ZeroAccess botnet detection

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by flurrball, Jun 21, 2013.

  1. flurrball

    flurrball Private E-2

    Greetings,

    I have a firewall reporting a large amount of traffic destined for port 16464 being blocked from source IPs in countries all over the world. After doing some research online, I found the following info about the ZeroAccess botnet, 16464 is one of its used ports:
    http://secureconnexion.wordpress.com/tag/port-16464/
    http://www.sophos.com/en-us/medialibrary/PDFs/technical papers/Sophos_ZeroAccess_Botnet.pdf

    I have about 50 workstations that I would like to check for this infection as a safety precaution, any idea how I can reliably check if these workstations are infected with ZeroAccess?

    Thanks!
     
    flurrball, Jun 21, 2013
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Jun 21, 2013
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds