Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Maleware Infection Zeroaccess AT&T


  • Please log in to reply
2 replies to this topic

#1 Orthodoxsauce

Orthodoxsauce

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 19 November 2014 - 01:48 PM

I received an email from Uverse security team stating that they have detected a bot net on our network.

I verified that it is a real AT&T email

Incident details for 108.206.**.***

Type: ZeroAccess
Source port: 1033
Destination IP: 68.xx.xx.4
Hostname: ip68-99-239-4.ph.ph.cox.net
Destination port: 16464
For security reasons, the destination IP is partially obscured.


Edited by hamluis, 19 November 2014 - 01:58 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 maggot7

maggot7

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 19 November 2014 - 04:54 PM

Comcast had a flaw in their reporting system a while ago that resulted in the same alerts.

 

Try running this on all of the computers on the network:

 

  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,068 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:31 PM

Posted 19 November 2014 - 07:07 PM


ZEROACCESS rootkit is a serious malware infection. Disinfection will probably require the use of more powerful tools than we can recommend in this forum. Before that can be done you will need to create and post a DDS log for further investigation.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs or you're using Windows 8.1, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users