My 2c.
1 - Get them to send you their logs of why they think you have the bots
running. The logs need to contain destination addresses and ports. They
should hopefully contain both src and dst ports
2 - Are you sure you have no MS machines on the same network / Ip
address? Are you using a wireless connection? Is it possible the
wireless has been compromised? Are you on a shared network and its
another part of the network? Does anyone log into you using VPN or
similar that would give them the same IP address? do you run WINE / VMs?
3 - if you are comfortable with bash shell:
sudo netstat -tap - Gives you a list of all networ
connections on your system. If their logs give you ip addresses or
ports being used grpe for those e.g.
sudo netstat -tap | grep 82.165.37.26 (ip address or port <- )
Check out any activity between those ports / ip addresses.
If they cant give you ports / ip addresses or their reasons for saying
you are infected - hassle them and work your way up the chain of command
until they give you something.
If you want to feel free to do a
sudo netstat -tap > ~/OpenPorts.log and email me the
results contained in openPorts.log
.
On 24/08/2015 7:56 a.m., Boyd Lynn Gerber wrote:
I know, I only run Linux and UNIX, but century link is reporting issues.
I have a few times found over the years found a bot, But this time I
have not found anything. They are threating to stop service. So I
really do not know what to do. They temporary interupted my service,
telling my I had to find and remove this. I really do not know what to
do. I am now thinking of installing a MS OS and mount my drives to run
the windows antivirus.
Thanks,
On Sunday 2015-08-23 12:08, unsp...@hushmail.com wrote:
Hello Boyd,
On Thu, 20 Aug 2015 22:13:04 +0200 "Boyd Lynn Gerber"
<gerb...@zenez.com> wrote:
I have everything updated. I have received notice that I have it
below
is the report. I do not see it with rkhunter --check.
Zeus and related trojans are windows-based. Please read
https://www.us-cert.gov/ncas/alerts/TA14-150A and check with
http://cbl.abuseat.org/lookup.cgi?ip=%{INSERT_IPV4_ADDRESS_HERE}&.pu
bmit=Lookup
Regards,
unSpawn
---
--
Shane Hollis
IT In A Box Limited
p. +64 - 3 - 359 5735
m. 022 359 5735
e. sh...@itiab.co.nz
6b Kidman Street
Rolleston
canterbury
New Zealand
------------------------------------------------------------------------------
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
