing, Sky Qs system breaks if you turn off WPS! All the TV boxes disconnect.

In reply to a post by ukhardy07:

I�d say keep the WiFi on all the time, just change the password periodically eg every 60 days.

Looks like I'll have to do that. I can turn wifi off on the router admin page from my PC but if I re-enable it I have to do it by pressing the sbutton on the router even though the admin page claims wifi is on, it doesn't actually come on until it's done manually. The router is in the loft and it's a bit of a trek so, yes it's on permanently now and all is looking good - fingers crossed.

I'm looking into re-connecting my cameras in due course after a factory reset and when I've got a definitive answer on how to disable them having any access to the internet at all.

Thanks for all the guidance and HAPPY NEW YEAR to all.

So I was overoptimistic! 2 x phones appeared again today and when I switched wireless off and did some digging there was a hidden IP which appeared to belong to nginx.com. My conclusion is that either there is a persistent infection on the router that has withstood the factory reset or there is something on my PC that is re-instating access to the router.

I have Malwarebytes Premium and have scanned my PC with it over and above the daily scan and realtime protection and also scanned with Avira both of which came up negative. Should I run something else?

I think I'll be off to Maplins/Currys in the morning to look at routers - I've always had Netgear but perhaps I should look at another make - any suggestions? I'm worried about connecting withanother router and simply transferring the 'back door'.

Nginx is a web server, and will provide a route for someone to access your machine using a web browser. If you connect to http://localhost, you may well get a web page. Note that Nginx may be using a non-standard TCP/IP port, in which case you will need to append the port number to the URL (e.g. http://localhost:8080). Nginx is probably running as a Windows service with admin privileges. You should be able to disable the service from the control panel, although there is nothing to stop some other bit of malware from re-enabling it. You need to find out where nginx.com is located on your disk drive. Deleting it (or re-naming it) may well solve your problem (unless some other program is waiting for such an event to re-install it). Obviously, the best course of action is to find out what software installed and activated Nginx in the first place. Have you installed any software that provides a web interface? There is the possibility that Nginx is running legitimately and is not the cause of your problem, but some software my be using an infected version.

Edit:

Nginx is a know attack vector, and since it is a legitimate program (and may not contain a virus), it will be ignored by anti-virus programs. However, it can still be used by remote scripts to access your computer. Google Nginx Virus for more information.

Edited by micksharpe (Mon 01-Jan-18 02:59:00)

For now I'm leaving wireless disabled. Since this has virtually no impact on me I'll leave it like that and keep watching. I can download audiobooks to my PC and if I work out how to transfer them to my iPhone via the 'lightning' lead I won't need wifi at all.

I've done wildcard varied searches of my PC for "Nginx" but found nothing. Nothing like that in services either running or stopped and my hosts file is just as it comes with Windows.

Just noticed that my BQM shows about 15 minutes or so yesterday evening where my router started answering pings. I guess that's when 'they' managed to get onto my network,

My router log shows scans interpreted as a DOS Attack at 7:34 this morning from 60.191.186.103 (Hangzhou original technology co., LTD).

Edited by longedge (Mon 01-Jan-18 09:53:28)

We need to get to the route of the problem.
Who is your ISP and do you have a device provided by them you can test for a day or two?
Are you London based? I would happily say hello and try to help.

I�ve helped a few large scale firms after compromises, I think were missing something here, possibly quite obvious.

Edited by ukhardy07 (Mon 01-Jan-18 10:02:51)

I think Windows 10 may be a factor here. Are these external devices seen by devices on your LAN other than in Windows Explorer on a wireless enabled PC/tablet running Windows 10? For example does the router see/report these external devices?

Firstly thanks for the offer but I'm oopNorth in Derbyshire.

I'm with PlusNet and I did have a router from them but after turning everything upside down I can't find it 8^( I've been with them for quite a few years now and I have a fixed IP which I've never really had a use for, apart from my BQM. I was wondering whether it's worth keeping.

I keep saying I'm going to buy a new router but as I also said, I don't want to do that only to find myself in the same situation again.