Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How do I know my PC is not part of a botnet?


13 Feb 2014   #1

Windows 7 Ultimate x64
 
 
How do I know my PC is not part of a botnet?

Any way to tell?

If I have an infected computer on my local lan, will it infect other computers on the local lan?

I just recently cleared off some type of awful malware on an older slow computer and was easy to tell it had issues.
But how about a fast quad core PC, it always seems to work just fine.

My System SpecsSystem Spec
.

13 Feb 2014   #2

W7 Pro SP1 64bit
 
 

One computer might infect other computers - it depends on lots of variables.

You cannot know if a computer is free from infections. You can only know that no infections were detected during various scans. We know that some infections go undetected for years (even 10 years). We don't know how many infections are in the wild - but are not yet detected.

A well written root kit can hide itself from scanners and it can hide its network traffic from monitoring tools. Monitoring network traffic using a computer that is running a unix/linux flavor is one way to detect bot-like traffic. Using a service like OpenDNS is another way to detect bot-like network traffic - except, OpenDNS can only detect certain types of botnet activity.
My System SpecsSystem Spec
13 Feb 2014   #3

Windows 7 Home Premium 32 bit
 
 

The difficulty in dealing with malware is the sheer variety and the incredible lengths it will go to to hide it's presence. There are many ways to do this and more are being developed all the time. There are no rules that govern how malware should act and what it can do is limited primarily by the abilities and imagination of the authors. Some types of malware have a form of automatic update which can update itself when the author releases a new version. And of course the authors never publish descriptions of what their creations are designed to do.

Some types of malware have immediate harmful effects when they are introduced to a system. Many others prefer to keep a low profile, at least for a time. Things like a botnet will want to keep hidden and do their work undetected for months or years to come. Harming the host would arouse the suspicions of the user who might take steps to have the malware removed. The lifetime of such malware on a specific host could be quite short.

I believe that many of the apparent results from malware infections were not intended by the author. In many cases the results are due to interactions with other malware and to bugs in the code itself. It is not like the users (victims) of malware can report back to the author about any problems they are having.
My System SpecsSystem Spec
.


13 Feb 2014   #4

W7 Pro SP1 64bit
 
 

Here is an example of an infection that seems to have been around since 2007 and yet it went undetected by various types of scans.

Kaspersky Lab Uncovers ?The Mask?: One of the Most Advanced Global Cyber-espionage Operations to Date Due to the Complexity of the Toolset Used by the Attackers

:-(
My System SpecsSystem Spec
13 Feb 2014   #5

Windows 7 Home Premium 64-bit
 
 

Stay on the lookout for an Internet connection that seems inexplicably slow when you are online as it may be that a botnet infection is using your connection to send or receive data.
If this happens, stop surfing, close your email software (e.g. Outlook) and try and open Task Manager by pressing the CTRL, ALT and Delete keys at the same time then selecting Task Manager.
When Task manager opens click on the Network tab and see if your PC is using the internet network connection, if it shows more than a few percent usage then this could be further evidence of something using your internet connection without your knowledge.

My System SpecsSystem Spec
13 Feb 2014   #6

W7 Pro SP1 64bit
 
 

That is a good place to start.

Process Explorer would probably be a better tool than Task Manager:
Process Explorer 16

You can turn on the columns that show network activity and the VirusTotal column.

Resource Monitor is also better than Task Manager for looking into network connections.

That said, there are infections that cannot be found via any of the tools mentioned. They can hide their network traffic.
My System SpecsSystem Spec
13 Feb 2014   #7

Windows 7 Professional 32-bit/Windows 8 64-bit/Win7 Pro64-bit
 
 

Quote   Quote: Originally Posted by johnsmith45jock View Post
Stay on the lookout for an Internet connection that seems inexplicably slow when you are online as it may be that a botnet infection is using your connection to send or receive data.
If this happens, stop surfing, close your email software (e.g. Outlook) and try and open Task Manager by pressing the CTRL, ALT and Delete keys at the same time then selecting Task Manager.
When Task manager opens click on the Network tab and see if your PC is using the internet network connection, if it shows more than a few percent usage then this could be further evidence of something using your internet connection without your knowledge.

Good tip. But i never use more than 1% usage. Should i be worried?
My System SpecsSystem Spec
14 Feb 2014   #8

Windows 7 Home Premium 32 bit
 
 

A high level of unexplained Internet activity could mean a malware infection. But the lack of such activity is by no means an indication your system is clean. In years past malware was much simpler and could often be detected by simple means. Those days are gone. Smart malware (and these days most of it is) will use the Internet only for short periods and often mixed in with other activity. A high priority for malware is to never do anything that might arouse suspicion in the user of it's presence.

The bottom line is that there is no simple way to determine that your computer is or is not a member of a botnet. Not anymore. It requires the use of sophisticated tools and the advanced knowledge to use them. And even then there is no guarantee. That is the reality with modern malware.
My System SpecsSystem Spec
14 Feb 2014   #9

Windows 7 Ultimate x64
 
 

Malware has gotten more diabolically sophisticated.
I just cleaned off malware with the help of a very knowledgeable fellow here.
I was thinking I would have to wipe it and re-install it all.

The bad thing is I was running avast and that did not stop the malware.
So it is like you never know when it will come back. And does not seem to be much that runs real time to stop it?

I had downloaded some codec packs when trying to get WMC to play mkv and flash files. Maybe that is where it came from. But just a guess, I have no idea. That was a 2 months ago and the malware effects hit me this week.
Some people think their PC is slowed down cause it is not powerful enough for today, then get a newer one when they likely have malware infection instead.
My System SpecsSystem Spec
14 Feb 2014   #10

W7 Pro SP1 64bit
 
 

My System SpecsSystem Spec
Reply

 How do I know my PC is not part of a botnet?




Thread Tools



Similar help and support threads for2: How do I know my PC is not part of a botnet?
Thread Forum
System Part and Boot Part Diff Drives. Want to Align SYS and BOOT Installation & Setup
ISP says I have botnet System Security
Top 10 signs your computer may be part of a Botnet System Security
The botnet ecosystem. Security News
Botnet Removal System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:07 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33