My PC is supposedly part of a Botnet

By fnanfne ·
Hi there.

I cannot sustain a stable VPN connection to a remote office.

I successfully establish a VPN connection but 10-15 seconds later, the connection gets terminated. Eventually, the sys admin looked at the logs on the firewall and noticed that the connection of my home IP was being denied. The reason given in the firewall log is as follows:

"DOS Alarm: 'port_scan_dos'

I've been told that this is seen when a machine is inundating a server with requests or if the machine is scanning various ports on the server/firewall. I have also gone to three other locations and every time I connect via VPN, the same thing happens; I get kicked of seconds after making a successful connection. The same string appears in the firewall log with the only difference being the Blocked IP.

So, I KNOW my machine is infected. The problem is that I don't know how to get rid of the malware. I've tried the following utilities all to no avail:

1) SuperAntiSpyware
2) Malwarebytes
3) CCleaner
4) Malicious Software Removal Tool
5) AV (which scans every single day at 1am)
6) Spybot
7) Microsoft Safety Scanner

Now, I know a format and reinstall will sort the problem but I was hoping there is another way to try and find out what program/virus is either "scanning ports" on the VPN server or inundating it with requests.

It has been suggested to me to download ProcessHacker to ascertain which program/utility/virus/malware is "port scanning" but I'm not sure what to look at here. This utility seems like a more useful Task Manager but how do I use it to find malware?

Any other suggestions just shy of a full format are welcome!

Thanks for reading



-I have a Lenovo w520 laptop running WIndows 7 Pro 64bit.
-I establish a VPN connection using PPTP and the built in Windows software.
-The VPN server is WatchGuard and via a Firebox firewall.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Don't use Windows and you will not have this problem

by HAL 9000 Moderator In reply to My PC is supposedly part ...

Or at least not as severely impacted.

As for finding out what you have you need to scan the system in Safe Mode or better yet not have Windows Running as when it is it often hides any infections.

To that end you can use something like F Secure Rescue CD available free here though ideally you would want to download it on a Uninfected System and burn it to CD.


Collapse -

A bit extreme

by fnanfne In reply to Don't use Windows and you ...

Thank you for the suggestion Col but using a new OS would be even more extreme than re-installing Windows!

I have a second computer to download the file so I will give the utility you suggested a try.

Again, thank you for your input.

Related Discussions

Related Forums