Author Topic: Is your machine a zombie?  (Read 6357 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Is your machine a zombie?
« on: May 27, 2008, 01:50:40 PM »
Hi malware fighters,

Millions of PC's are turned into spam spewing zombie machines. Check if you are also likely to be part of a bot herd: http://www.rbltest.com/index.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

drhayden1

  • Guest
Re: Is your machine a zombie?
« Reply #1 on: May 27, 2008, 02:03:14 PM »
Zombie Detection System:
Reported as clean.
not dead yet damian my friend ;D
« Last Edit: May 27, 2008, 02:06:35 PM by drhayden1 »

avatar2005

  • Guest
Re: Is your machine a zombie?
« Reply #2 on: May 27, 2008, 02:15:27 PM »
My work PC is reported to be clean ::), I hope the home one will be too

UPD: Home PC is reported to be clean too ::)
« Last Edit: May 27, 2008, 06:45:31 PM by avatar2005 »

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Is your machine a zombie?
« Reply #3 on: May 27, 2008, 04:05:47 PM »
All clean here, Thanks for the link damian.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48620
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Is your machine a zombie?
« Reply #4 on: May 27, 2008, 05:52:22 PM »
Since it reports my IP as clean, then it also means that
MySharedFiles are also clean.  :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89255
  • No support PMs thanks
Re: Is your machine a zombie?
« Reply #5 on: May 27, 2008, 07:21:35 PM »
@ polonus
This really doesn't say 'your system' is clean but that the IP you are currently dynamically assigned hasn't had a high volume of emails sent.

So this would only work to show 'your system' is clean if you had a static IP assigned.

Even then I don't believe it is worth much as the assigned IP address is for a browsing connection and your IP address for the mail server I guess is likely to be different. Plus if you were part of a spambot net I wouldn't think it would be using your ISP's mail server, but some other server that allows redirects, etc. ???
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

neal62

  • Guest
Re: Is your machine a zombie?
« Reply #6 on: May 27, 2008, 09:06:50 PM »
Thanks Polonus for this link. My IP was reported as clean by this program. Appreciate the info.  ;)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Is your machine a zombie?
« Reply #7 on: May 27, 2008, 09:17:30 PM »
Hi malware fighters,

Just for DavidR and for what it is worth we give it another test then.
Well this is off course for people with a fixed address, and is not for an address range.

Have you been labeled a spammer?
You may be able to find out.
First determine what your Internet protocol address is
by using a site like WhatIsMyIP.com at:
http://www.whatismyip.com/
Next punch your IP address (or your domain name, for business users)
into DNSstuff's Spam Database Lookup site to see a list of antispam companies
that recommend blocking your e-mail: http://www.dnsstuff.com/tools/ip4r.ch?ip=
or here: http://www.dnsbl.info/
or this followed by your current ip address: http://l.dnsbl.com/cgi-bin/l?l=

polonus
« Last Edit: May 27, 2008, 09:36:22 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Is your machine a zombie?
« Reply #8 on: May 28, 2008, 12:11:48 AM »
Hi malware fighters,

To start from another angle to establish you are behind a zombie computer is to use netstat.
This when you have some symptoms, sluggish computer, computer working idle (leds blinking),
altered hostfile, etc.

Netstat is a helpful tool for displaying information about current network connections. Here we present you with the scoop on Netstat syntax and uses.

Netstat (NETwork STATe) is an old part of the TCP/IP suite of tools. It's mentioned as far back as 1972, when it was known also as "who is up." Netstat is used to display not completely related information about current network connections. It has many implementations, from Unix to Microsoft Windows, each carrying a subset of the netstat commands.

Netstat is defined in RFC 1147, "The Internet Tool Catalog," as follows:
...a program that accesses network related data structures within the kernel, then provides an ASCII format at the terminal. Netstat can provide reports on the routing table, TCP connections, TCP and UDP "listens," and protocol memory management. MECHANISM Netstat accesses operating system memory to read the kernel routing tables.

Netstat provides this information for the moment at which one executes the command. That information might change even as netstat is running.
Netstat Commands and Syntax

Netstat works from a command line and has a variety of switches, as shown in Table 1.
Table 1 Netstat Command Switches

-a
   

Displays all connections and listening ports.

-e
   

Displays Ethernet statistics. May be combined with -s.

-n
   

Displays addresses and port numbers in numerical form.

-p proto
   

Displays connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP.

-r
   

Displays the routing table.

-s
   

Displays per-protocol statistics. By default, statistics are shown for TCP, UDP, and IP; The -p option may be used to specify a subset of the default.

interval
   

Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.

Obviously, you can use the command

netstat /?

from a Microsoft DOS window to get the command set, or you can use the command,

learn to use it,

polonus
« Last Edit: May 28, 2008, 12:14:10 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!