Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Locate/remove Curwail Trojan On Network


  • Please log in to reply
No replies to this topic

#1 gsquirrelgo

gsquirrelgo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 25 July 2008 - 12:20 PM

I've been drafted to informally investigate an infection of the curwail virus on my office network. We are relatively certain that one of our 20 or so computers has the trojan as our IP has been delisted and receive a spamhaus.org notice when using local email delivery.

http://www.spamhaus.org/query/bl?ip=208.65.172.82 is the url that pops up with the notice:

my problem is two fold.

1) I don't know what I should be running to detect which computer is infected (i've sporadically tried AdAware, AVG 8.0 and SpybotS&D) but have not found positive identification of the trojan. Also what methodology should I be employing to isolate and locate the infected machine. Can I leave my network up while testing each machine or is it necessary to disable the network and test each computer individually?

2) if/when it is located what steps should I take to remove it. I've seen the thread for applying ComboFix.exe but that seems like a nuclear option especially if I am dubious about it's location.

We are currently running windows XP pro 5.1 on the majority of machines, there is one mac running OSX 10.4.10, and our network server is running Linux

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users