Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think my main PC is part of bot-net. Traffic going up/down


  • Please log in to reply
1 reply to this topic

#1 Pajajn

Pajajn

  • Members
  • 368 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:04:57 AM

Posted 30 March 2017 - 11:50 AM

I noticed that the WLAN internet traffic reported usage despite my main PC was idle when i did an regular check on my router 24hours report for internet traffic. 

So i scanned with everything i could think of.... including  Malwarebytes, HitmanPRO, Kaspersky TDSS scanner, ComboFix 
ESET NOD Online Scanner and found 0 infected items or files.. 

Moved on and checked my HOSTS file which was completely default. But the only strange thing i noticed is when i tried downloading TDSS killer from Bleepingcomputer forum link i got to 10.30.1.0 something in my browser Firefox (cant remember exact combination of numbers but looked similiar enough)

I installed netlimiter and only found strange ICMP and port 53 attempts from several computers within the home network. 
Also found red checkmarks on Google Chrome trying to reach smtp.gmail.com  like hundred times.


What im doing right now is
1. Installed windows 7 freshly on a Laptop from Dell
2. Connecting to router offline with TP ethernet cable 
3. Resetting router and configuring password on 5Ghz , 2Ghz , router admin name change  +  complex password %&/(=? and numbers included aswell. Also changing default gateway IP to something other than 192.168.1.1.... 
4. Checking over Firewalll to block simple packets that comes  through DoS attacks. 



But i think i need help with resolving why my main PC is sending traffic for no reason... Check image below from yesterday when the PC was active in the network. 


ASUS_Router_Traffic_Log_Botnet_Questionm



BC AdBot (Login to Remove)

 


#2 Pajajn

Pajajn
  • Topic Starter

  • Members
  • 368 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:04:57 AM

Posted 02 April 2017 - 06:01 AM

Whatever i do cant start Windows Firewall and Windows Defender.. 

Zemana Antimalware 0 hits
Kaspersky TDSS Killer with module detection loaded 0 hits
HitmanPro 0 hits
Malwarebytes 0 hits 
Combofix 0 hits

Tried 
WindowsFirewall.diagcab
WinDefend.reg
wscsvc.reg
BFE.reg

+ Tweaking.com Windows Repair full repair of services, states, windows firewall, wmi etc 

Error codes are 

0x80070424
 




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users