Posts: 1,856
Threads: 46
Joined: Sep 2014
Reputation:
46
Your router's not infected but your network is. It runs through the file sharing service on port 445.
Restarting your machines may stop the double pulsar but payloads may have been downloaded so run many scans / re-image machines, whatever it takes.
When infecting a VBox system your host should always be Linux based, not Windows based. You should also make sure drag n drop is not enabled be it bidirectional or guest-to-host.
Posts: 1,398
Threads: 332
Joined: Dec 2015
Reputation:
25
I used dariks boot and nuke with the dod method on the machine that i had the virtual box on. yeah ill make sure to run a bunch of scans. If it comes down to it ill wipe the hard drives of all computers i have with 3 passes lol
Posts: 1,856
Threads: 46
Joined: Sep 2014
Reputation:
46
DBAN? Wow that's harsh, I'd make that a last resort if I were you, a re-image would've been better and easier in this case.
Double Pulsar resides in RAM and is removed upon reboot, the issue comes from a payload that's been downloaded from a C & C server.
Posts: 5,029
Threads: 207
Joined: Feb 2015
Reputation:
145
07-20-2017, 11:07 AM
(This post was last modified: 07-20-2017, 11:13 AM by Compton.)
smirk24 well you got to remove it and you make sure the NSA can't find anything on hard drive
Posts: 4,727
Threads: 311
Joined: Sep 2014
Reputation:
102
DBAN is way over kill and will shorten the life of the drive not to mention it will take days to finish a large drive.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support!
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>
</div></left>
Posts: 1,398
Threads: 332
Joined: Dec 2015
Reputation:
25
So would i have to go into the firewall and block port 445 after a few rootkit scans to get it out of there?