Yesterday, I wasn't able to send a mail attachment and subsequently receive a failed mail delivery. When I checked for details this morning, i understand (from Listings - Reputation Checker - Spamhaus) my laptop is infected with an andromeda botnet, but nothing comes up when I scan with my ESET solution. What do I do?
Why was this IP listed?
A device using {my IP address) is infected with malware associated with the avalanche/andromeda family.
{my IP address) initiated contact with andromeda command and control server, using contents unique to andromeda C&C command protocols.
Technical details of the andromeda detection
102.176.75.64 initiated a tcp connection from {my IP address) using source port 42172, to the sinkhole IP address {my IP address) on destination port 80.
The most recent detection was on: January 23 2023, 15:45:01 UTC.
Information about the andromeda botnet
The Andromeda/Avalanche botnet was associated with 80 different malware families: Andromeda, Win3/Dofoil, Gamarue, Smoke Loader, W32/Zurgop.BK!tr.dldr, and many others. The Avalanche network also provided the Command & Control communications for these other botnets: TeslaCrypt, Nymaim, Corebot, GetTiny, Matsnu, Rovnix, Urlzone, QakBot, etc. This botnet was taken down in 2016 but malware associated with it remains active. etc
