03-28-2018, 12:10 PM
Tough one to deal with as DirtJumper has evolved so much over the years, AV programs can and do find them but only if the signature is in their database (and these botnet signatures change all the time).
Give a run with HerdProtect to see if their AV engines find anything then post back with results.
You said you've already done a fresh install of your OS but the bot could be lurking on an infected router, although most routers will have some kind of defense against this (as long as they're decent enough).
The biggest IPs I think you're dealing with from the list are:
Without getting a list of IPs from your ISP it would be difficult to compare.
You may find that Avast is causing some of the issues with its use of proxy services (not likely but may be worth thinking about). A lot of the other IP addresses are Scandinavia based, mainly Finland and Sweden (this could be the Avast proxy at work, not sure).
Give a run with HerdProtect to see if their AV engines find anything then post back with results.
You said you've already done a fresh install of your OS but the bot could be lurking on an infected router, although most routers will have some kind of defense against this (as long as they're decent enough).
The biggest IPs I think you're dealing with from the list are:
Quote:107.170.198.26 = Digital Ocean
200.113.223.138 = WiMAX DCHP
191.101.167.235 = James Prado
212.92.127.26 = Tolder LLC (extremely bad rep)
61.153.56.30 = ChinaNet Zhejiang Province Network (extremely bad rep)
5.188.11.43 = Cable Com Data Cabling Services Ltd (ebr)
195.154.49.161 = Online S.A.S.
159.65.121.88 = Digital Ocean
186.248.89.26 = Cemig Telecomunicacoes SA (bad rep)
109.248. 9.245 = NetArt Group s.r.o
46.105.160.56 = OVH SAS
185.143.223.239 = Information Technologies LLC
Without getting a list of IPs from your ISP it would be difficult to compare.
You may find that Avast is causing some of the issues with its use of proxy services (not likely but may be worth thinking about). A lot of the other IP addresses are Scandinavia based, mainly Finland and Sweden (this could be the Avast proxy at work, not sure).