Will anti-virus & anti-spyware remove a zombie?

I have been getting threats from a guy I tryed to help at my church. He started passing hot checks and was asked to leave the halfway house he was at. So he blames his thieving ways on me and our church. This is an e-mail I just got from him.

i heard from the grape vine that that you all have been botted..... rumour has it you and church have been compromised. I didnt do it, but the pakistani Zombie prob did...hmmm oh well ya all can serve his botnet

Click to expand...

I don't believe him. I am sure he is behind it. He has been in prison 3 times for hacking in the past. I have not checked the churches computer systems yet but I will tomorrow.

I just ran Norton & comcast anti-spyware and no threats popped up. Is that good enough to detect a zombie infection? Or is there a better program? Thanks fellas.

These are good defenses:
http://www.ehow.com/how_4491744_defend-home-against-zombie-invasion.html

But since you are already infected I recommend guns. Lots of them. Unless you can cut it off at the root.


Edit: hmm, it would seem I googled the wrong kind of zombie...

If you are infected an antivirus will do you no good. The antivirus would have stopped the infection in the first place if it was able to detect it... Most bots/rootkits/etc. are designed specifically to break your antivirus so they can stay installed. I would suggest scanning your computer anyway. If you find any particularly suspicious files upload them to something like http://www.virustotal.com/

If you know enough about networking or are comfortable/patient enough with Wikipedia you can use Wireshark to watch the traffic on your network for anything that might be "calling home" for bot instructions. The basic idea is look up every single protocol going out and see if its something you expect or not. This is also good to do just in general to track down and turn off windows services you aren't even using. Make sure you run wireshark on a different computer than the suspected infected one though, otherwise it may hide the traffic from you.

Thanks for the links I have sent 3 captures and they have all been scanned and show nothing.

netstat -abvn can also be called from the command line.

Method:
1. Reboot
2. Login
3. Do nothing but let machine sit
4. run netstat -abvn from command line
5. review connections, and further inspect addresses to see where any background network connections are going

You could also do "netstat -abvn > c:\nets.txt" which will save the output of the command as a text file, which you could upload here for us to look at.

If you do this, keep in mind it's important that you don't do anything with the machine between rebooting and running netstat -a. The more you do with it, the more noise there will be - you want a clear picture of what network connections exist on the machine when you aren't telling it to do anything.

Thanks brother mog! I will be doing this exact thing later in the afternoon. For now I have to leave. I will update today.

Welp, I could not get the command to run right and I got infected by sometype of virus that was masquerading as a e-mail from my best friend. I clicked it and up pops a on-line pharmacy from bumm-screw egypt and my OS got hosed. I formatted and re-installed Win7

reformat and get a new e-mail addy and do the same for the church