Starting 3 weeks ago I noticed I have to pass through a CAPCHA page before being allowed to access a bunch of webpages. My research led me to discover this is because my IP is listed on spam-catcher blacklists like projecthoneypot.org and abuseat.org. The latter, which hosts the CBL (Composite Blocking List) is also used by a bunch of other spam lists. It pointedly tells me that my IP is infected with the necurs spambot when my IP is queried.
Here is a screen shot: http://www.half-hp.net/uploads/Capturespambot5-12-2016.jpg
I am running Windows 10, and have Norton Internet Security and MBAM on my computer. Upon learning the news, the first thing I did was to scan with both softwares which turned up nothing. Later on, I've also downloaded and scanned with Panda AV, Spybot S&D and Norton Power Eraser. They did highlight a few things for me like my router password wasn't secure, the firmware was outdated, my Mozlla Thunderbird outdated.... which I've all addressed, along with minor suspicious file entries like PUP (which to me couldn't have been viruses...) and tracking cookies which I've all deleted.
Later, I realised I wasn't running a full scan with Norton (*face palm* it's default is a quick scan), so I did one. This time it found a "Trojan.gen.2" hidden in my secondary drive. This was deleted.
I've since re-ran MBAM, Norton Power Eraser, Spybot S&D, *and* MAcfee Rootkit Remover, TDSSKiller, and Malwarebytes Anti-Rootkit. All of which showed I have nothing.
Throughout this 3 weeks, the spam-catcher blacklist (particularly abuseat.org) continues to say I am infected with Necurs. I checked just an hour ago and my IP is still there.
Which should I trust? Online blacklists or AV/Malware programs?
Am I infected? What should I do?
I really appreciate anyone who can help me out.
Edited by Stan-L, 05 December 2016 - 05:18 AM.