I have received an email from my ISP provider stating that one or more computers in my network is infected with this IRC Bot/virus I have scanned using AVG, Norton, Malwarebytes, SUperAntiSpyware, and have found nothing. I re-analyzed roger's email, and i think my network as been hacked. can anyone help me analyze this? does that mean that the computer in question is using Win NT 5.1, using firefox, chrome and safari?
but the thing is, i don't know if i'm still infected or not i have 6 computers to scan, and i need to isolate the exact computer so i can format and of course, some virus are protected from scanning and even such, if it's a hacker, then i would have reformatted for nothing all i'm asking is to help me analyze that information. when it states "windows NT 5.1" could that refer to Rogers' bait computers it uses to detect viruses, or is that the computer belonging to a hacker?
A quick analysis: (All they sent you were fucking logs? No explanation of what it means?) From the looks of it, it seems Rogers has identified that malicious traffic is going out from this IP [99.247.158.109:64048] via port CONNECT 6669. To verify, confirm the public IP of the boxes in your house. A quick hit reveals the following: http://vil.nai.com/vil/content/v_123785.htm A lookup of the above mentioned IP gives the following: Knoc
edit: stupid post re edited: here are the steps that i've taken scan using 4-5 sofwares in safemode on 6 computers removed 2 trojans on 2 computers reran the scans upgrading from WEP to WPA2-personal (i didn't do it, because one of my computers doesn't support WPA, but now, fuck it.) port forwarded port 6669 to a non existent local ip address, thus stealthing irrelevant, but done: had a spare N-router, replaced the old G-router, and created WAPs
Not with standing all the measures taken above, on the boxes, did any of the IP's match 99.247.158.109? Knoc
yes... hence i edited the post.... that was pretty stupid... ANYWAYS, since the emails i receive from rogers only occur at the instance of an attack, and that they put me on monitoring for 48 hours, i just have to wait until tomorrow to see if i get any emails. if i get an email, then i still have it. if i don't then i'm free.
6 computers??do you use them all?Well maybe it's a joke,the bot was programmed to say this but i don't know...
programmed to say what? take a look at what knoc said, that's how the bot behaves. anyways, i DO have 6 computers. one belonging to me, 2 belonging to my dad, one belonging to my brother, and 2 belonging to the house. in any case, we'll see how it goes. so anyways, would stealthing a port, misdirecting it to a non-existent IP address work?
ohh...alright.i will try asking my brother about it,he knows better about irc than me... you're soo lucky,everyone has a computer whereas i have to share with my brother.I'm curious,do you use LAN for the internet?
internet doesn't work without lan anyways, w/e i never got another email back from rogers, so they got me off of the monitoring list we'll see how it goes from there
