Menu
Reply
  • 394
  • 22
  • 139
bromham
Fibre optic
319 Views
Message 111 of 164
Flag for a moderator

Re: Spamhaus ip blocked

Providing you ran Wireshark correctly yesterday, monitoring both the hot-spot and the Ethernet interfaces at the time the spambot was active, the evidence is that the spambot is on the PC. To be absolutely sure, you could run WS on it with the hot-spot switched off and the PC connected to the Internet. If you then see the spambot active, it must be on the PC. 

The status of the Kodi box is unknown. There's no evidence that it has a spambot and no evidence that it hasn't. 

  • 17.9K
  • 988
  • 7.52K
Very Insightful Person
Very Insightful Person
295 Views
Message 112 of 164
Flag for a moderator

Re: Spamhaus ip blocked

If the Kodi box was connected to the hub  via Ethernet at the time you saw the packets, then there is no way the packets seen on the W/S trace came from the Kodi box.

If you stop and think, you’ll realise why.

Tim

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

Highlighted
  • 683
  • 105
  • 348
Very Insightful Person
Very Insightful Person
285 Views
Message 113 of 164
Flag for a moderator

Re: Spamhaus ip blocked

@mfcphil So the Kodi box is connected via Ethernet to the VM Hub? It does sound like it from the wording of your previous postings. If it is then all bets are off - however from a brief glance (I’m afraid pressure of work has kept me a bit busy the past few days) at the WS trace, it is casting suspicion on the PC itself now.

Personally I’d be tempted to try netstat dumping the output every few seconds to a log file and try to capture the process id of the offending application (assuming that it exists) to aid in identifying and removing it. Although I have to agree with @bromham that the only way to be reasonably sure is the wipe the drive(s) completely and even then theoretically you can’t be completely sure.

  • 78
  • 0
  • 5
mfcphil
Up to speed
263 Views
Message 114 of 164
Flag for a moderator

Re: Spamhaus ip blocked

honestly peeps I am doubting none of you - and am going to speak to Dell tomorrow to see where I stand regarding getting windows 10 back on.
but IF it was the Kodi box and I went through all the chew of formatting and then plugged the kodi back in to find out it was that all along -argghhhh

still cant get my head around the fact a spambot that can cause all this **bleep**, no one has not yet found a way of getting rid of it

0 Kudos
  • 78
  • 0
  • 5
mfcphil
Up to speed
256 Views
Message 115 of 164
Flag for a moderator

Re: Spamhaus ip blocked

Ive ran

Malwarebytes
Kapersky
Avast
Sophos
eset online
F secure online
AVG

Everyone says - Your pc is clean no threats were found
0 Kudos
  • 394
  • 22
  • 139
bromham
Fibre optic
234 Views
Message 116 of 164
Flag for a moderator

Re: Spamhaus ip blocked

It's not really possible for any scanning software to be sure that a PC is clean; all they can do is report that they have found nothing, not that there is nothing there.  Even if they were to find something and remove it, there's no guarantee that there isn't still something there that they didn't find.

That's why I keep on repeating the advice (sorry for banging on) that you shoudn't rely on scanning software.  If you want to remove the spambot, the only reasonably-sure way is to wipe the disk and re-install the opeating system.  As jem101 points out, even that isn't guaranteed to work but you'd have to be very unlucky to have something that survives a wipe of the hard disk.

There is some ambiguity in your recent postings about how your devices are connected.  Can you please clarify this: when you ran the Wireshark test yesterday monitoring both interfaces on the PC, how was the PC connected to the VM hub and how were the Kodi box and PS4 connected - by Ethernet to the VM hub, via WiFi to the VM hub or via the PC hotspot?  Please be precise about each device.  We can't advise you properly when there's any doubt about how the devices are connected.

  • 17.9K
  • 988
  • 7.52K
Very Insightful Person
Very Insightful Person
223 Views
Message 117 of 164
Flag for a moderator

Re: Spamhaus ip blocked

@bromham @mfcphil 

This is why, rather than capturing both Ethernet and Hotspot interfaces together.  I wanted to do this in two stages.

  1. Capture on the PC Ethernet alone to eliminate this as the source definitively.
  2. Capture on the hotspot interface alone to test the other devices.

From what I’ve seen posted, there’s too much ambiguity otherwise.

On the Kodi box.

Assuming you had it connected to the hub via Ethernet, your PC could not have seen packets from the Kodi box.  This is because outbound packets would go directly from the Kodi to the Hub and return packets would go straight from the hub to the Kodi.

Tim

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

  • 9.97K
  • 1.1K
  • 4.76K
Very Insightful Person
Very Insightful Person
213 Views
Message 118 of 164
Flag for a moderator

Re: Spamhaus ip blocked

@ravenstar68

@jem101 

@bromham 

A side-track. I have been glued to this unfolding thread. I will see it through to the end. All I have done to help is approve images for publication. The three of you have been the real motive forces in working to getting this resolved. You have answered all my questions , both in the thread and privately. I just wanted to say thank you publicly.  This is real Community power at work.



As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped



  • 78
  • 0
  • 5
mfcphil
Up to speed
212 Views
Message 119 of 164
Flag for a moderator

Re: Spamhaus ip blocked

although the Kodi was connected router/pc/kodi via ethernet it was running using Network Wifi settings on the box so I could add it to the Hotspot

0 Kudos
  • 78
  • 0
  • 5
mfcphil
Up to speed
207 Views
Message 120 of 164
Flag for a moderator

Re: Spamhaus ip blocked

To try and clarify

Router - PC - Ethernet - All upstairs

Ethernet cable goes downstairs to a splitter - off the splitter ethernet cables go to

TV - KODI - PS4

Whilst running the Sharkwire I followed the instruction and set the device (kodi & phones) wifi's up to the pc Hotspot

0 Kudos