My NetTime icon has gone dimmed.......Oh no my computer has been hacked!!!

wepee

Getting the hang of it
Jul 16, 2016
255
59
Hi guys,

My NetTime has been working fine for a few days.
Suddenly, I realized, its icon at the taskbar has gone from bright yellow & green to dimmed/grayed.
This usually indicates there is an error.

IP = 192.168.88.1 is the NIC that all my CCTV cameras are connected.

Just wondering if my NetTime icon at my windows has gone dimmed,
How to troubleshoot the root of the problem?

Later I found my answer:
When I did further investigation, someone has removed the Windows Firewall Rule (Inbound Rule) for NetTime time to allow the connection.

I tested on my wireless client adapter Tp-link, TL-WA1201, Time sync failed.
However, all my cameras' time is fully synced.

NetTime icon dimmed3.jpg

Here are the screenshots of my NetTime:

NetTime icon dimmed.jpgNetTime icon dimmed2.jpg

For the last few months, I have been having lots of issues regarding my cameras (I had all my Chinese cameras- Foscam connected to my local network)
I have an Asus RT-AC86U router and blocked all the internet connections for the camera, but still to no avail.

In the past, I was having......
Strange issues, like wifi client adapter will crash, camera IPs in BI network configuration will get messed up, so my camera view will get no signal.

Only recently I started to use a dual NIC set up.
Since then the above issues are solved.

But somehow or rather the hacker managed to remove the Windows firewall inbound rule for NetTime to work.

Has anyone faced this kind of serious problem at all?

Update 1: I suspected, 1 PC in my local (Main) network is compromised so the PC is permanently switched off
and disconnected from the network. I will keep monitoring my CCTV PC if there is any funny thing happening
for the next few days. I would not think my CCTV PC is compromised, since I had already freshly installed it a few
months ago.

Update 2: I redo the Windows Firewall inbound rule, now NetTime Service.exe is able to connect.

Below picture shows NetTime log Viewer:
2022-12-16_22-24-01.jpg
Time sync is working now:
2022-12-16_22-11-51.jpg
 
Last edited:
That seems like a rather specific and unlikely thing for someone to do who has already gained access to your network.

It serves no purpose.
 
  • Like
Reactions: fenderman
That seems like a rather specific and unlikely thing for someone to do who has already gained access to your network.

It serves no purpose.
Yes, I agree. It seems the motive does not serve any purpose.
But I have been battling this issue for more than a month now.......and till now it is still going on.
Unless you are a hacker, you won't understand the motive till you understand the thrill of screwing around.
 
Last edited:
What I have seen a Windows update do is change a computer from a private to a public network, and I suspect that is what happened and the firewall rule was different for each. I had a laptop do this very thing and I couldn't get to UI3 because of the network permission change in the firewall.

One of the many reasons why we disable Windows updates on our BI machines.

That is only an internal thing is it relates to YOUR network with the Windows computer and determined when you initially connect to your home network - it is saying your home network is public.

You could go to the effort of redoing the wifi network of everything in your house and setting up each computer to private network only, but you will find that is more trouble than it is worth.

You normally make this decision the first time you connect to a network. Windows will ask whether you want your PC to be discoverable on that network. if you select Yes, Windows sets that network as Private. If you select No, Windows sets that network as public. You can see whether a network is private or public from the Network and Sharing Center window in the Control Panel.

1671191277796.png
 
.....What I have seen a Windows update do is change a computer from a private to a public network......
I've had this happen to 3 clients this year:
  • A chiropractic office's front desk PC could no longer access the server on their own LAN to run their patient management program.
  • A church's PC for live streaming their services could no longer access Internet
  • A client lost Internet access
 
What I have seen a Windows update do is change a computer from a private to a public network, and I suspect that is what happened and the firewall rule was different for each. I had a laptop do this very thing and I couldn't get to UI3 because of the network permission change in the firewall.

One of the many reasons why we disable Windows updates on our BI machines.

That is only an internal thing is it relates to YOUR network with the Windows computer and determined when you initially connect to your home network - it is saying your home network is public.

You could go to the effort of redoing the wifi network of everything in your house and setting up each computer to private network only, but you will find that is more trouble than it is worth.

You normally make this decision the first time you connect to a network. Windows will ask whether you want your PC to be discoverable on that network. if you select Yes, Windows sets that network as Private. If you select No, Windows sets that network as public. You can see whether a network is private or public from the Network and Sharing Center window in the Control Panel.

View attachment 148347
My CCTV network is listed as Public Network

2022-12-16_21-58-21.jpg
 
I've had this happen to 3 clients this year:
  • A chiropractic office's front desk PC could no longer access the server on their own LAN to run their patient management program.
  • A church's PC for live streaming their services could no longer access Internet
  • A client lost Internet access
Would you suggest disabling the Windows update temporarily?
 
No obviously. I thought if I delay Windows update, the downside is Windows 10 OS will be less secure. Security patches not apply.
Your thought process is not faulted. The update topic is definitely a double edge sword. Some additional details you may not be aware of:
Many have a dedicated BI machine. It is only purpose is to record their cameras' activities, and allow for footage playback. The BI machine is not used for perusing the Internet, running other software/apps for household members. Yes, the BI machine itself has the ability to access the Internet (from behind a router/firewall) but a dedicated BI machine will seldom have a need to access the Internet without a human doing things on it that causes it to.
If users want to access the BI machine when not at home, the best practice is to configure a VPN on your router.
 
Regarding your concerns of being hacked. Have you enabled any port forwarding on your router?
 
I have had to redo permissions on several apps afters windows update. This is common.

They also have to be redone if there is a version change of the exe file. For instance, if you update an app, then often times the permissions need to be reset manually.
 
Regarding your concerns of being hacked. Have you enabled any port forwarding on your router?
No, I have never opened any port for port forwarding purposes. But for VPN to work,
By default the router should open a port: 1194 (if not mistaken) automatically.
 
It is clear the Windows update changed the permission. It either went from private to public or public to private or the update included an update to the firewall and changed the permissions.

You have never had anything update and it defaults settings or changes them? I have a few apps that every time they update it loses the login credentials and a few that change settings. It is common. And a few people have already confirmed same thing happened to them or their clients.

Not running the windows update is still more secure than an NVR that is rarely updated. Plus the computer has anti-virus and firewall protection....
 
Regarding your concerns of being hacked. Have you enabled any port forwarding on your router?
Very strange, when I try to access my router's WEB interface.
Somehow the interface is not available- cannot access it. The HTTP server is screwed.

Errrgggh....:banghead:

I need to reboot my Asus router when I get to my office on next Monday.

Update: This is a non-issue. I forgot to update the browser shortcut on my windows desktop
which previously pointed to: 192.168.88.1.

Since I added a second NIC, my main network is using: 192.168.188.xxx subnet
So, logically, I should have updated the shortcut to point t: 192.168.188.1 (my new router address)
but, I didn't. Totally forgot about
. :facepalm:

2022-12-16_23-56-16.jpg

Now HTTP access to my router is working :D

2022-12-18_14-47-02.jpg
 
Last edited:
It is clear the Windows update changed the permission. It either went from private to public or public to private or the update included an update to the firewall and changed the permissions.

You have never had anything update and it defaults settings or changes them? I have a few apps that every time they update it loses the login credentials and a few that change settings. It is common. And a few people have already confirmed same thing happened to them or their clients.

Not running the windows update is still more secure than an NVR that is rarely updated. Plus the computer has anti-virus and firewall protection....
Sorry I am not sure what the business is about changing permission.
Can you enlighten me. Perhaps can show some examples.
Thank you.