Picture of recent threat attached along with logs. Please ask any questions. I spend over $120 on Avast product and still had the new issue after computers were cleaned. The MAC on the device says it might be a cable (TV) box? Thank you very much

192.168.1.98 is an local address in your private network, read: https://www.lookip.net/ip/192.168.1.98

With wireless network watcher you can see what that address holds, or through WifiInfoView.

Put http:// or https:// in front of it and you can see whether there is a log-in given. Mind the address is local.

This could be the address of your Direct TV application and it could have been remotely hacked through code injection via a webshell command.

Just wait for the qualified remover to analyse the logs you have provided in the posting in the virus and worms section.

polonus

Thank you. This is what I get when I try to log in. All this is pretty ‘scary’ / creepy. I asked about blocking this IP in another threat while I wait for help. Whoever gets “my case”, ty in advance for the help!

Vendor:LINKSYS
ModelName:WVBR0-25-US

Firmware Version: 1.0.42.185838

Firmware Builddate: 2017-12-18 20:27
Product.type: production
Linux: Linux version 2.6.30 (root@build-vm) (gcc version 4.2.1 (ARC_2.3)) #1 Mon Dec 18 12:12:27 PST 2017

Board: titans

FRST logs look clean.

Ty! I identified the device which is said to have the “Os Command Injection” thing on it. ATT somehow saw something and agreed too. It is a direct tv bridge (whatever that is). ATT (whose cust serve stinks; you should help them - really) blocked an IP and I am now on hold. I am not trying to circumvent help here. Just be proactive and will follow any instruction/direction (advice) Sass has 100%

Thank you… It is tough. I just do not want to lose more money. It is very difficult to deal with the bank on these things/I can not afford it either.