I just saw something about a program called RKill that's supposed to aid in detecting botnets and other malware when other programs can't see these things. Do you know anything about this program?
CBL blacklisted my IP and says I am infected with corebot
#46
Posted 08 May 2016 - 05:21 PM
#47
Posted 08 May 2016 - 05:24 PM
Hold off for a moment with you question about RKill, please... Thank you.
Did you intentionally install potplayer, winpcap and wireshark?
It is best to uninstall from the Control Panel to ensure a clean uninstall.
Do you use your ISP client for your email or some other client?
#48
Posted 08 May 2016 - 05:41 PM
I don't understand your other question about email client.
#49
Posted 08 May 2016 - 05:50 PM
Do you use an email client provided by your Internet Service Provider (ISP) or another such as Yahoo, Gmail, etc?I don't understand your other question about email client.
#50
Posted 08 May 2016 - 06:02 PM
I use Outlook (MSN) for my email mostly with Microsoft's mail software on the computers, occasionally gmail, but nothing from my ISP.
I'm getting very sporadic or no email alerts about your replies on this forum. I haven't figured out why, but 2 nights in a row I got about 5 email alerts in a row from Geeks to Go with your responses from either earlier in the day or the previous night. Occasionally, I got an instant email alert about your reply, but it's very strange, they are mostly many hours late or next day late. I haven't noticed any other problems with receiving emails.
#51
Posted 08 May 2016 - 06:58 PM
What is the make and model of your router.
#52
Posted 08 May 2016 - 07:20 PM
Our ISP is just a small local company that uses fixed wireless technology for rural customers. Our router is a TP-Link TL-WR841N
#53
Posted 08 May 2016 - 09:58 PM
Is your ISP Congent Communications or PSINET INC.? I found an interesting thread here pointing out that Congent is buying out PSINET and you're not the only one experiencing issues.
What I found pretty much confirms my thoughts. This is an ISP issue and your systems are not infected. We can bypass all the heartache you are experiencing by following the instructions I found for you in your routers owner manual.
The instructions for TCP/IP configuration can be found here and the instructions to configure your PC(s) can be found here, unfortunately they are for Windows XP. I found the instructions for Windows 10 here.
If you are not comfortable doing this on your own or have trouble with the instructions and would like for me to prepare some easier to understand instructions for you I would be more than happy to do that, though it is getting late and I need to sign off for the night (work tomorrow ). Let me know how you get along and tomorrow we can pick up where we left off.
Donna
#54
Posted 08 May 2016 - 10:34 PM
Thank you so much, Donna, for your patience and research into this situation. It sounds like I am in kind of an unusual setup with my internet situation. After you started mentioning these things about the network, I did some research online and found out some things I didn't know anything about before. I am far from an expert in networking, and this is just what I was piecing together from internet research. It seems like our ISP is buying their internet from Cogent Communications. Our WAN IP address on our router's administrative page shows a private 192.... address, which indicates, apparently, that we don't have our own public IP address and must be sharing it with other people, in what is called a double NAT. (Maybe the malware infections are coming from someone else's network, since the IP address is being shared?)
If this is in fact the case, do you think the steps for setting up a static IP on Windows will work in our situation? It's all very confusing for me, but I think we finally are getting somewhere with this. You were on the right trail, all this time, with checking into the network.
#55
Posted 09 May 2016 - 05:25 AM
Networking is not my specialty either and I would never have guessed from the start this is where your problem would lead us. I had never heard of such a setup. I live in a small town (don't blink or you'll miss it) myself but I do not partake in the ISP provider offered here. I wonder if the setup is the same? I bet it is and your situation is not as unusual as we think...
I do believe this to be the case and setting up a static IP should fix this. Give it a go and let me know how it turns out.If this is in fact the case, do you think the steps for setting up a static IP on Windows will work in our situation?
#56
Posted 09 May 2016 - 12:36 PM
It looks like changing the public IP address to static has to be done through the internet provider, which won't work due to their limitations. So, is it safe to use all my passwords again on the 2 computers we cleaned? What about the 3rd one, do you think we should scan that one to be sure?
#57
Posted 09 May 2016 - 07:12 PM
Have you contacted your ISP to see what they had to say? Let's check the router logs to see if they tell us anything before we check the last computer. The instructions to find those logs are found on Page 62 under 4.12.7 System log. Not sure if there is a way to copy and paste them into the reply box so you may have to take a screen shot and attach to the post.
#58
Posted 09 May 2016 - 08:27 PM
I am attaching the system log for the router. Is this what you were asking about?
Attached Files
#59
Posted 10 May 2016 - 05:48 PM
Sorry for the delay again. I have been reading through the manual for your router and can't seem to find what I am looking for. I am looking for the firewall log. Is the firewall enabled on your router? If so, I would think that it would keep a log. Can you check that out for me and let me know, please?
#60
Posted 10 May 2016 - 06:16 PM
I'm sorry, Donna, I'm really clueless with this stuff. I don't know. I do know the router has a built-in firewall and it's on, that's all.
Are you confident that the 2 computers we cleaned up are malware-free and I would be safe to do my financial business on them again?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users