Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible botnet?


  • Please log in to reply
5 replies to this topic

#1 SuBz3r0

SuBz3r0

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 23 June 2011 - 02:47 PM

Hello there suddenly today i saw big network activity and i said i must capture the packets so i did and i have included here in attachment the log in html from smartsniff.exe anyway i dont think this comes from my computer but possible from my network i am sure i dont have a virus,bot etc on my pc but i want you to take a look at this and tell me if i am right about possible botnet thanks in advance.

by the way i had to use winrar because the html was 602 kb long and had to make it .rar so when i compressed it i then changed the name so i can upload it here.
in order to view it you have to rename report2.html to report2.rar and then extract.

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:51 PM

Posted 02 July 2011 - 07:46 AM

hi,

That just a bunch of DNS lookups, every remote port is 53. Not very useful for determining if one has malware present.

How Can I Reduce My Risk to Malware?


#3 SuBz3r0

SuBz3r0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 03 July 2011 - 09:22 PM

thanks a lot for the response ! i saw that it was dns lookups and i was thinking of someone using a dns exploit or something and the reason i posted was that the network activity was going crazy while i had almost all my network proccesses closed. Also i never seen some activity like that and my firewall was logging those as "attacks" -> "Attacks have been blocked : 584" etc..

#4 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:51 PM

Posted 04 July 2011 - 09:10 AM

You can post a DDS log if you want to. See step 7 here. for posting a log.

How Can I Reduce My Risk to Malware?


#5 SuBz3r0

SuBz3r0
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 08 July 2011 - 12:04 AM

Ok here are the logs from DDS.
I also want to notice here that i think rollback rx is writing on MBR so it can startup before the windows start in order to restore to a previous windows state
but i cant be 100% sure for that i also saw that i calls nvidia files?(nvdata.sys)

Attached Files



#6 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:51 PM

Posted 09 July 2011 - 05:36 PM

Those look ok. Do you have a antivirus on your machine?

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users