~~very sorry for the long post...
My internet provider has notified me that I have a major security threat on a computer on my network. Unfortunately I am unable to figure out which one it is let alone how to fix my problem.
History of problem:
A couple weeks ago I had the same notification from my provider. It was at that time that I also noticed that there was extra trafic on my network. I immediately took apart my network and worked on my (two) computers seperately. I ran scans with my search and destroy then added a trial of zone alarm and ran all their scans. I also set up a WEP (wasn’t sure if my system could make a WPA) and added MAC filtering. Put my network back together and it seemed that I had passed the next scans from my provider.
Unfortunately two days ago without warning this time my service provider suspended my internet service due to a security threat again. Thankfully this time when I called them I was able to talk to the security fellow and got more information regarding the problem. He informed me that I had Torpig on my system (or one of them on my network). The suggestion he gave me was to either reformat my computer or remove the torpig - he said I could google how to do this but also told me that the first link he googled was a virus in itself?! He said he doesn’t want to set me up for another suspension (cause it will be for a week) but he can turn my internet back on and I can start the google process to figure out how to remove the torpig. Also that they were doing extra scans on their network so I have best be fast mentioning five no more than 15 minutes. I’m afraid there is no way I could figure out how to resolve the issue that fast for I just don’t have the knowledge to do such a task. He also said programs like nortan can’t even detect it.
Here’s what I’ve done.
Before he turned the internet back on I took apart my network and unplugged both computers in order to not have them scanned again. Then I got out my old laptop which has not been on the internet let alone used for quite some time now knowing that this would be a ‘safe’ computer to use at home. From work I googled a few options to help me as well came back to the forum here to read what I could about cleaning my computer. I’ll be honest that I am getting a tad overwhelmed as what I need to do.
I loaded ATF-Cleaner, Malwarebytes and Hijackthis. Now all I could do was put them on my flash drive to take over to my computer - remember I don’t want to risk putting a computer online for fear of getting scanned and suspended since I have not fixed my problem. So this is a problem because I can’t update the programs once I load them on my computer.
I ran AFT-Cleaner and Malwarebytes but I really feel like I need some guidance with all of this. Unfortunately I do now understand the outcomes of logs and such.
I’m wondering if there is a way that I can find the torpig files on my computer seeing as I don’t even know if it’s on mine or the other one. If I can see it then I can be certain that I really delete it or not.
I’m so tempted to ask if there is any way I can reformat my computer using the lunix os seeing as I don’t have the disc for XP (my mom gave me the computer and the while received many discs I was not given the full windows xp cd just the xp repair disc and the security fellow told me that may not help with the problem. Also If I reformat now if I was able to somehow do that with lunix that does not help me with my learning as to how to deal with these problems. While a little overwhelmed I’d rather choose the learning process and try out Lunix later.
I would be most grateful if someone could help guide me through this process.
Thank you Kindly,