Win 7 Home Premium, 6.1.7601 SP1 Build 7601, x64, Arris Surfboard SB6190 cable modem, Linksys EA8300 router, Norton Antivirus
I discovered the intrusion when double checking my Norton Antivirus Signature Exclusions and to my horror I found Backdoor.graybird was excluded from all detections, which I immediately removed.
Further examination of the system has revealed the following:
Any suggestions here please? I think I would have felt better if I had found something to remove.
David
I discovered the intrusion when double checking my Norton Antivirus Signature Exclusions and to my horror I found Backdoor.graybird was excluded from all detections, which I immediately removed.
Further examination of the system has revealed the following:
- I found 1 UDP and 1 TCP entry in the Firewall Inbound Rules for setadf4.tmp which were set to allow the connection which I immediately blocked. This was a red flag since hackers use tmp files to install key loggers. I have rigorously reviewed all startup items in msconfig, all processes and services and nothing unusual jumps out at me except for 2 conhost.exe processes that Process Explorer ties back to System, csrss.exe and svchost.ext processes.
- I do not see any remote access programs running like GoToMyPC, UltraVNC, Logmein, VNC, RealVNC, TightVNC or TeamViewer.
- I ran a netstat -ano and investigated all the ESTABLISHED items and the pids were all accounted for.
- I ran Berkley's ICSI Netalyzer and it found one DNS resolution anomaly on mail.live.com, 204.79.197.212, which resolved to Reverse Name/SOA of a-0010-a-msedge.net. Don't know whether that's a problem or not.
- I ran a full system Norton Antivirus scan and nothing was found.
- I ran Norton Power Eraser and nothing was found.
Any suggestions here please? I think I would have felt better if I had found something to remove.
David
My Computer
At a glance
Windows 7 Home Premium 64bitAMD 835016gbNVIDIA GeForce 560Ti
- Computer type
- PC/Desktop
- Computer Manufacturer/Model Number
- Asus custom build
- OS
- Windows 7 Home Premium 64bit
- CPU
- AMD 8350
- Motherboard
- Asus Sabertooth 990FX/Gen3 R2.0
- Memory
- 16gb
- Graphics Card(s)
- NVIDIA GeForce 560Ti
- Hard Drives
- 120gb ssd system
2 x 2TB, 2 x 3TB, 1 x 120gb ssd, 1 x TB
- Antivirus
- Norton AV
- Browser
- Firefox
Link fixed, thank you!