TechSpot

Possible rootkit?

Inactive
By jackal575
Jul 15, 2012
  1. Hi, I am seeking some guidance for my next steps..

    Some background:
    After recently re-installing Windows 7 (x64) onto a newly created RAID array, I noticed some intruders stealing my upload bandwidth (port 3389 was being forwarded to this box :/ )

    I installed a better firewall (rules for the Windows built-in are a pain to set up properly) to stop the intruders and installed Avira (safe mode complete scan revealed nothing)

    The problem:
    UltraVNC will occasionally attempt to connect to some IP address. It fails and gives me a notification, stating the IP address.

    I have been monitoring network activity and whitelisting trusted programs only and have come to the conclusion that I have either misplaced my trust or whatever I've got is hiding from me.

    I feel like I'm out of my depth now and could use a bit of help!

    Thanks in advance :)
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 5-Step removal instructions and post the logs back here for my review.
     
  3. jackal575

    jackal575 TS Rookie Topic Starter

    Delete this post please!

    Feel stupid for using the default ports -_-

    For reference - these notifications are the result of a portscan

    Sorry for the false alarm
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Are you saying you don't need help with this malware issue?
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.