Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


recieved an email, am i infected?

  • Please log in to reply
2 replies to this topic

#1 gerigirlp


  • Members
  • 21 posts
  • Local time:09:34 PM

Posted 12 April 2014 - 09:53 PM

Good evening,

i recieved an email from ATT stating a device using my internet connection may be part of a botnet.on april 10, 2014 at 10:50pm it was detected

type: zeroaccess

source port: 1031

destination port:16471

i do use a wireless router but it is password protected.i have a DELL pc, windows vista, mcafee protection.


i am sorry but i am confused by this email and if its real, or is my pc infected?  thanks for taking the time to read


BC AdBot (Login to Remove)


#2 noknojon


  • Banned
  • 10,871 posts
  • Gender:Not Telling
  • Local time:01:34 PM

Posted 12 April 2014 - 11:51 PM

Hello -

We can have a quick look and have you perform a few scans.


Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.Please download



First -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

NOTE - If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.


Next -

Download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button (only once)
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review.
NOW : If you're ready to clean it all up.....click the Clean button (only once)
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.

• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Edited by noknojon, 13 April 2014 - 12:06 AM.

#3 noknojon


  • Banned
  • 10,871 posts
  • Gender:Not Telling
  • Local time:01:34 PM

Posted 17 April 2014 - 05:27 PM

If you have any type of zeroaccess infection, follow these instructions.


 Fully read and follow the instructions in the Preparation Guide starting at Step #6.


Note :If you are unable to complete any step, still post the topic and leave a full description of your problems


When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.


 Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.


 If Help Bot responds to your topic, please follow his Step #1 so the team will be notified.


 After doing this, please reply back in this thread with a link to the new topic so we can close this one.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users