Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit removal per ATT notification


  • Please log in to reply
5 replies to this topic

#1 Mutch

Mutch

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 08 March 2014 - 07:04 PM

Got an email today from ATT...which says

 

AT&T has received information indicating that one or more devices using your Internet connection may be part of a zombie computer network (“botnet”). Internet traffic consistent with a bot infection was observed on Mar 6, 2014 at 8:18 AM EST from the IP address 108.237.111.32. Our records indicate that this IP address was assigned to you at this time. Infection details:

Type: ZeroAccess
Source port: 52195
Destination IP: 98.xx.xx.76
Destination port: 16465

 

So...I need to deal with this...

 

I am a PC tech and I support home users...I've done a LOT of virus work (almost every day) but I have never dealt with

a botnet...

 

Per ATT...March 6 at 8:18 EST is 7:18 here in CST...I was on my way to work and wife was asleep...all computers in

house were on...1 - Win 8.2 used as a workgroup server....1 -  XP and 3 - Win 7...and one client box that I had let KAS Rescue run all night...

 

I have Uverse, 192.168 subnet and from that router I NAT to another router to a 10.10 subnet...this is to all my boxes...
Both routers have hard passwords, and the second router has PnP turned off...I left the U verse router set up the way the ATT tech left it...

 

So...I have a LOT of scanning to do...

 

All my boxes run Vipre Internet Security...I also run MBAM, the paid for version so it's active...

 

Question...

 

What botnet scanning software should I use...???

What steps should I take to get rid of any botnets...???

What steps to prevent botnets in the future...???

 

Is it your collective opinion that the McAfee Rootkit Remover is sufficient...???

 

I do have to send a report to ATT telling them what I did to get rid of botnets....

 

AND...this is the 2ed time I got this email from ATT...the first time was about a year ago...that email did not mention botnets, just some "unusual' virus activity....whatever that means...,

 

Many thanks for the help...

Steve

 



BC AdBot (Login to Remove)

 


#2 Mutch

Mutch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 08 March 2014 - 07:07 PM

Please excuse my  typo's...but I am proud of my typo's...they are mine and only mine...:>)



#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:56 PM

Posted 08 March 2014 - 08:44 PM

Zero-Access  is an advanced infection and usually requires a whole process to remove it. Using a few tools (or even every automatic tool available) will not remove it generally, it requires specific file and process removal.

 

If you start a malware removal topic using this guide you will soon enough have all your questions answered, and your machine secured again.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:56 AM

Posted 08 March 2014 - 10:00 PM

Using the link above provided by TsVk!
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Mutch

Mutch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 09 March 2014 - 12:25 AM

Thanks for the guidance...I will read the guidelines and repost this tomorrow...

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:56 AM

Posted 09 March 2014 - 07:44 AM

No problem...just let us know.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users