I have a home wifi with 4 Windows computers. A little over a week ago, the emails we sent out started being rejected because our ip address is being blocked by Spamhaus’s Composite Blocking Service (CBS) because we were infected with Trojans/bots/malware. Here is an excerpt of what I get when I look up our ip address on their website:
IP Address 126.96.36.199 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.
It was last detected at 2016-08-01 19:00 GMT (+/- 30 minutes), approximately 3 hours ago.
So far the website has always listed gozi, conficker, or ZeroAccess as the offending malware.
I’ve used various anti-malware scanning tools to try to detect the problem including McAfee, Microsoft Malicious Software Removal Tool, TDSSKiller, Norton Power Eraser, and Sophos Virus Removal Tool. None of them have been able to detect a problem.
Besides the reports on Spamhaus about why my ip is blocked, I don’t have any way of detecting whether I am infected until I notice that we are probably using about 1-2 gig of downloads per day more than usual, and then I notice that my administrative rights to the computer have been taken away from me by the malware.
I have restored the PC’s to their factory condition, and everything is fine with CBL for a while, but when I start copying data from backups (mostly from USB sticks) I start getting problems listed in CBL again, which is my first indication that something is wrong.
I am using Panda USB vaccinated USB sticks and my computers are vaccinated as well. Naturally I scan the data with McAfee (mostly pictures and email files) before I reload it, but it never detects a problem.
I’ve tried seeking advice from local consultants but so far I haven’t found anyone who can help me.
Is there any kind of rigorous malware scanner that you would trust to use on the files before copying them to a clean computer? Is there anything better than Panda USB vaccine? I’d be very grateful for any advice.