• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1219
  • Last Modified:

how to find the trojan or botnet

Hi Experts,

I have seen our IP address is listed at CBL and we cannot send emails with our domain.
Do you know a way how to repair this and find the trojan or bot net ?

 This was detected by a TCP/IP connection from on port 50429 going to IP address (the sinkhole) on port 80.

The botnet command and control domain for this connection was "uwet35fsd.in".
1 Solution
David AtkinTechnical DirectorCommented:
How  many PC's do you have?

Check your router/firewall to see if you can see what internal IP addresses are connecting to the external address.

Check to see what PC's are sending emails by looking at the firewall connections or by doing a netstat -a on the PC's (look for lots of port 25 connections)

Make sure your server is not an internal relay by using the mxtoolbox.com SMTP test.
Eprs_AdminSystem ArchitectAuthor Commented:
thanks a lot.
the tool is very helpful.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now