masking IP address

My office is a small LAN with 20 users. Recently an unknown entity appeared on the LAN and uses an IP address of a known computer, but with a different MAC. It seems that entity is hosted on another computer, but my antivirus can not identify it. We know that the entity is hosted in a computer because we turn off all computers and the entity also off, but reappears with no identifiable pattern.
I need help!

Discussion is locked
Reply to: masking IP address
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: masking IP address
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
so many things it could be

someone could be charging their smartphone or device on a computer. could be a printer or a lot of other things that might be connected to a computer.

Try to narrow it down to a computer. turn off one computer at a time until you identify the computer.

- Collapse -
This will take some work.

You'll have to turn them off one by one. Then check your view. If both vanish when you turn one off, I'l take bets it's infected.

- Collapse -
we want to solve the problem without having to reinstall PC

Thanks for the help.
In the past we solved reinstalling the operating system.
But, we are looking for information on the type of threat and how to treat it.
Hopefully someone has any idea.

- Collapse -
So you found the PC in question?

As you know in such deployments you keep an image ready to redeploy as a full install is costly (hours!) If your IT staff is new, they may have forgotten some basics. Talk to them about disaster recovery and system images.

- Collapse -
it could be a virus, a backdoor?

Thank you very much.
Yes, it is the third time it happens. On two previous occasions, in 6 months, the computer with the problem was identified and was solved by reinstalling but we have not progressed about what is it.

- Collapse -
There are forums that dive into reports and tools.

You read them all the time at But today, Windows is still pretty easy to infect. One wrong move or "kids" and it's infected.

- Collapse -
I hope you have security on this LAN.
- Collapse -
block the MAC

Probably the best thing to do would be to block the MAC - easy to do and (if necessary) undo.
If you have any query http://.com/it-services/it-management/networksupport/

Note: Link disabled by moderator. Please avoid spamming your company. You can discuss this here so all can benefit

Post was last edited on February 26, 2016 10:40 PM PST

CNET Forums