How do I determine if I'm part of a bot net?

Discussion in 'Malware Help (A Specialist Will Reply)' started by basil60, Sep 25, 2012.

  1. basil60

    basil60 Private E-2

    Hi

    a couple of weeks ago my ISP notified me that "unsolicited emails have originated from the following users IP address". The normal stuff followed about taking action or possible suspension of service.

    My PC runs Windows 7. I also have a web server on my LAN with a static IP to host my own web page. It runs Ubuntu 11.04

    I ran Sophos Bootable without finding anything. I also ran Avast anti virus on my Windows PC which didn't seem to find anything (a false possible is all I recall). I also installed a new version of ZoneAlarm free version just to check that I hadn't accidentally approved a rule to allow bot access.

    I turned my server off, to eliminate the server from the problem for now.
    What else can I do to ensure that I'm free of malicious software that may get my service suspended?

    Basil
     
    basil60, Sep 25, 2012
    #1
  2. thisisu

    thisisu Malware Consultant

    thisisu, Sep 25, 2012
    #2
  3. basil60

    basil60 Private E-2

    Hi

    I'm running Win 7 64Bit.
    Ran CCCLeaner.
    Ran RogueKiller
    Ran MalwareBytes
    Ran TDSSkiller
    Ran HitmanPro - seemed to find a false positive (found RoboMind.exe as a Trojan)
    Ran MGTools - although I couldn't find it's log

    No reports of any viruses, trojans or malware.

    Basil
     
    basil60, Sep 25, 2012
    #3
  4. thisisu

    thisisu Malware Consultant

    Hello Basil,

    Please attach the logs even if they did not find anything as requested by the Malware Removal Guide.

    The logs from MGtools can be found here: C:\MGlogs.zip
     
    thisisu, Sep 25, 2012
    #4
  5. basil60

    basil60 Private E-2

    Sorry.

    These are the logs I saved.

    basil
     

    Attached Files:

    basil60, Sep 26, 2012
    #5
  6. thisisu

    thisisu Malware Consultant

    Not much wrong here. Just a couple of suggestions:

    http://img850.imageshack.us/img850/4746/programsandfeatureswin7.gif From Programs and Features (via Control Panel), please uninstall the below:
    • Java(TM) 6 Update 31 (outdated)

    Use Windows Explorer to delete the following folders:
    • C:\Program Files (x86)\1ClickDownload
    • C:\Program Files (x86)\Yontoo

    __

    http://img195.imageshack.us/img195/9049/javaz.gif Now install the current version of Sun Java from: here

    __

    The rest of your logs are clean.

    Let me know what malware related issues you are experiencing .
     
    thisisu, Sep 26, 2012
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds