Yesterday, I wasn't able to send a mail attachment and subsequently receive a failed mail delivery. When I checked for details this morning, i understand (from Listings - Reputation Checker - Spamhaus) my laptop is infected with an andromeda botnet, but nothing comes up when I scan with my ESET solution. What do I do?
Why was this IP listed?
A device using{my IP address)is infected with malware associated with the avalanche/andromeda family.
{my IP address)initiated contact withandromedacommand and control server, using contents unique toandromedaC&C command protocols.
Technical details of the andromeda detection
102.176.75.64initiated atcpconnection from{my IP address)using source port42172, to the sinkhole IP address{my IP address)on destination port80.
The most recent detection was on:January 23 2023, 15:45:01 UTC.
Information about the andromeda botnet
The Andromeda/Avalanche botnet was associated with 80 different malware families: Andromeda, Win3/Dofoil, Gamarue, Smoke Loader, W32/Zurgop.BK!tr.dldr, and many others. The Avalanche network also provided the Command & Control communications for these other botnets: TeslaCrypt, Nymaim, Corebot, GetTiny, Matsnu, Rovnix, Urlzone, QakBot, etc. This botnet was taken down in 2016 butmalware associated with it remains active. etc
How to detech and remove Andromeda Malware from Computer
in Malware Finding and Cleaning
Posted
Yesterday, I wasn't able to send a mail attachment and subsequently receive a failed mail delivery. When I checked for details this morning, i understand (from Listings - Reputation Checker - Spamhaus) my laptop is infected with an andromeda botnet, but nothing comes up when I scan with my ESET solution. What do I do?
Why was this IP listed?
A device using {my IP address) is infected with malware associated with the avalanche/andromeda family.
{my IP address) initiated contact with andromeda command and control server, using contents unique to andromeda C&C command protocols.
Technical details of the andromeda detection
102.176.75.64 initiated a tcp connection from {my IP address) using source port 42172, to the sinkhole IP address {my IP address) on destination port 80.
The most recent detection was on: January 23 2023, 15:45:01 UTC.
Information about the andromeda botnet
The Andromeda/Avalanche botnet was associated with 80 different malware families: Andromeda, Win3/Dofoil, Gamarue, Smoke Loader, W32/Zurgop.BK!tr.dldr, and many others. The Avalanche network also provided the Command & Control communications for these other botnets: TeslaCrypt, Nymaim, Corebot, GetTiny, Matsnu, Rovnix, Urlzone, QakBot, etc. This botnet was taken down in 2016 but malware associated with it remains active. etc