Unauthorised network activity

Topic

New Reply

I have an adsl connection and using netmeter I see constant but very slow activity with both incomming and outgoing data amounting to more that 20 mb or more daily. My firewall shows connections to various ip addresses and looking these numbers up I see connections to Russia, Slovakia, US, and various other countries. I suspect a bot is active, using my computer to distribute spam ? but it is also downloading data !. MS Security Essentials does not find anything, nor does “rubotted”. I’ve tried the cmd netstat -nr command but this doesn’t show the ip’s that my firewall shows. The only way I can stop this is to block all traffic via the firewall (COMODO) when I’m not using the computer. Is there some way to find what data it is downloading and sending out ? Or some application to stop all this ?

Please help !

Errol

Reply | Quote

Replies

Errol, give the free edition of Malwarebytes Antimalware a try.

You can also obtain a downloadable copy of Microsoft’s Malicious Software Removal Tool described in this PC World article . Also see the BotHunter article linked in the PC World article. BotHunter can be downloaded here .

SUPERantispyware Free edition is also a good one, very thorough.

There are other possibilities, and other loungers have some great suggestions on how to deal with bot infections.

Reply | Quote

I’m a home user, not a network administrator ( a euphemism for saying I’m a dummy about networks), and I’d like to set up and use BotHunter.
During setup it wants the addresses of networks I want to protect, and my email and dns ip addresses.
I use Roadrunner; OpenDNS; and Hotmail.

How do I figure out the entries BotHunter is looking for?

Thanks,
Dick

Reply | Quote

Hi Dick,

This is assuming you have Windows 7. Go to the Start orb, type cmd in the search box. When the command prompt comes up, type in ipconfig /all and (be sure to include the space between ipconfig and the /) press enter. Your computer will be the first to come up showing your computer name. Next will be the active network adapter you are using, either wireless or Ethernet. Look to the end of this entry to find your DNS server IP addresses. Since you are using OpenDNS, there will be two IP addresses. You should find an entry for each computer or other network device that is connected to your home network with the active network adapter and IP address listing for each one.

If you use XP, click the Start button, click Run and type in cmd and continue with the instructions above.

If BotHunter wants your Workgroup name, you can find it in either OS by going to System in the Control Panel.

I have not installed BotHunter yet.

Reply | Quote

See Download details: Microsoft Network Monitor 3.4. It allows you to capture network traffic, view and analyze it.

Joe

--Joe

Reply | Quote

have you looked at your OpenDNS dashboard? They do a very good job of report BOT activity from your network..

Reply | Quote

Gerald, JoeP, Mercyh:

Thank you for your helpful responses.

Dick

Reply | Quote