Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need assistance finding an infected computer


  • Please log in to reply
No replies to this topic

#1 cegodsey

cegodsey

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 20 April 2016 - 05:40 PM

I've been notified by Time Warner cable that we have a computer on our network that is infected with RDN/DNSChanger!g!D91863362239 or Alureon.GC as microsoft calls it. The only clue they can give me is that it has only shown up on the last three Fridays.  It is in a different office in a different state.  My first thought was that it is a contractor using our sonicwall vpn to submit his time.  However, after thinking about it, it could be anyone accessing something on that subnet on Fridays.  We have Webroot on the computers in that office and none of them have found any malware.  Where I am now, we have Eset, as well as at our third office in another state.  I scanned all the computers here that they remote into just in case, but still are at a loss as to where this rogue computer is.  I sent out a couple of emails to our folks telling them about the virus and asking them to contact me if they have done anything different on Fridays, or if they used the VPN, or maybe a goto meeting with that office on Friday.  Do you have any ideas as to determining which computer it is?  We have Sonicwall NSA 2xx series firewalls at our offices, so it would seem to me that we would be able to look for a certain IP address to show up, or some kind of pattern.  Any ideas?



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users