Malware Making Acess to The Web



  • Hello, my pfsense firewall helped me diagnosing that my laptop was infected with a malware that is always trying to access a remote server somewhere in china. The access is silent, but I got him by my blocked connections on my firewall. I did it all to try to remove it from my pc, but with no success.

    From the pfsense side I blocked all connections to that ip, but the problem is that I use this laptop in work (no pfsense).

    My question, is it possible from windows side to detect with file is accessing a certain port or ip? I need to fix this problem and I would hate to have to format the pc?

    thank you in advance
    Best Regards
    soloam



  • If your laptop has become infected, my advice is don't even attempt to "clean it".
    Just wipe it completely and do a fresh install of all the software.  (except hacks, cracks and malware)



  • I agree that nuking all the partitions and starting clean is the best course of action. Especially when the PC is used in a business.

    If you truly must investigate, TCPView should do what you are asking.
    http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx


  • LAYER 8 Global Moderator

    Agreed..  If it was MY machine I would nuke it - if someone else machine might spend some time looking for it.  But in the long run the best advice is just plain nuke it from orbit, its the only way to be "sure"!!

    Tracking it down from the firewall logs just lets you know where to send the nuke ;)



  • Thank you all, I nuked it. Clean now :)

    Thank you all



  • Just a suggestion for future reference: When you first build your PC, run a backup to an external drive using Redo Backup (http://redobackup.org/). It's a Linux-based bare-metal restore system which will back up the entire drive and contents of your PC in a clean state. If you happen to pick up a virus along the way, just hive off your documents/pictures to separate storage and then recover the PCs original build state from the backup you made earlier. Worked for me, anyway, and it saves you having to go through the entire manual rebuild process if you need to flatten the machine.


Log in to reply