Spyware Broadcast Storm
Posted on 2008-06-12
We had a computer come into our shop infected with WinAntivirus and some other spyware/virus crap. After disinfecting the machine no signs of the spyware showed up with one glaring exception: Whenever the machine was plugged into our network it hammered the lan with 255.255.255.255 broadcasts. It was so bad that it would shut down our cable router within a minute and it needed to be rebooted. We ran stuff like Winsockfix, LSPfix, etc. but no luck. The solution was to re-format the machine, which worked, but I would like to know what else could have been done without re-formatting. Any thoughts?