"Press any key.... Where is the any key?"
I found the message and it said.... "NOTE: This email contains important information about a security problem that your Internet connection is detected. Please read this email carefully.
We have found that one of the computers you are using potentially is infected with a rootkit virus, and that's a part of a botnet. A botnet is a network of infected computers, who can be controlled to perform all sorts of (illegal) orders by one single person. Further more personal data through a botnet can be stolen, such as passwords, surfing habits, address, etc.b In this case there is a torpig / mebroot infection found.
Torpig (which is usually found with Mebroot) is a botnet. It is nestled in the MBR (Master Boot Record), the piece on the hard disk that is loaded before your OS. It is possible that your virus scanner can not find anything, not even in safe mode. It is therefore important that you at least scan the two tools mentioned in this email. Torpig focuses to steal sensitive information, thinking of banking information, credit cards, paypal accounts, but also passwords you use for different services. Possibly one computer (s) remotely send instructions for the botnet infection.
Torpig (which is usually found with Mebroot) is a botnet. It is nestled in the MBR (Master Boot Record), the piece on the hard disk that is loaded before your OS. It is possible that your virus scanner can not find anything, not even in safe mode. It is therefore important that you at least scan the two tools mentioned in this email. Torpig focuses to steal sensitive information, thinking of banking information, credit cards, paypal accounts, but also passwords you use for different services. Possibly one computer (s) remotely send instructions for the botnet infection.
Telfort sent me some links to help out...
Mebroot is quite difficult to remove, there are some tools that can help:
http://www.malwarebytes.org/ (run the update after installation, and then a full scan. Check carefully what is found)
http://support.kaspersky.com/faq/?qid=208283363
Use both tools to ensure that nothing can be found on your MBR. Are you using Windows Vista or Windows 7, do not forget the tool to run as administrator / administrator, using right click on the file and choose Run as administrator.
Do you have a wireless network, make sure it is protected by WPA or WPA2. WEP is not sufficient, because within two minutes to crack. A secure wireless network prevents third parties may use your connection, so an infected computer can connect to your connection with these complaints. I have a WPA2 connection, so I'm good with that.
Should you opt for a system reinstallation, it is important that the MBR is rewritten. If you reinstall Windows using the CD you can delete all existing partitions, then a new one. Additional information about Mebroot / Torpig can be found on the following pages.
http://www.nucia.eu/forum/showthread.php?t=46403&highlight=mebroothttp://en.wikipedia.org/wiki/Torpighttp://www.symantec.com/security_response/writeup.jsp?docid=2008-010718-3448-99http://www.forum.pcbeveiligen.nl/phpbb3/viewtopic.php?f=7&t=331
It is important to you as soon as possible to send a response to this warning.If we receive no response, security and the problem persists, it may be that we will temporarily block your Internet connection until the problem is resolved. We would like to hear your response on whether the scans are actually things found.
Use both tools to ensure that nothing can be found on your MBR. Are you using Windows Vista or Windows 7, do not forget the tool to run as administrator / administrator, using right click on the file and choose Run as administrator.
Do you have a wireless network, make sure it is protected by WPA or WPA2. WEP is not sufficient, because within two minutes to crack. A secure wireless network prevents third parties may use your connection, so an infected computer can connect to your connection with these complaints. I have a WPA2 connection, so I'm good with that.
Should you opt for a system reinstallation, it is important that the MBR is rewritten. If you reinstall Windows using the CD you can delete all existing partitions, then a new one. Additional information about Mebroot / Torpig can be found on the following pages.
http://www.nucia.eu/forum/showthread.php?t=46403&highlight=mebroothttp://en.wikipedia.org/wiki/Torpighttp://www.symantec.com/security_response/writeup.jsp?docid=2008-010718-3448-99http://www.forum.pcbeveiligen.nl/phpbb3/viewtopic.php?f=7&t=331
It is important to you as soon as possible to send a response to this warning.If we receive no response, security and the problem persists, it may be that we will temporarily block your Internet connection until the problem is resolved. We would like to hear your response on whether the scans are actually things found.
With kind regards, Ramond Teunissen, Telfort abuseteam.
I responded with 3 email's telling them what I did, I downloaded the Malwarebyte scan and did a full scan, within a hour the scan was done. Nothing was found. Second I downloaded the Kaspersky scan tool, it was a system scan, this tool was done in 10 minutes and nothing was found. Still I was on the internet, sigh! Within two days Telfort responded on my 3 messages...
Dear Mr. Veldhuis,When both scanners have found nothing, then this will mean that this problem still exists. If this PC is not the only PC that is connected, please also perform the scans on other computers. If on other PCs not found (or when only one PC), please check the following:
Do you have a wireless network? Make then sure it is protected by WPA or WPA2. WEP is not sufficient. A secure wireless network prevents third parties may use your connection, so an infected computer can connect to your connection with these complaints.
I checked it!! And I told them twice I have a WPA2 connection!
There are some additional tools available which you can use to identify this problem:
http://www.eset.eu/download/emebremoverftp://ftp.f-secure.com/anti-virus/tools/fsbl.exehttp://www.gmer.net/ # fileshttp://www.microsoft.com/security/malwareremove/default.aspx
To check the MBR, you can use:
http://public.avast.com/ gmerek ~ / aswMBR.htmhttp://ad13.geekstogo.com/MBRCheck.exe
Both tools check your MBR and see if there is a rootkit at present. Are you using Windows Vista or Windows 7,do not forget the tool to run as administrator / administrator, using right click on the file and choose Run as administrator.
GMER is a root scanner, trying to determine if your computer is actually infected with a rootkit. MBR.exe, which originates from the same site can look for root kits that have hidden themselves in the MBR. Note that some malware does not allow you to visit the links above, or the downloaded software upgrade.
In this case, please keep us informed of the results of scans.
Should you opt for a system reinstallation, it is important that the MBR is rewritten. If you reinstall Windows using the CD you can delete all existing partitions, then a new one.
Sincerely / With Kind regards,
Raymond Teunissen
Telfort Abuse Team.
Kinda Akward to say that, "When both scanners have found nothing, then this will mean that this problem still exists." Right? Well I think I know that my new laptop is okay, but my second 'old' one could be a problem. So I did a full scan there to from Malwarebyte plus a Ksspersky system scan too, the Malwarebyte scan took almost 3 hours, damn! In those three hours I took a nap, did grocery, and shaved my hair, lol. I was kinda tired of those Telfort messages though, they keep sending mails. Internet works, leave me alone! I was told that Telfort does that, if they sence there´s something going on they block the person from the ingternet, sigh! It´s safety I know but still, if it works, leave it alone. Anyway the Malwarebyte was nearly done and nothing was found, but!
Avast found something, and yes it was the evil rootkit virus! Avast asked me if I want to get rid of the virus, uhm, duh, YES!? I had to restart the laptop and then it should have been gone, after restarting my second old laptop, avast did automaticly another scan, and that was it. So I know now that my second laptop has/had a virus. Ugh! UGH! Always something with computers, tomorrow I will check the old laptop again and use the other tools to what Telfort sent me, and after that I will inform them what I did, cause otherwise they will un-connect me from the internet. Can I say bastards? Hmm, I know it's to get my computer or provider save again, but still. Anyway on with the day...
Today was okay, I got up on a nice time, around 6:30 I think. Worked on the computer, fixing it. I went aswell to ING, to ask for some envelopes and for some information about 'adress changes,' ING neededto know that I have moved to another adress. Still my Doctor needs to know aswell that I have moved, but it's not that important yet, I will do that next week when I will ask for my blood results. I have now contact trough Hotmail with my new conselour aswell, a nice relief, I dislike phones, lol. By the way his name is Sohoya, I will get used to that name, lol.
I did my grocery and I planned to go out tomorrow, not sure yet though, but in the end I will go anyway, lol. There's a huge indoor flea market tomorrow and Sunday's, it's quiet a bike ride but anyway, I will see. I think it's a 30 minute ride with a bike, the town is called 'Hengelo.' I sure love flea markets, specially now, who knows what I will find there what I can use for the house, right? I should just go, yeah, I'm going tomorrow! Dinner was nice, potatoes (been a while) with red cabbage and a sausage, desert was vanille cream pudding. After dinner I went on my laptop, it still works the internet, (knock three times, lol) I keep my fingers crossed.
