Results 1 to 6 of 6

Thread: I am botted

  1. #1
    Lounger
    Join Date
    Dec 2009
    Location
    South Africa
    Posts
    49
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have a multiboot system running XP, Vista, Win 7 and Ubuntu Linux. My computer has a network connection to my wife's XP machine. In ALL of the Windows environments (including my wife's XP) there is traffic on my internet connection sending and receiving up to 80 MB per day (if I leave my firewall open). When I set my Comodo firewall to block all traffic (when I am not using the web) I get a popup saying that a file called NEW....tmp.exe wants to connect to the web. the ... in the file name changes each time to a different group of numbers and/or letters. eg New67d8.tmp.exe if I dismiss that popup, in a few minutes another NEW....tmp.exe asks for a connection.

    I have tried several antimalware programs, including Kaspersky, MS Security essentials, Superantispyware and about half a dozen more. NONE of them reports malware in any of the Windows systems.

    I am now getting desperate. Short of cleaning my entire setup and starting again with all the systems, what else can I try. (I have HUNDREDS of applications on my system)

    Please help !!

    Errol Greer

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,585
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    You can use a tool such as WhatInStartup - Disable/delete programs at Windows startup or Autoruns to see what is being started when you boot your system.

    You can also use a tool such as Rootkit Revealer to check for rootkits. BUT, be very careful when you use a rootkit tool. Correctly identifying and removing a rootkit is tricky. You should read the entire article on the download page.

    Joe
    Joe

  3. #3
    Lounger
    Join Date
    Dec 2009
    Location
    South Africa
    Posts
    49
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have looked at the startup programs, but nothing unusual there. These bot things hide from everything, including the task manager. That's why I need help. I have run several antirootkit apps and again, nothing is found.

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,585
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    Have you checked the services that are started automatically?

    Joe
    Joe

  5. #5
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    May be a rootkit, very hasty. Try the Rootkit Revealer.

    cheers, Paul

  6. #6
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts
    Hi Errol :

    Appears you have a very advanced form of malware, to the degree you
    should ask an experienced, trained, Certified, Volunteer "Malware
    Removal Specialist" found on many Advanced Malware Removal
    Forums, such as the One at www.geekstogo.com/forum/forums.html .
    Follow the Info in their "Malware and Spyware Cleaning Guide" to the
    best of your ability . Practically speaking, I recommend you post a
    "Log" using the "OTL" program and let them take it from there. They
    use little known, but highly effective programs to detect, then remove
    malware . I suspect a rootkit is involved, and they recommend posting
    a "Log" using the GMER program .
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •