http://%2A:2869/upnp/eventing/Attack

Wes Williams 25 Reputation points
2024-08-09T07:52:10.35+00:00

http://%2A:2869/upnp/eventing/ along with security warning upnp has impersonated and logged in as svchostThe application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}

and APPID

{15C20B67-12E7-4BB6-92BB-7AFF07997402}

to the user GT-ZRBUMBEE\shado SID (S-1-5-21-1422898446-3898395416-3154244632-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. and from here my device is accessed and attack began. Removed URL (http://*:2869/upnp/eventing/) from URL group (0xFE00000020000002). Process Id 0xE08 Executable path \Device\HarddiskVolume4\Windows\System32\svchost.exe, User LOCAL SERVICE and were connecting to me through my under age daughters tv which I guess is android possibly but no doubt google apps and Google is there preferred method and this Hacker is the same individual over and over How or can track stop make stop or do anything about it has been long overdue and ongoing over a year or more. I am asking what I can do about this and how to track them besides the authorities efforts to catch child predators I would rely on something more effective if available. Our Local state and federal authorities have been notified but busy busy busy they are so any actual direction ,help, anythinf would be appreciated.

<PII removed>

.NET
.NET
Microsoft Technologies based on the .NET software framework.
4,007 questions
Azure IoT Plug and Play
Azure IoT Plug and Play
A Microsoft technology based on an open modeling language that enables developers to connect internet of things (IoT) devices to the cloud without having to write any code.
18 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,653 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,276 questions
0 comments No comments
{count} vote

Accepted answer
  1. Golden Harvesting AGRO 85 Reputation points
    2024-09-27T22:20:17.07+00:00
    • Permission Issue: It mentions a COM Server application permission issue, where local activation permission is not granted.
    • Device Access: The user reports unauthorized access to their device through their daughter’s TV, possibly an Android device with Google apps.
    • Seeking Help: The user is looking for effective ways to track and stop the hacker, beyond relying on local, state, and federal authorities.
    4 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Ryan Po 0 Reputation points
    2024-11-17T16:37:40.95+00:00

    Hi there, I can understand how frustrating and alarming this situation must be, especially with the security of your devices and your daughter's safety at stake. I’ll break down a few steps you can take to secure your devices and your network:

    1. Disabling UPnP on your Router: Since UPnP can expose your devices to the internet, the first thing you should do is log into your router’s admin interface (usually on 192.168.1.1 or 192.168.0.1 and disable UPnP. This can help stop external devices from accessing your network.

    Checking Security Logs and Adjusting Permissions on Windows: The error related to COM permissions and svchost.exe suggests that an attacker may be trying to access your system. You can adjust these permissions via the Component Services administrative tool. You should also review your security logs to see if there are any suspicious activities tied to that service.

    Securing Devices: If you suspect that a smart TV or Android device is involved, consider doing a factory reset on those devices and changing any linked passwords. It's also a good idea to ensure no unwanted apps or services are running on these devices.

    Running Anti-Malware Software: Make sure your system is clean by running a scan with trusted antivirus software. Malware could be contributing to the issue, so it’s essential to ensure your devices are secure.

    Monitor and Disconnect Unknown Devices: Keep an eye on what devices are connected to your network. If you see any unknown devices, disconnect them immediately.

    Consider Hiring a Cybersecurity Professional: If this situation is ongoing, it may be worth contacting a professional who can perform a deeper analysis of your devices and network.

    Lastly, don’t hesitate to report this to law enforcement again. Given the severity of the situation, including concerns about child safety, it’s crucial that they understand the urgency of the matter.

    If you need more detailed help with any specific step, let me know, and I can guide you further!

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.