Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unusual Traffic from my IP... Am I infected?


  • Please log in to reply
3 replies to this topic

#1 viknesh

viknesh

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 03 September 2016 - 01:03 PM

I recently changed to an new ISP in my area. Since then everything was unusual.

 

1) Its a 60mbps fibernet connection and yet my phone (connected to wifi) couldn't load most of the sites faster. Even my old 16mbps connection loaded them faster. 

 

2) I have two laptops running Windows 10. One of my laptops was infected with tons of adware and malware. After long hours of trying I had to completely reformat my drive and reinstall windows. Fortunately that was my fallback laptop so I didn't lose any files. 

 

3) Now many websites that use Cloudfare's website protection shows me a captcha every single time.

 

4) Project honeypot blacklisted my ip for 6 times saying that it has detected behavior from my IP address consistent with that of a mail server and dictionary attacker.

 

5) After all these years of using Google for the first time I was warned for higher traffics in google servers and had to enter a captcha. 

 

 

I don't know what to do. I occasionally use Hoxx VPN Chrome extension in my main Laptop. My sister working in Amazon connects to Amazon VPN sometimes. Malware bytes and Bit Defender Free found nothing in my laptops. I uninstalled those and installed the trial version of Bitdefender Total Security 2016. But I couldn't login to the bitdefender to scan my pc. I have no idea what is my problem. Seriously in need of help. 

 

Edit 1:

 

Just Ran Malwarebytes Anti Rootkit in Safemode in my Fallback laptop. It found 3 malware with 2 registry entries each.

 

MRT.ext (Trojan.Agent)

MsMMpEng.exe (Security.Hijack)

svchost.exe (Security.Hijack)

 

ADW Cleaner found two infected chrome extesnions (AOL and ASK). 


Edited by viknesh, 03 September 2016 - 02:45 PM.


BC AdBot (Login to Remove)

 


#2 eben314

eben314

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 03 September 2016 - 01:37 PM

same issue, btw. none of the user names listed are mine.

 

from http://www.abuseat.org :

It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.

It was last detected at 2016-09-03 09:00 GMT (+/- 30 minutes), approximately 10 hours, 30 minutes ago.

This IP is infected (or NATting for a computer that is infected) with the lethic spambot. In other words, it's participating in a botnet.

If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.

 

honey.jpg


Edited by eben314, 03 September 2016 - 02:00 PM.


#3 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:10 AM

Posted 03 September 2016 - 06:35 PM

viknesh....Welcome to BC...

 

I suggest you follow the directions below for starting a new topic in the Malware Removal Forum. It may be a few days before

you get a response.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 viknesh

viknesh
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 04 September 2016 - 11:27 AM

Thank you for directing me to the correct thread. 

 

http://www.bleepingcomputer.com/forums/t/625698/unusual-traffic-from-my-ip-malware-detected/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users