Solved

how to find the trojan or botnet

Posted on 2013-06-20
2
1,161 Views
Last Modified: 2013-06-20
Hi Experts,

I have seen our IP address is listed at CBL and we cannot send emails with our domain.
Do you know a way how to repair this and find the trojan or bot net ?

 This was detected by a TCP/IP connection from 85.125.249.50 on port 50429 going to IP address 82.165.37.26 (the sinkhole) on port 80.

The botnet command and control domain for this connection was "uwet35fsd.in".
0
Comment
Question by:Eprs_Admin
2 Comments
 
LVL 22

Accepted Solution

by:
David Atkin earned 500 total points
ID: 39261734
How  many PC's do you have?

Check your router/firewall to see if you can see what internal IP addresses are connecting to the external address.

Check to see what PC's are sending emails by looking at the firewall connections or by doing a netstat -a on the PC's (look for lots of port 25 connections)

Make sure your server is not an internal relay by using the mxtoolbox.com SMTP test.
0
 

Author Comment

by:Eprs_Admin
ID: 39262498
thanks a lot.
the tool is very helpful.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question