Solved Network infection/Botnet?

RoboMan

Level 23
Content Creator
AV-Tester
Verified
Joined
Jun 24, 2016
Messages
1,250
OS
Windows 10
Antivirus
Default-Deny
#1
This is really weird and I'm failing to find it an explanation. Possible I'm paranoid and it's a series of coincidences, but with the possibility of infection I'd like to come to somebody that clearly knows better than me.

Useful facts:
  • I do have a VPN and I didn't have it active when this occured
  • Windows and software updates up to date.
  • Connected to a work network with shared devices OFF (PC not visible for others)
As for the Twitter and Facebook mentioned issue (below, on symptoms) I checked the accesses to my account after the blocking, but found nothing worth worrying, only my accesses.
 
Operating System
Windows 10
Are you using a 32-bit or 64-bit operating system?
64-bit (x64)
Infection date and initial symptoms
About a week ago
Current issues and symptoms
-Several messages of unusual traffic when visiting Google and other sites, related to my IP
-Facebook and Twitter blocking my accounts due to suspicious behaviour
-When launched Opera today, found four new bookmarks I never added although they're not malicious (Amazon, booking.com, dafiti, pontofrio)
Steps taken in order to remove the infection
-Manual scans of memory, boot, disks and appdata with MalwareBytes, Kaspersky Virus Removal Tool, Zemana Anti-Malware, and ESET Online Scanner
-Checked scheduled tasks and autoruns with SysInternals Autoruns
-Checked active processes with Process Explorer
-Enabled VirusTotal check on both programs above for all processes
-Checked my IP and DNS (Norton Connect Safe)
Logs added to Help Request
FRST.txt, Addition.txt

Attachments

RoboMan

Level 23
Content Creator
AV-Tester
Verified
Joined
Jun 24, 2016
Messages
1,250
OS
Windows 10
Antivirus
Default-Deny
#3
Hello,

I do not see signs of infection in your logs.
To be expected. Thanks for the assistance though.

For those interested in this case, I have already figured it out on my own. There has been a network attack or IP leak on the office. We all share the same IP and I found it was compromised (used for spam emailing), therefore why Google detected unusual traffic on our IP and social networks were blocking our accounts.

Solution: rebooted and resetted routers, flushed DNS and ask ISP for an IP change. We need more restrictive policies regarding our employees lel.

See you soon!