Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

ISP Telling Me I Have A Botnet...

2K views 8 replies 2 participants last post by  Ghpr1313 
#1 ·
I received a email from my ISP, Insight Communication, stating that it appears that I have a "Botnet". I contacted my ISP and they said that a "good number" of Insight's subscribers have been affected by this "Botnet". They said that, for right now, it is just sending out spam. They said it that the "Botnet" appeared about 8 days ago on subscribers computers. The only advise Insight gave me was that I should reformat my hard drives.

My details:
Win 7 OS All Updates Current.
FireFox 3.6.15
IE 8
Thunderbird Email 3.1.9
avast Anti Virus 6.0.1, Updates Current
Comodo Firewall 5.3.1, Updates Current

Second Computer:
Win XP OS, All Updates Current
FireFox 3.6.15
IE 8
No Email
avast Anti Virus 6.0.1, Updates Current
Comodo Firewall 5.3.1, Updates Current

Router:
Linsky E1000 Updated Software. (Just got router a week ago)

Devises Connect:
Main Computer-Ethernet Cable
Second Computer-Ethernet Cable
Wii-Ethernet Cable
Dish VIP722k DVR-Ethernet Cable
Samsung BD C6500 Player-Ethernet Cable
X-Box 360-Wireless

After talking to Insight, I ran scans on both computers using the following security sofeware:
avast Anti Virus (Deep Scan and Boot Scan)
Norton's Security Scan
Spybot S&D
Malwarebytes' Anti Malware
RemoveIT ProV7 Ultra (Trial)
Windows Live Onecare Security Scanner

All scans came back clear except for the following items that were flagged:
On the avast Bootscan, references to "Java" were flagged as a "Low" risk.
On the Spybot S&D scan, one Doublclick Cookie was Flagged.

The 3 users of the computers are my wife, my 25yo son, and myself. Now my wife uses it to just surf the web. She's not very computer savvy so I'm not 100% sure she didn't click on a pop up. She doesn't use her email, so I know she didn't open a infected email.

My son...well he's a 25yo, who's not real computer savvy either. He tends to surf, let's say, the "Dark Side" of the web. It's very possible he clicked on a porn pop up, but if my avast reacted to it, I think he would have clicked "stop" or "denied" ...but I can't be 100% sure he didn't proceed. Also he downloads a lot of "free" games and game trials and spends a lot of time on Youtube, so again, he's probably my weakest link. He doesn't do email on the computer, but he does have an X-Box Live account where he receives and sends email via Gmail and downloads from Netflix.

None of us have Facebook or Myspace accounts...if that really matters.

Anyway, I'm at a lost! I need some help here. Reformatting the HDD on the second computer isn't a problem. Basically, all that's on that HDD is the OS and my security software. This computer is uses are TV as it's monitor and we use it very rarely. But reformatting the HDD on my main computer would be a drag. I have a lot of programs on there and it would really be time consuming. If that what I have to do to both HDDs I will, but only if that my last recourse.

How can I be sure that Insight knows what they are talking about? In the 15 years I've been with them, they're not the sharpest around. Is it possible that the breach was on their part? Could their system have been "hacked" into? Or could it only have been something that was done in my house?
If it was something that came from my house (someone here caused the breach), why would a large number of other Insight subscribers be infected also? We all did the same wrong thing? Plus, I have used avast for years and it's never let me down before...

If anyone out there can offer me some suggestions or help it would be greatly appreciated. Really, I need help with this and any clarification as to how this happen and how do I get rid of it? As a precaution for now, I've been disconnecting the two computers from the router whenever I'm not on my computer. Oh, BTW, I shut down my computer at night or whenever it's not going to be used for a long time. Don't know if that helps with viruses, just knows it helps save electricity and reboots the memory. I have Voange so I have to that connected to the Internet, and my son's X-Box is still connected via wireless.
Thank you in advance to anyone who has taken the time to read this and help me out.
Ghpr1313:(
 
See less See more
#3 ·
Thank you for your guidance. Here are the logs you requested From Hijackthis, Gmer, and DDS.

On the Gmer I seen the notice about "any CD Emulation programs", I don't believe I have any of these programs on my computer. I just have Windows Media Player and iTunes. Anyway, the Gmer Scan stated nothing was found...it didn't give me an option for saving a file, because of nothing found.

If I need to do anything else, please let me know.
Thank you,
John (Ghpr1313)
 

Attachments

#5 ·
dvk01,
Here's the scans from the WinXP computer you asked for.

If the scans on both computers are "clean" would you say my system is "Bot Net" free and I can continue on as I have been with avast anti-virus and Comodo Firewall?

Any advice on what I should tell my ISP if they tell me that I'm still infected?

Once again I want to thank you for taking the time to help me.
John (Ghpr1313)
BTW: I attached a new GMER Scan from my Win7 computer. When I was trying to download the GMER.exe I was having trouble downloading it. I had to download the GMER Zip file. After I finished with my WinXP computer, I tried to again download the GMER.exe on my Win7 computer and was able to download it w/o a problem. So the GMER-Win7 log is a new log with info on it.
 

Attachments

#7 ·
dvk01,
I ran scans on both systems using the 4 on-line scans you listed. ESET and Bitdefender QS scans from my Win7 OS are attached. They were the only scans that showed any infections. The Panda on-line scan would not complete the scan in Win7. It would stop at 12% scan each time I tried to run it.
On the WinXP OS, none of the scans came up with any infections, and I've installed RUBotted from Trend Mirco on that OS.

After doing all of these scans, and after you review the 2 reports attached, if you feel my system is clean, I would be in agreement. I have yet to observe any strange behavior on either of my two computers. I have also done boot scans and memory scans without anything showing an infection.

Please let me know what your summary is of my situation.

Again, I am very, very thankful of your time, effort, and knowledge that you applied to my problem. On Thursday, March 17,(that's when my wife gets paid, I'm disable) I will show my appreciation by making a donation to helping the Hedgehogs.

Thank you,
John (Gh1313)
 

Attachments

#8 ·
I can see no obvious sign of any malware or bots

the BD scan only shows legitimate connections with no obvious out of place ones

I would assume that your ISP has sent a general message to every subscriber , rather than the few infected ones

There are "infected" files in the java cache, but that is normal & it doesn't mean that they actually are dangerous. If your java is updated to the latest version they can't run or do any damge

clear your Java cache as shown http://www.java.com/en/download/help/5000020300.xml

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top