D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT: - cleaning w2k box

 

tom wrote:
>   
> its perfora.net (74.208.84.230)
> I've just noticed (having restarted w2k to get this info) that it is
> pinging before the user screen is up and its properly on the network so
> it may be a dodgy driver for the wireless card....

perfora.net is just a PTR record. Looks most likely that perfora.net had
this address, but 1and1 removed them and didn't update the reverse lookup.

Domain crawler has 341 domains listed on the IP address - so not much
help other than likely shared hosting at 1and1.

MyWot thinks perfora.net were associated with malware distributors,
including Koobface.

If it were me, I'd identify which piece of software is making the
requests and report it via virustotal, and then reinstall from trusted
media.

Koobface sticks itself in the usual locations (RunOnce etc) in registry,
so not too hard to find with regedit and a little common sense.

If I were advising someone else, I'd say reinstall from trusted media.

Probably the command and control is long dead, on the other hand you
don't know what else got installed.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html