Computer being used as a zombie.

Post Reply New Topic

I think that at least one of my computers is being used as a so called `zombie`. What can I do against it and can I take legal action. I`m prepared to take all the necessary steps to stop this.

You can do a format or scan with proper (not norton) and up to date AV software, antimalware software etc.
However, it's hard to track the origin of a botnet, and, to my recollection There haven't been any raids yet regarding botnets per se, as they are very efficient at masking the users (who mostly reside at net cafes controlling the botnet through a public email service). So while it's illegal, there wouldn't be much sense in reporting it, as they most likely won't be able to find the ones behind it.

As for what you can do after it's removed;
Get a firewall, or learn to configure the one in your router properly
Use common sense on the 'net
Keep your OS and progrms up to date

have you tried sniffing your net traffic,

that way you can see if it actually is being utilized by a botnet or if its an autonomous virus.

if its not autonomous then forget finding the person on the other end, not even the CIA can make sure people like that are found.
if it is autonomous simply delete and take care in the future.

You gotta shoot em in the head

I am a computer technician and the author of "Tech Tactics Money Saving Secrets". I can tell you what I would do in the case of such infection as I have removed several of these infections.

First, I would run Norton Power Eraser:
Download the executable, agree to the terms, and choose the rootkit scan (restart option). When the computer reboots and asks if the file should run, run it. Complete the scan and repair anything found.

After that is done, I would then run Malwarebytes Antimalware:
Download the file and if asked if you want to do a trial, choose decline. Allow Antimalware to update. When it gets to the screen where you can scan, choose full scan. Once things are done, choose "View Results" and then remove the malware.

These two no-cost programs do not provide real time antivirus protection, but they are very good at removing lots of malware. After the malware is removed, you may want to look into getting an old machine and setting up a Linux based firewall. Linux distributions such as Ubuntu, Mandriva, and many others are pretty easy to set up. I have written an article detailing how to set up a transparent virus scanning firewall to help prevent future infections. That article is entitled, "How to Set Up a Transparent Malware Scanning Proxy" and can be found by clicking Here.

Other actions that can be taken to prevent future infections include updating Adobe Reader, Adobe Flash Player, Java, Internet Explorer (best to use either Firefox or Chrome), and WIndows Media Player. Even better, use Mozilla Thunderbird for your email client and Mozilla Firefox or Google Chrome for your web browser. You can also configure Adobe reader so that it does not execute any Adobe Javascript found in PDF documents. If you need instruction on how to do this, drop me a private message.

Another option for many of my clients who play Facebook or other web based games is to create what is called a virtual machine and install Linux under it and use Linux running under this virtual machine to play such games. I recommend visiting www.virtualbox.org and getting the free virtual machine to use for this purpose. None of my clients who use my advice consistently have been infected. The idea is to close all known avenues of infection. Locking down your computer and network is cheap.

As far as taking legal action, forget about it. The F.B.I. won't even consider helping unless you can prove damages greater than $5000. Even then, most malware is written or posted from foreign countries where there is jurisdictional issues. Resolving grievances in courts cost big money, and the little guy. no matter how just his cause, rarely wins. You launch a D.D.O.S. attack against the perpetrators of the malware, but that too is likely to get you into trouble. If you want to strike them where it counts, do it in their wallets. Look at any websites sent out in advertisements and contact the abuse department of their I.S.P. (locate and use toll free numbers in order to cost them even more money), contact the registrar for the domain in question, and if the website attempts to phish for information or tries to trick the coputer or user into downloading software, report the website to Google by clicking here. Reporting phishing and malware planting websites essentially make such websites useless to the bad guys. When such website are reported quickly, the bad guys lose the money they have spent on registering such websites.

I hope that you find this information useful.

How does someone know if they are being used as a "zombie?"

I have read about it a little and I want to protect myself from this sort of thing.

• Never click links in unsolicited mails you receive from people you don't know.
• Never provide third parties with your username, password, creditcard info, bank account number, etc. I usually type the URL's myself for certain websites I visit, like my bank website, mail, Paypal website. I don't ever follow links from mails, unless I know for sure the mail comes from these websites.
• Don't install browser plugins from any website, unless you can trust them. Most websites out there don't ever require any other plugin than the usual Flash/Adobe reader/Java. If they want you to install "Fancy Movie Player X", don't.
• Keep your software updated at all times. No piece of software is secure, vulnerabilities are always found. Critical pieces of software here are your operating system, browser, and browser plugins. I use the Secunia PSI tool (link), which regularly scans your computer for unpatched programs.

I am also a computer technician, and sometimes downloading antivirus software to the same machine that is hosting a piece of malware can be pointless, because the rogue program has its hooks deep into your system and disables any attempt to remove it. In that case you need a professional's help, and you may have to reformat. The botnet operators are all in Russia, and the FBI can't do anything. The best thing you can do is stop your computer from being used as a zombie, and that will require removal of the bot. Rootkits are especially nasty-they can sometimes disable anything tossed at them, and infect flash drives plugged into the system. In that case you'll need a pro who uses programs burned to a CD.

Guys, he's only stated that he thinks his computer's infected.

What are the signs and symptoms you're observing that make you suspect malicious activity, OP?

What exactly leads you to believe this? You haven't provided ANY information.

Also, what exactly do you plan to do on prosecuting if you don't even know if this is the situation or not, much less have the ability prove the situation to an external party. Who exactly are you mad at?

Need more details.

Seconding Malwarebytes Antimalware as a very handy tool. I have used it to remove spyware from people's computers in the past. Sometimes you have to go into Safe mode to get it to work right, and sometimes you would need to download it on another computer and change the name of the file to even get it to copy onto the infected system. But once you get it going, it can be very helpful, as a start.

Another free program that I have had good experience with in the past is Spybot search and destroy from link. Keep it updated and run a scan at least weekly; plus, its resident Teatimer process should act as a helpful supplemental antispyware program. It saved me from the only time I almost got a virus (note the almost), back on XP, from some hijacked blog. Windows 7 program change confirmation window seems to have a similar feature, though, so I'm not sure if it's quite so helpful with Windows 7, but at least the manual scanner could help.

Another good general precaution is to never run your system as an administrator; give yourself a regular user account and use that. A couple of other handy tools are Process explorer (what processes are running now? where do they come from?) from link and TCPview (what connections are going on right now with the computer? what type are they?) from link The author of these last 2 software programs is an expert in writing Windows diagnostic software.

Hmm, a shotgun would be messy... How are you at Kendo?