Still a Spammer.

Jan. 31st, 2008 02:49 pm
swestrup: (Default)
[personal profile] swestrup
I've blocked the outgoing port, so no spam is going out, but my machine is still trying to send it. So far, every scan I've made to try and find the malware responsible has failed.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2008-01-31 08:07 pm (UTC)
From: [identity profile] thebabynancy.livejournal.com
is this "my" machine, as in your PC... or your server? which OS are you using there?

Date: 2008-01-31 08:11 pm (UTC)
swestrup: (Default)
From: [personal profile] swestrup
Its my new Windows XP Box. My server is fine.

Date: 2008-02-01 08:11 am (UTC)
From: [identity profile] pythonian.livejournal.com
Aha! Well there's your problem right there. Windows XP *is* malware! :-)

Date: 2008-01-31 08:12 pm (UTC)
From: [identity profile] thebabynancy.livejournal.com
p.s. what is your malware scan of choice?

Date: 2008-01-31 08:22 pm (UTC)
swestrup: (Default)
From: [personal profile] swestrup
I usually rely upon ClamWin, Ad-Aware and Spybot-S&D. For this I've also tried IceSword, AVG Anti-Rootkit, and RootkitRevealer.

Date: 2008-01-31 08:47 pm (UTC)
From: [identity profile] thebabynancy.livejournal.com
craziness.

you would think utilizing all those - updated - that they would reveal whatever is there.

bonne chance! :D

Date: 2008-01-31 08:45 pm (UTC)
From: [identity profile] kallisti.livejournal.com
It could be one of the newest rootkits...it actually runs what you think of as your normal session in a virtual machine under the rootkit.

So there is no way that you can detect the rootkit while the machine is running. Boot up a copy of Knoppix and try running ClamAV from it...or put the HD in a USB enclosure and scan it with someone else's machine and the latest rootkit revealer software.

ttyl

Date: 2008-01-31 08:51 pm (UTC)
swestrup: (Default)
From: [personal profile] swestrup
Does Knoppix have ClamAV? I don't remember that. And is there any particular rootkit revealer you'd recommend. There's dozens of them.

Date: 2008-02-01 05:00 am (UTC)
From: [identity profile] kallisti.livejournal.com
Latest versions of Knoppix have almost everything...and the DVD Knoppix *does* have everything!

I haven't seen any one good rootkit revealer...grab as many has you can find and try them all. Actually same goes for virus and malware scanners...there are so many versions of both that no one scanner can catch them all.

This is part of the reason that I mostly run Linux!

ttyl

Date: 2008-02-01 02:54 pm (UTC)
From: [identity profile] electorprince.livejournal.com
Eset's NOD32. It's like having access to the Eye of Horus. I haven't seen anything it can't find, and it autoruns in the background as an active deflector on top of being a scheduled or manual scanner.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

swestrup: (Default)
swestrup
My Website

January 2017

S M T W T F S
1234567
891011121314
15161718192021
22232425262728
293031    

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Mar. 15th, 2026 10:12 pm
Powered by Dreamwidth Studios