Author

Topic: How do you know if you have a botnet on your system? (Read 3034 times)

full member
Activity: 180
Merit: 100
Thanks guys.  I ended up doing a reformat to be safe.  There was definitely something fishy going on.  The video card thing stopped after I closed a few ports that I had opened for previous solo mining sessions.  The few days prior to that I had installed 15 wallets for different coins, so maybe that is a possibility.  But I think what might have happened is I clicked a link in a forum that was posted by a guy who openly admitted to being a botnet runner.  The page that it took me too immediately aroused my suspicions.  He was the admin of the site so I mistakenly trusted his link.  The deal sealer was when today I noticed the first two cores on my processor were running full throttle and labels as "system".  Even after reboots and such.

All is good now and I will use VMs from now on to be very safe.  I also have 2 full 3rd party package AV/Firewalls installed and 4 of the best full time running anti-malware/spyware progs running.  As well as peerblocker  Cheesy  Maybe it would worth finding a hosts file as well that is filled with all the latest "junk".

Hey btw niko what is that box you posted?  What does it do and where can I get one?  Is that similar to a PFsense box?  I haven't read much on the PFsense yet, but maybe it's something I should figure out, or that box that you posted.  Cheesy  I do have DD-WRT though that I previously flashed a while back to increase maximum simultaneous connections, maybe I should learn how to beef up some of the firewall settings.
hero member
Activity: 518
Merit: 500
Technically, that depends on what if anything has infected your machine. I'm just saying its a good first step to run some free monitoring software before investing in hardware.

Another thing to try is taking your machine offline completely, reboot it, make sure its still offline, and see if the card goes crazy again. If it is calm, then try connecting to the Net and if it goes crazy, you definitely have some kind of graphic card bot sucking the blood out of your card.

There was that FPS free shooting game (counter-strike or another one?) that some pratty programmer put secret mining code in a couple of weeks back. Could be that, or a dozen other things .........
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
Did you leave your door open during the nap?  Grin

Seriously, start by identifying what you have downloaded in last 24-48 hrs. Also, some network activity software will tell you if stuff is being uploaded / downloaded from your system. Pay careful attention to network activity. They can't make use of your machine unless they send stuff to / from it
Technically, you cannot trust the potentially infected machine to monitor and report the network traffic. You need is of these:
hero member
Activity: 826
Merit: 1001
If you're on windows, did you check the task manager for any funky looking process names ?
And on Linux, do ps -ef|more and do the same check.

Just google all names you don't recognise. You might find the 'bot' program.
hero member
Activity: 518
Merit: 500
Did you leave your door open during the nap?  Grin

Seriously, start by identifying what you have downloaded in last 24-48 hrs. Also, some network activity software will tell you if stuff is being uploaded / downloaded from your system. Pay careful attention to network activity. They can't make use of your machine unless they send stuff to / from it
full member
Activity: 180
Merit: 100
Yeah I do but I'm assuming some of these guys are smart enough to get around that.
full member
Activity: 224
Merit: 100
Professional anarchist
A good indicator of your system being part of a botnet is if you go for a two hour nap and come back to find your GPU maxed out for no reason.

Seriously though, you have AV software?
full member
Activity: 180
Merit: 100
I took a 2 hour nap to come back and find that the first GPU on my system is running full throttle, memory maxed out and everything & I have no mining or intensive programs open that would do this.
Jump to: