Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Machines Infected on LAN


  • Please log in to reply
1 reply to this topic

#1 sidneybluff

sidneybluff

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 13 July 2014 - 06:54 PM

Hello All,

 

Before posting I want to say that I am a long time lurker of this forum and the site in general. There has been so much useful information found on this site ver the past few years and would like to say thank you.

 

Anyways, recently I have been dealing with multiple machines showing up under AVG admin console saying that C:\windows\taskshost.exe shows up as infected. I'm assuming that something else is going on and using taskshost.exe as the local resource. I've tried running and cleaning the machines multiple times but come up with nothing. Then, I get a letter from their ISP saying that they are blacklisted because spam as been originating from their IP address. This is the quote I got from the ISP:

 

GameOver Zeus (GOZ), a peer-to-peer variant of the well-known bank credential-stealing Trojan Zeus malware, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. GOZ is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim's computer. To date, GOZ activity has led to the loss of millions of dollars through fraudulent Automated Clearing House (ACH) transactions and wire transfers. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks.

 

 

So, I'm assuming that the two issues are related. After redoing an inventory on their network I found a rouge PC that had been deployed without any antivirus on it and simply propagated through the network. Although I have cleaned out the machine that was without Anti-virus, the other machines are still reporting as having an issue. I can not submit the ISP to de-blacklist them until I clear out this issue. I am at a loss as where to look. I spoke with the AVG technical support and they said to find a taskshost.exe from an uninfected machine and replace it on all the machines that are having issues. Does this seem like a rational solution? All of the machines are Windows 7 Professional x64.

 

Thank you in advanced!



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:54 AM

Posted 14 July 2014 - 09:46 AM

Hello this will be better resolved with a repost and a DDS log from the Main machine.

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.
If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users