Hey everyone, Chris directed me through email to try this forum to see if anyone could help. The other day Malwarebytes detected a trojan or two and some browser hijackers and removed them. Then, last night it came to my awareness that I still might have something on the computer. I scanned with Spybot and it found nothing. I then scanned with spydoctor and it found a couple more things. I got rid of most of the stuff that it found, but then there were 2 things I could not. I think they were browser redirects of some sort to a .info site. I also noticed in netstat that localhost:32000 and localhost:31000 were established. I never noticed those being like that before. When I try to check msconfig, I get a 'Windows cannot find Msconfig' etc....
I downloaded a newer version Zone Alarm, Free AVG, & Trend Micro RUBotted. RuBotted detects a bot any time I connect to an IRC server. Zone Alarm also picks up a few IP addresses that try to connect over and over every few seconds to every few minutes or so. When I look up the ports they are connecting to, Zone Alarm notifies me: ' This connection attempt was probably a port scan looking for an unprotected Microsoft SQL Server against which to carry out an attack. '
So, the good news is, I think I've blocked anyone from using the Bot and I know there is one there. I'm just now trying to figure out what's the best way to go about removing it. I left out that I do have msql and apache installed in order to test my wordpress themes, but I cannot disable them because of Msconfig being missing. Sorry for the long post, if anyone reads all of it and has any idea what to do, please let me know. Currently I'm just virus scanning with Housecall and with AVG.
|
Computer Security