I wonder if anybody has some advice, my RT2600 Threat Prevention has started detecting
Event Type: A Network Trojan was Detected
Signature: ET INFO Terse Unencrypted Request for Google - Likely Connectivity Check
Severity: high
Status Drop
on my wifes laptop, every 11minutes while active - ethernet or wifi.
Looking back at an email trial of notifications, it first occurred Apr 30, then July 6 for 11times, and then from Aug 1 full time every 11minutes when its on,
Its windows 10 computer, with Microsoft Defender fully uptodate.
I've done a full scan of the system, and booted with an offline scan.
I checked for any unknown programs but its a fairly clean computer from extra tools. I do have Synoglogy backup, which it seems does some virus scans. On the laptopmachine I have Acronis 2020 with backup to (yes you guessed ) Synology NAS DS218+
Also ran malwarebytes, and installed Avira to check it, and monitor it
They haven't found anything.
So seems harmeless, doing a "Google Connectivity Check", but seems to be in the manner of a quiet trojan waiting for instructions. Any idea if I should be concerned or what I might do about it.
The router is
Release Notes for RT2600ac | Synology Inc.
Destination IP: 142.251.214.132
alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET INFO Terse Unencrypted Request for Google - Likely Connectivity Check"; flow:established,to_server; content:"google.com"; http_host; isdataat:!1,relative; fast_pattern; pcre:"/(?:^|\.)google\.com$/W"; http_request_line; content:"GET /|20|"; depth:6; http_header_names; content:!"|0d 0a|Referer|0d 0a|"; content:!"|0d 0a|User-Agent|0d 0a|"; content:!"|0d 0a|Accept"; reference:md5,7ca63bab6e05704d2c7b48461e563f4c; classtype:trojan-activity; sid:2036303; rev:2; metadata:created_at 2022_04_22, former_category HUNTING, performance_impact Moderate, updated_at 2022_04_22
Event Type: A Network Trojan was Detected
Signature: ET INFO Terse Unencrypted Request for Google - Likely Connectivity Check
Severity: high
Status Drop
on my wifes laptop, every 11minutes while active - ethernet or wifi.
Looking back at an email trial of notifications, it first occurred Apr 30, then July 6 for 11times, and then from Aug 1 full time every 11minutes when its on,
Its windows 10 computer, with Microsoft Defender fully uptodate.
I've done a full scan of the system, and booted with an offline scan.
I checked for any unknown programs but its a fairly clean computer from extra tools. I do have Synoglogy backup, which it seems does some virus scans. On the laptopmachine I have Acronis 2020 with backup to (yes you guessed ) Synology NAS DS218+
Also ran malwarebytes, and installed Avira to check it, and monitor it
They haven't found anything.
So seems harmeless, doing a "Google Connectivity Check", but seems to be in the manner of a quiet trojan waiting for instructions. Any idea if I should be concerned or what I might do about it.
The router is
Release Notes for RT2600ac | Synology Inc.
Destination IP: 142.251.214.132
alert http $HOME_NET any -> $EXTERNAL_NET 80 (msg:"ET INFO Terse Unencrypted Request for Google - Likely Connectivity Check"; flow:established,to_server; content:"google.com"; http_host; isdataat:!1,relative; fast_pattern; pcre:"/(?:^|\.)google\.com$/W"; http_request_line; content:"GET /|20|"; depth:6; http_header_names; content:!"|0d 0a|Referer|0d 0a|"; content:!"|0d 0a|User-Agent|0d 0a|"; content:!"|0d 0a|Accept"; reference:md5,7ca63bab6e05704d2c7b48461e563f4c; classtype:trojan-activity; sid:2036303; rev:2; metadata:created_at 2022_04_22, former_category HUNTING, performance_impact Moderate, updated_at 2022_04_22