finding an infected computer on the wrong subnet
Webroot is reporting a heavily infected computer with an internal IP of 192.168.0.50 (the external IP routes to China) and an unrecognizable hostname. This network is running on a 192.168.106.0/24 subnet, so I'm suspecting a trojan creating a separate instance on its own subnet. Agent commands to clean up this computer seem to have no effect. Can anyone offer some suggestions on how to physically locate this infected computer?
+56That's a strange one - let me ping some support folks and see what they recommend.
+56They said to go ahead and open a ticket - they'll need to get logs to help you track this down.
+56Sure thing - let us know how it turns out.
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.