Questions

My PC is supposedly part of a Botnet

Tags: Security, Malware, Mobile
+
0 Votes

My PC is supposedly part of a Botnet

fnanfne
Hi there.

I cannot sustain a stable VPN connection to a remote office.

I successfully establish a VPN connection but 10-15 seconds later, the connection gets terminated. Eventually, the sys admin looked at the logs on the firewall and noticed that the connection of my home IP was being denied. The reason given in the firewall log is as follows:

"DOS Alarm: 'port_scan_dos'

I've been told that this is seen when a machine is inundating a server with requests or if the machine is scanning various ports on the server/firewall. I have also gone to three other locations and every time I connect via VPN, the same thing happens; I get kicked of seconds after making a successful connection. The same string appears in the firewall log with the only difference being the Blocked IP.

So, I KNOW my machine is infected. The problem is that I don't know how to get rid of the malware. I've tried the following utilities all to no avail:

1) SuperAntiSpyware
2) Malwarebytes
3) CCleaner
4) Malicious Software Removal Tool
5) Symantec.cloud AV (which scans every single day at 1am)
6) Spybot
7) Microsoft Safety Scanner

Now, I know a format and reinstall will sort the problem but I was hoping there is another way to try and find out what program/virus is either "scanning ports" on the VPN server or inundating it with requests.

It has been suggested to me to download ProcessHacker to ascertain which program/utility/virus/malware is "port scanning" but I'm not sure what to look at here. This utility seems like a more useful Task Manager but how do I use it to find malware?

Any other suggestions just shy of a full format are welcome!

Thanks for reading

Steven.

INFO:

-I have a Lenovo w520 laptop running WIndows 7 Pro 64bit.
-I establish a VPN connection using PPTP and the built in Windows software.
-The VPN server is WatchGuard and via a Firebox firewall.

Member Answers