Sorry, I did not save it. However, I did run the audit health before I destroyed that machine but it didn't detect anything. But I still suspected that the port scanning was coming from that drive so I removed the disk from the machine and scanned it with an AV. I immediately got some detections in the opt folder so I just destroyed it.
I reinstalled opnsense from scratch and now no more port scanning attacks so I'm pretty sure it was compromised.
Code Select
4/4/2025 9:57:14 PM;Real-time file system protection;file;C:\av_test\Root\opt\npc\npc;a variant of Linux/Riskware.Nps.A application;cleaned by deleting
4/4/2025 9:57:47 PM;Real-time file system protection;file;C:\av_test\Root\usr\bin\npc-update;a variant of Linux/Riskware.Nps.A application;cleaned by deleting
I reinstalled opnsense from scratch and now no more port scanning attacks so I'm pretty sure it was compromised.