We have a very strong suspicion it is an upstairs tenant since there is movement EVERY TIME we start to access the machine, but do not have solid proof. I'm assuming he has a sniffer packet, because Adelphia cable says the line has not been split. IP addresses change so we're not able to find the culprit. This started when this laptop had a wireless connection. He switched to a wired broadband, but his computer is still a target (5,893 alerts in four weeks). QUESTION POSED ON: 12 JUL 2006
QUESTION ANSWERED BY: Mike Rothman You are on a broadcast domain via the cable modem. So it may be the upstairs tenant or someone else on the domain. The first thing I would do is take the machine to another location and reformat and reinstall the operating system again. Update all of the software (apply patches, etc.) and make sure you have the latest versions of your security software installed. If the machine is operating normally from that other location, take it back to your brother's house. But DO NOT connect it directly to the Internet. I would buy a cheap wired (or wireless) router, and make sure the firewall capability is turned on.

I would say that it seems that the machine has a rootkit installed, but if you are actually reformatting the drive and reinstalling the OS, then it should be blown away each time. You may be compromised before you have a chance to patch the machine, so that's why you keep getting the same results. So if you go somewhere else to update, then you should be OK.

Short of that, I would get a professional involved. Or buy a Mac... But that may cost a bit more than the low end firewall.