|I got the following e-mail from my ISP.|
T&T IISS Network Security <email@example.com>
Dec 27 (3 days ago)
to ctg8273, ctgarrett, dawgfan1785
Important computer safety notice from AT&T Internet Services Security Center - Bot Traffic Detected
Site ID: firstname.lastname@example.org
Primary Account Holder: GARRETT
Billing Acct Ending: xxxx
Dear GARRETT (Primary Account Holder),
AT&T has received information indicating that one or more devices using your Internet connection may be part of a zombie computer network (“botnet”). Internet traffic consistent with a bot infection was observed on Dec 26, 2013 at 7:40 AM EST from the IP address 18.104.22.168. Our records indicate that this IP address was assigned to you at this time. Infection details:
Source port: 50589
Destination IP: 174.xx.xx.247
Destination port: 16471
For security reasons, the destination IP is partially obscured.
Botnets are networks of computers which have been infected with malicious software and placed under the control of a hacker or group of hackers. They are often used for attacks on websites, spamming, fraud, and distribution of malicious software. Because bots are designed to run in secret, an infected computer may display no obvious symptoms.
To address this problem we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.
If you use a wireless network, ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). Check the connections to the router and ensure that you recognize all connected devices. This will ensure that an infected computer owned by someone else is not using your Internet connection.
Update the security software on your system and install any necessary service packs or patches.
AT&T offers a free online scan tool PC Health Check that will scan for virus/spyware activity at https://pccheck.att.com/. AT&T also offers the AT&T Security Suite; see http://www.att.net/iss. (You must be logged in with the Master Account ID to download AT&T Security Suite).
When you have taken action, please respond by forwarding this email to email@example.com with an acknowledgement of: “I am taking steps to address this infection.” When we receive such an acknowledgment, we can maintain the high quality of service you expect from us. We welcome feedback on what removal tools or methods were used.
Additional tools and information:
AT&T PC Health Check: https://pccheck.att.com/
Microsoft Security Essentials: http://www.microsoft.com/security_e...
Microsoft Safety Scanner: http://www.microsoft.com/security/s...
OS X Gatekeeper: http://support.apple.com/kb/HT5290
Malwarebytes Anti-Malware: http://malwarebytes.org/
Spybot +AV: http://www.safer-networking.org/
AT&T Internet Services Security Center
DISCLAIMER: The information above contains links to software by third-party vendors (hereafter, “the Software”). AT&T is not responsible for support or assistance for any of the Software. If you need support or assistance with any of the Software, please contact the Software's vendor directly. AT&T is unable to provide a warranty or guarantee, either expressed or implied, for any of the Software. You will be responsible for your own system software and system security and not hold AT&T, its partners, agents or affiliates liable for any costs or damages whatsoever (including, without limitation, damages to access system, hardware and/or software) to your computer as a result of installing or using any of the Software. You also understand that use of all hardware and/or software must comply with the Bellsouth Acceptable Use Policy.
Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link.
©2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
This may take a while. This is my dads laptop running Windows XP it is from his work. Back in 2010 or 2011 it had a very bad infection that hid everything and also a mbr virus I do not remember all the details. But I thought I had it all clean I personally would have did a reinstall if it was me but that is not really an option because of so much work related software etc on the drive. It has went back downhill every sense. There is still alot of his programs hidden and alot of things in the start menu are hidden like disk defrag the one in XP under system tools. This is really really a mess. I need some expert help to get this all cleaned up. The e-mail came because on the 26th I thought I had it all clean I connected it to my router and next thing I know a few days later I get the e-mail. I know there is someone who can give some advice. BTW I have restored a backup I did before I did any scans so this is just like it was when I got it from my dad the reason is because the things I was doing was not working so I restored and decided to get some expert advice. The system post then boots to a screen where I can select recovery console was required when I used cobofix before also an option for debugger. If I select recovery console I get an error.
TRAP 00010010 =================EXCEPTION=========================
Then a bunch of funny writing.
I have an XP Professional CD I may need it to boot to the recovery console and maybe run combofix from a USB flash drive. I am in EST time if anyone across the pond halps.
Laptop Dell Latitude D620 Core2Duo
Windows XP Pro SP3
Desktop HP Pavilion p6533w
AMD Dual Core 3.0
Windows 7 Home Premium
Server Windows XP Pro SP3
3.0 Ghz 3 GB Ram
message edited by ChristopherTGarrett