Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blacklisted on CBL because of Torpig


  • This topic is locked This topic is locked
2 replies to this topic

#1 lnino

lnino

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 20 September 2011 - 02:16 AM

Hi at all.

I got blacklisted with my company beacuse of torpig.

Message of CBL:
#########
At the time of removal, this was the explanation for this listing:
This IP is infected with, or is NATting for a machine infected with Torpig, also known by Symantec as Anserin.

This was detected by observing this IP attempting to make contact to a Torpig Command and Control server at 91.19.43.148, with contents unique to Torpig C&C command protocols.
#########

I found another thread: http://www.bleepingcomputer.com/forums/topic400985.html
where I saw that the two tools TDSSKiller and aswMBR has been used.

Shall I execute this two tools on every client in my company?

How does a clean log look like?
I have attached the logs of my client. Should a clean log look like that?

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 AM

Posted 20 September 2011 - 02:34 PM

Good evening. :)

Torpig is one of those nasties that renders this site's help of little use.

as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer.

Any computers that are suspected of having this infection should undergo a reformat and reinstall to ensure the integrity of the systems. The possibility that legitimate files may have been infected or corrupted by the malware present on your PC, and also that security settings may have been lowered making your computer more liable to infection in the future, means that starting over is the easiest and most reliable solution to your problems.

You also have to be concerned about what data may have been stolen from the machines already and may be stolen in the future should a keylogger, for example, have been uploaded to the machine.

I would instantly wipe any personal PC that I owned if I had this crud on them and business machines would be wiped quicker than that - if I had any.

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:51 AM

Posted 24 September 2011 - 06:52 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users