Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CBL blacklisted my IP and says I am infected with corebot


  • Please log in to reply

#46
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 259 posts

I just saw something about a program called RKill that's supposed to aid in detecting botnets and other malware when other programs can't see these things.  Do you know anything about this program?


  • 0

Advertisements


#47
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
You're welcome, my_name.

Hold off for a moment with you question about RKill, please... Thank you. :)

Did you intentionally install potplayer, winpcap and wireshark?

It is best to uninstall from the Control Panel to ensure a clean uninstall.

Do you use your ISP client for your email or some other client?
  • 0

#48
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 259 posts
Potplayer is my video playing software and wireshark is something I recently downloaded to try to detect the botnet activity, but I couldn't figure out how to use it. Is winpcap associated with wireshark?

I don't understand your other question about email client.
  • 0

#49
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Winpcap and wireshark both are similar in nature that they both monitor networks.

I don't understand your other question about email client.

Do you use an email client provided by your Internet Service Provider (ISP) or another such as Yahoo, Gmail, etc?
  • 0

#50
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 259 posts

I use Outlook (MSN) for my email mostly with Microsoft's mail software on the computers, occasionally gmail, but nothing from my ISP.  

 

I'm getting very sporadic or no email alerts about your replies on this forum.  I haven't figured out why, but 2 nights in a row I got about 5 email alerts in a row from Geeks to Go with your responses from either earlier in the day or the previous night.  Occasionally, I got an instant email alert about your reply, but it's very strange, they are mostly many hours late or next day late.  I haven't noticed any other problems with receiving emails.


  • 0

#51
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Ok thank you for the email information. May I ask who your ISP is?

What is the make and model of your router.
  • 0

#52
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 259 posts

Our ISP is just a small local company that uses fixed wireless technology for rural customers.  Our router is a TP-Link  TL-WR841N


  • 0

#53
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Hi my_name,

Is your ISP Congent Communications or PSINET INC.? I found an interesting thread here pointing out that Congent is buying out PSINET and you're not the only one experiencing issues.

What I found pretty much confirms my thoughts. This is an ISP issue and your systems are not infected. We can bypass all the heartache you are experiencing by following the instructions I found for you in your routers owner manual.

The instructions for TCP/IP configuration can be found here and the instructions to configure your PC(s) can be found here, unfortunately they are for Windows XP. I found the instructions for Windows 10 here.

If you are not comfortable doing this on your own or have trouble with the instructions and would like for me to prepare some easier to understand instructions for you I would be more than happy to do that, though it is getting late and I need to sign off for the night (work tomorrow :( ). Let me know how you get along and tomorrow we can pick up where we left off.

Donna :)
  • 0

#54
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 259 posts

Thank you so much, Donna, for your patience and research into this situation.  It sounds like I am in kind of an unusual setup with my internet situation.  After you started mentioning these things about the network, I did some research online and found out some things I didn't know anything about before.  I am far from an expert in networking, and this is just what I was piecing together from internet research.  It seems like our ISP is buying their internet from Cogent Communications.  Our WAN IP address on our router's administrative page shows a private 192.... address, which indicates, apparently, that we don't have our own public IP address and must be sharing it with other people, in what is called a double NAT.  (Maybe the malware infections are coming from someone else's network, since the IP address is being shared?)

 

If this is in fact the case, do you think the steps for setting up a static IP on Windows will work in our situation? It's all very confusing for me, but I think we finally are getting somewhere with this.  You were on the right trail, all this time, with checking into the network. 


  • 0

#55
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Good morning my_name, :)

Networking is not my specialty either and I would never have guessed from the start this is where your problem would lead us. I had never heard of such a setup. I live in a small town (don't blink or you'll miss it) myself but I do not partake in the ISP provider offered here. I wonder if the setup is the same? I bet it is and your situation is not as unusual as we think...

If this is in fact the case, do you think the steps for setting up a static IP on Windows will work in our situation?

I do believe this to be the case and setting up a static IP should fix this. Give it a go and let me know how it turns out.
  • 0

Advertisements


#56
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 259 posts

It looks like changing the public IP address to static has to be done through the internet provider, which won't work due to their limitations.  So, is it safe to use all my passwords again on the 2 computers we cleaned?  What about the 3rd one, do you think we should scan that one to be sure?


  • 0

#57
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Hi my_name,

Have you contacted your ISP to see what they had to say? Let's check the router logs to see if they tell us anything before we check the last computer. The instructions to find those logs are found on Page 62 under 4.12.7 System log. Not sure if there is a way to copy and paste them into the reply box so you may have to take a screen shot and attach to the post.
  • 0

#58
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 259 posts

I am attaching the system log for the router.  Is this what you were asking about?

Attached Files


  • 0

#59
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,500 posts
Hi my_name,

Sorry for the delay again. I have been reading through the manual for your router and can't seem to find what I am looking for. I am looking for the firewall log. Is the firewall enabled on your router? If so, I would think that it would keep a log. Can you check that out for me and let me know, please?
  • 0

#60
my_name

my_name

    Sophomore

  • Topic Starter
  • GeekU Sophomore
  • PipPipPip
  • 259 posts

I'm sorry, Donna, I'm really clueless with this stuff.  I don't know.  I do know the router has a built-in firewall and it's on, that's all.

 

Are you confident that the 2 computers we cleaned up are malware-free and I would be safe to do my financial business on them again?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP