0

My computer might have a virus infection. I have used Norton Internet Security and Power Eraser to scan the computer but it still did not work.

The traffic on my PC looks like this enter image description here

I used resource manager to check the program that is causing this and here it shows me thisenter image description here

TCPSVC.exe is a legit service by Microsoft.

There are more of it and each displaying different IP address.

I have captured the the packets with Wiresharks for 3 seconds there were many outgoing traffic. I suspect that my computer is part of a DDOS Botnet.

Link to Wireshark capture

I need advice from the wise ones.

Matty2
  • 1
  • 1
  • The packet capture shows a lot of UDP traffic with repeating character sequences. Yes, it appears you have a virus. I'm not sure what you are hoping we can do but to advise all the normal anti-virus remediation steps: use a anti-virus live CD, or simply format your computer and reinstall. We are not a anti-virus forum and we do not do technical support. – schroeder Apr 05 '15 at 16:24

1 Answers1

-1

I'm not a malware expert, but I know that blackhats tends to use a small spoofing technique by calling their malware a name that is used by the system, in order to not raise the user's attention. Also, all anti-viruses can be bypassed by performing different encoding methods that makes the malware undetectable. But of course, Anti-viruses companies are doing their best to protect users.

The IP that your device connected to is not connected to Microsoft. So try to make a WhoIs against the IP and contact the authorize if possible.

Also, since all package going from your device are the same and in useless pattern (such as abcdefg), I guess your device is used as a zombie for DDoS.

CobyT
  • 97
  • 1
  • 2
  • 6
  • TCPSVCS.exe need not be infected or spoofed. If you are making a direct network call, you'd use that process, so that fact that it is not connecting to Microsoft isn't unusual. – schroeder Apr 06 '15 at 19:06