finding an infected computer on the wrong subnet
Webroot is reporting a heavily infected computer with an internal IP of 192.168.0.50 (the external IP routes to China) and an unrecognizable hostname. This network is running on a 192.168.106.0/24 subnet, so I'm suspecting a trojan creating a separate instance on its own subnet. Agent commands to clean up this computer seem to have no effect. Can anyone offer some suggestions on how to physically locate this infected computer?
They said to go ahead and open a ticket - they'll need to get logs to help you track this down.
great - thank you.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.