Jump to content

How to detech and remove Andromeda Malware from Computer


Recommended Posts

Yesterday, I wasn't able to send a mail attachment and subsequently receive a failed mail delivery. When I checked for details this morning, i understand (from Listings - Reputation Checker - Spamhaus) my laptop is infected with an andromeda botnet, but nothing comes up when I scan with my ESET solution. What do I do?

Why was this IP listed? 

A device using {my IP address) is infected with malware associated with the avalanche/andromeda family.

{my IP address) initiated contact with andromeda command and control server, using contents unique to andromeda C&C command protocols.

Technical details of the andromeda detection initiated a tcp connection from {my IP address) using source port 42172, to the sinkhole IP address {my IP address) on destination port 80.

The most recent detection was on: January 23 2023, 15:45:01 UTC.

Information about the andromeda botnet

The Andromeda/Avalanche botnet was associated with 80 different malware families: Andromeda, Win3/Dofoil, Gamarue, Smoke Loader, W32/Zurgop.BK!tr.dldr, and many others. The Avalanche network also provided the Command & Control communications for these other botnets: TeslaCrypt, Nymaim, Corebot, GetTiny, Matsnu, Rovnix, Urlzone, QakBot, etc. This botnet was taken down in 2016 but malware associated with it remains active. etc

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...