L
Larry Sabo
My client's ISP (Rogers) had warned my client that, based on their
traffic scanners, his system has an IRCBOT/TORPIG infection. He uses
AntiVir Premium and it had found nothing prior to this warning from
Rogers. They warned that if it wasn't cleaned up within 48 hours, they
would suspecnd his internet access.
I scanned his system using an up-to-date Avira Rescue System CD. It
found no infections. We did an online scan with Kaspersky's online
scan, but his system froze near the end of the scan (as it has been
doing periodically). Up to that point, I think he said it had found no
infections. A retry, scanning just "Critical Areas," found no
infections. Per Rogers advice, he uninstalled AntiVir and installed
their Rogers-Yahoo Online Protection (similar to, but not, Norton
NIS). A scan by it revealed no infections. Today, they suspended his
internet access saying his system is still infected, and recommended a
flatten and re-install as the only way to be sure he isn't infected.
Before doing that, and because of the time and expense involved, I
thought I'd try once more to see if I could find the infection. I
scanned with MBAM and it found only 4 minor adware items and 2
Disabled Security items or words to that effect (which I assume are
because the Windows Firewall is disabled by the Rogers-Yahoo Online
Protection, which incorporates its own firewall). I just slaved his
drive to my system and ran a KAV 2009 scan on it and it found no
infections.
My advice to him is to switch to another ISP, as I think his system is
clean and Rogers is wrong. I can't find anything recent on
IRCBOT/TORPIG, and don't know where to look for signs of this
infection.
Any suggestions?
Larry
traffic scanners, his system has an IRCBOT/TORPIG infection. He uses
AntiVir Premium and it had found nothing prior to this warning from
Rogers. They warned that if it wasn't cleaned up within 48 hours, they
would suspecnd his internet access.
I scanned his system using an up-to-date Avira Rescue System CD. It
found no infections. We did an online scan with Kaspersky's online
scan, but his system froze near the end of the scan (as it has been
doing periodically). Up to that point, I think he said it had found no
infections. A retry, scanning just "Critical Areas," found no
infections. Per Rogers advice, he uninstalled AntiVir and installed
their Rogers-Yahoo Online Protection (similar to, but not, Norton
NIS). A scan by it revealed no infections. Today, they suspended his
internet access saying his system is still infected, and recommended a
flatten and re-install as the only way to be sure he isn't infected.
Before doing that, and because of the time and expense involved, I
thought I'd try once more to see if I could find the infection. I
scanned with MBAM and it found only 4 minor adware items and 2
Disabled Security items or words to that effect (which I assume are
because the Windows Firewall is disabled by the Rogers-Yahoo Online
Protection, which incorporates its own firewall). I just slaved his
drive to my system and ran a KAV 2009 scan on it and it found no
infections.
My advice to him is to switch to another ISP, as I think his system is
clean and Rogers is wrong. I can't find anything recent on
IRCBOT/TORPIG, and don't know where to look for signs of this
infection.
Any suggestions?
Larry