topic Virus infected PC on network - how to stop in Archive https://business.forums.bt.com/t5/Archive/Virus-infected-PC-on-network-how-to-stop/m-p/75522#M8736 <P>Today I checked the Event Log in the BT Hub Manager for my BT Business Hub 5 and found something rather odd.</P><P>&nbsp;</P><P>It seems that every few seconds a UDP connection was being opened and then immediately closed from our static IP at port 16660 that originates at my PC.</P><P>&nbsp;</P><P>The first thing I did was Google port 16660 and check what it might have been associated with. The first page that showed was&nbsp;<A target="_self" href="http://www.auditmypc.com/tcp-port-16660.asp">this</A>, looks like malware named '<SPAN>Stacheldraht'&nbsp;</SPAN>that perhaps makes me part of a botnet or something similar.</P><P>&nbsp;</P><P>I ran a malware scan using Malwarebytes, found something but was unrelated, followed by an AVG scan that found nothing.</P><P>&nbsp;</P><P>My PCs firewall is enabled, I don't know what would happen if I started deleting existing rules (not sure whether they'd respawn again so don't want to start throwing my hammer at it).</P><P>&nbsp;</P><P><A target="_self" href="http://pastebin.com/feh7hv3C">Here</A>&nbsp;is what the log shows in just 20 seconds. Any ideas how&nbsp;to get around this? If I'm part of a botnet and have a trojan/malware on my PC that's not being picked up by two of the top anti malware/anti virus protection programs, what chance have I got?</P> Sun, 28 Jun 2015 22:53:28 GMT jskidd3 2015-06-28T22:53:28Z Virus infected PC on network - how to stop https://business.forums.bt.com/t5/Archive/Virus-infected-PC-on-network-how-to-stop/m-p/75522#M8736 <P>Today I checked the Event Log in the BT Hub Manager for my BT Business Hub 5 and found something rather odd.</P><P>&nbsp;</P><P>It seems that every few seconds a UDP connection was being opened and then immediately closed from our static IP at port 16660 that originates at my PC.</P><P>&nbsp;</P><P>The first thing I did was Google port 16660 and check what it might have been associated with. The first page that showed was&nbsp;<A target="_self" href="http://www.auditmypc.com/tcp-port-16660.asp">this</A>, looks like malware named '<SPAN>Stacheldraht'&nbsp;</SPAN>that perhaps makes me part of a botnet or something similar.</P><P>&nbsp;</P><P>I ran a malware scan using Malwarebytes, found something but was unrelated, followed by an AVG scan that found nothing.</P><P>&nbsp;</P><P>My PCs firewall is enabled, I don't know what would happen if I started deleting existing rules (not sure whether they'd respawn again so don't want to start throwing my hammer at it).</P><P>&nbsp;</P><P><A target="_self" href="http://pastebin.com/feh7hv3C">Here</A>&nbsp;is what the log shows in just 20 seconds. Any ideas how&nbsp;to get around this? If I'm part of a botnet and have a trojan/malware on my PC that's not being picked up by two of the top anti malware/anti virus protection programs, what chance have I got?</P> Sun, 28 Jun 2015 22:53:28 GMT https://business.forums.bt.com/t5/Archive/Virus-infected-PC-on-network-how-to-stop/m-p/75522#M8736 jskidd3 2015-06-28T22:53:28Z