Avatar of considerscs
considerscs
Flag for United States of America asked on

Zeus P2P

We have recently taken over an organization as their outside IT.  We are in the process of cleaning their entire IT world up.

We have a Zeus P2P in the network on a computer.  We are trying to locate this remotely.  We have a sonicwall that is already set to block P2P programs, but it is not catching the Zeus P2P.  The way we know we have it is our ISP is sending us logs where they are catching it on the outside IP.

We have installed Symantec Endpoint Protection on all computers and even it has not found it yet.  Though it did find many many other viruses.

Does anyone know of a way that I can sniff this out remotely?  We are 3 hours from this company and would like to atleast pinpoint the computer that is infected and if we have to we will go on site and pick this machine up.

Thanks for the help.
Anti-Virus AppsSecurityNetworking

Avatar of undefined
Last Comment
Aaron Tomosky

8/22/2022 - Mon
SOLUTION
Aaron Tomosky

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Aaron Tomosky

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
considerscs

ASKER
my logs are catching the Zeus P2P working on the Sonicwall but it is showing as the outside IP.

I need to be able to pinpoint that traffic on those ports to the inside IP.  Im more of a Cisco guy so Sonicwalls are new to me.

@aarontomosky - I do have Viewpoint.   I currently have the logs emailing to me when full.
SOLUTION
Aaron Tomosky

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Aaron Tomosky

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
considerscs

ASKER
I am licensed for Viewpoint.  Im looking at trying to get a free syslog app to send the logs to.  The logs emailed are of no help as they do not show the inside ip that is sending the UDP port traffic to the outside IP.
ASKER CERTIFIED SOLUTION
Aaron Tomosky

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes