1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Company possible Torpig infection

Discussion in 'Malware and Virus Removal Archive' started by Meervluis, 2011/06/08.

Thread Status:
Not open for further replies.
  1. 2011/06/08
    Meervluis

    Meervluis Inactive Thread Starter

    Joined:
    2011/06/08
    Messages:
    1
    Likes Received:
    0
    [Inactive] Company possible Torpig infection

    Thanks in advance for taking your time,

    I'm not sure exactly what information to post, or where to begin. I'll try and do my best to explain as much as possible.

    First of all, my computer experience is that I'm a programmer, not a system administrator which is a whole different thing (i noticed).

    I work for a small company which as of recently has been unable to send out e-mails to certain e-mail accounts, because of a blacklisting at cbl.abuseat.org.

    Our company consists of the following:
    1 x Primary domain controller running Windows 2007
    1 x Database server running Windows 2007 and SQL Server 2008
    12 workstations all running Windows XP service pack 3 up-to-date.

    Since about a week we've been, according to cbl.abuseat.org, infected with the Torpig. http://cbl.abuseat.org/lookup.cgi?ip=188.201.22.17

    Since the first infection manifested itself i've ran the following programs on all workstations and both servers. I am afraid i don't have any logs of these programs because quite frankly i didn't know i would need them.
    - MBAM (which found no infections)
    - Norton Power Eraser (i took this advice from the company that does our system management)

    After this we've delisted our IP once, but we where relisted several days later because of the exact same issue.

    At this very moment we are running a DrayTek Syslog program. This program is currently filtering our traffic to 91.X.X.X ip adresses.

    I'm now playing a waiting game with Torpig until it tries to reconnect to the Torpig Command and Control center. I'm not feeling like this would be a good idea to do, i therefore ask for any sort of help that can get us clean again.

    As I said, i'm a programmer not a sysadmin, i haven't got a clue where to start looking for this problem, or how.

    I would be more than happy to provide logs, additional information or answer any questions about the problem we're having.

    Again thanks in advance for any help or advice given.
     
  2. 2011/06/08
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Hi,

    Read this post as indicated at the top of this forum & follow the instructions.
     

  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.