Jump to content

How to detech and remove Andromeda Malware from Computer


Captain

Recommended Posts

Yesterday, I wasn't able to send a mail attachment and subsequently receive a failed mail delivery. When I checked for details this morning, i understand (from Listings - Reputation Checker - Spamhaus) my laptop is infected with an andromeda botnet, but nothing comes up when I scan with my ESET solution. What do I do?

Why was this IP listed? 

A device using {my IP address) is infected with malware associated with the avalanche/andromeda family.

{my IP address) initiated contact with andromeda command and control server, using contents unique to andromeda C&C command protocols.

Technical details of the andromeda detection

102.176.75.64 initiated a tcp connection from {my IP address) using source port 42172, to the sinkhole IP address {my IP address) on destination port 80.

The most recent detection was on: January 23 2023, 15:45:01 UTC.

Information about the andromeda botnet

The Andromeda/Avalanche botnet was associated with 80 different malware families: Andromeda, Win3/Dofoil, Gamarue, Smoke Loader, W32/Zurgop.BK!tr.dldr, and many others. The Avalanche network also provided the Command & Control communications for these other botnets: TeslaCrypt, Nymaim, Corebot, GetTiny, Matsnu, Rovnix, Urlzone, QakBot, etc. This botnet was taken down in 2016 but malware associated with it remains active. etc

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...