Zeus P2P
We have recently taken over an organization as their outside IT. We are in the process of cleaning their entire IT world up.
We have a Zeus P2P in the network on a computer. We are trying to locate this remotely. We have a sonicwall that is already set to block P2P programs, but it is not catching the Zeus P2P. The way we know we have it is our ISP is sending us logs where they are catching it on the outside IP.
We have installed Symantec Endpoint Protection on all computers and even it has not found it yet. Though it did find many many other viruses.
Does anyone know of a way that I can sniff this out remotely? We are 3 hours from this company and would like to atleast pinpoint the computer that is infected and if we have to we will go on site and pick this machine up.
Thanks for the help.
We have a Zeus P2P in the network on a computer. We are trying to locate this remotely. We have a sonicwall that is already set to block P2P programs, but it is not catching the Zeus P2P. The way we know we have it is our ISP is sending us logs where they are catching it on the outside IP.
We have installed Symantec Endpoint Protection on all computers and even it has not found it yet. Though it did find many many other viruses.
Does anyone know of a way that I can sniff this out remotely? We are 3 hours from this company and would like to atleast pinpoint the computer that is infected and if we have to we will go on site and pick this machine up.
Thanks for the help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am licensed for Viewpoint. Im looking at trying to get a free syslog app to send the logs to. The logs emailed are of no help as they do not show the inside ip that is sending the UDP port traffic to the outside IP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I need to be able to pinpoint that traffic on those ports to the inside IP. Im more of a Cisco guy so Sonicwalls are new to me.
@aarontomosky - I do have Viewpoint. I currently have the logs emailing to me when full.