Jump to content

finding gozi virus on large network


Recommended Posts

we have been informed by our isp that our static ip was being blocked by the GOZI virus or a NAT was routing for a GOZI virus. our home office is where the static ip is. we have 23 vpn connections from our stores and other locations.theoretically this virus could be at one of those sites and passing traffic thru our office network.  is there a tool that will help us locate which system this virus is on. we have malware bytes installed and updated on these systems. is there a bootable version that i could put on a usb drive and scan the system. we have windows 10 installed on most systems with local users.

currently i am running wire shark trying to locate the virus activity.

Any suggestions on how to locate this virus would be apreciated.because GOZI seems to be good at hiding.

 

Link to post
Share on other sites

Please realize that this free malware removal sub-forum service is provided for home users for home computers.  Based upon your statement you "have 23 vpn connections from our stores and other locations" you have identified a corporate WAN interconnected environment.

If you are a Malwarebytes' Business customer, you should use the Malwarebytes Anti-Malware for Business  sub-forum.

If you are not a Malwarebytes' Business customer, then I suggest you contract a professional to work with your company and your ISP.  That professional can then determine what traffic the ISP is seeing that makes them believe malware is the cause of said traffic. The professional can source its origination via ISP provided logs that can be used to source the communications they are seeing.

To use Wireshark would mean using it on a node with a promiscuous NIC and inserting it on an Ethernet hub ( not a Ethernet switch ) that congregates all traffic going from the LAN to the WAN and filtering packets based upon specified criteria noted by the ISP that they say they believe is malware related.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.