mr_mickey Posted April 27, 2017 ID:1120229 Share Posted April 27, 2017 we have been informed by our isp that our static ip was being blocked by the GOZI virus or a NAT was routing for a GOZI virus. our home office is where the static ip is. we have 23 vpn connections from our stores and other locations.theoretically this virus could be at one of those sites and passing traffic thru our office network. is there a tool that will help us locate which system this virus is on. we have malware bytes installed and updated on these systems. is there a bootable version that i could put on a usb drive and scan the system. we have windows 10 installed on most systems with local users. currently i am running wire shark trying to locate the virus activity. Any suggestions on how to locate this virus would be apreciated.because GOZI seems to be good at hiding. Link to post Share on other sites More sharing options...
David H. Lipman Posted April 27, 2017 ID:1120233 Share Posted April 27, 2017 Please realize that this free malware removal sub-forum service is provided for home users for home computers. Based upon your statement you "have 23 vpn connections from our stores and other locations" you have identified a corporate WAN interconnected environment. If you are a Malwarebytes' Business customer, you should use the Malwarebytes Anti-Malware for Business sub-forum. If you are not a Malwarebytes' Business customer, then I suggest you contract a professional to work with your company and your ISP. That professional can then determine what traffic the ISP is seeing that makes them believe malware is the cause of said traffic. The professional can source its origination via ISP provided logs that can be used to source the communications they are seeing. To use Wireshark would mean using it on a node with a promiscuous NIC and inserting it on an Ethernet hub ( not a Ethernet switch ) that congregates all traffic going from the LAN to the WAN and filtering packets based upon specified criteria noted by the ISP that they say they believe is malware related. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 4, 2017 Root Admin ID:1122138 Share Posted May 4, 2017 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts