Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

> Infected with rustock, easy way to find which machine?


  • Please log in to reply
2 replies to this topic

#1 HBCMomo

HBCMomo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 06 August 2010 - 04:15 PM

I recieved a message from Time Warner Cable today that a machine in my household is compromised and I must deal with it. There are 3 machines on the lan currently. For two of them I have been able to run malwarebytes and it didn't find anything. I am currently at work and only able to access the two remotely. I ran a CBL look up and it said a machine is infected with rustock. Is there an easy way to identify which machine is infected without having to run cleanup up on all 3? Also, the 3 computers have all different operating systems from XP to win7. I would have tried to run Combofix on them but it only works for XP. Any help is appreciated.

PS. I Posted this in the log section previously by accident. I didn't read where I should post this until now. Sorry about that.

BC AdBot (Login to Remove)

 


#2 HBCMomo

HBCMomo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 06 August 2010 - 05:19 PM

Some more information. I ran advanced port scanner which found 6 devices. 3 computers, 1 printer, 1 router and 1 Wii. I looked at the open ports for all of the devices and there is no indication SMTP or any port that isn't normal is open.

#3 Archietuthis

Archietuthis

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 24 March 2011 - 07:37 PM

I assume you did something already, but use wireshark to see which machines are sending SMTP packets like crazy, in the thousands per day.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users