Results 1 to 8 of 8
  1. #1
    Master Untangler
    Join Date
    Jun 2015
    Posts
    162

    Default Trojan.Win32.Makanpu.A

    Recently started receiving abuse alerts from my ISP based on this virus. Have scanned all workstations behind firewall with Malwarebytes and Antivirus and no issues identified. NGFW 14.2 not reporting this issue.

    Canít find any info on the web about this exploit or how to block it.

    Has anyone else ever heard of this?


    Sent from my iPhone using Tapatalk

  2. #2
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,312

    Default

    Call your ISP and ask for more details about ports and destination IP addresses of traffic generated by this virus.
    Then you can use untangle to identify what computer (or device) is the culprit.
    miles267 likes this.
    The world is divided into 10 kinds of people, who know binary and those not

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,355

    Default

    Google isn't bringing up any details about that specific malware either.... so I'm confused.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Master Untangler
    Join Date
    Jun 2015
    Posts
    162

    Default

    Strange. ISP provided me with the destination IPs of the incidents that werenít previously included in the emails themselves.

    Multiple attempts appear to be coming from Amazon devices on my IoT VLAN behind NGFW to what ISP stated are compromised domains. Theyíve provided the IPs.

    What is the best method of stopping access to a list of domains (they gave me 3 numeric IPs instead) for my entire network and not just my IoT VLAN?


    Sent from my iPhone using Tapatalk

  5. #5
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,312

    Default

    firewall app, but you need to discover what device, and why.
    If the trojan have win32 in the name , I suspect of a windows device
    The world is divided into 10 kinds of people, who know binary and those not

  6. #6
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,312

    Default

    behind NGFW? at this point a nice picture of your network and all devices with their ip address in them can help us to help you.....
    The world is divided into 10 kinds of people, who know binary and those not

  7. #7
    Untangle Ninja
    Join Date
    Jan 2009
    Posts
    1,117

    Default

    Cox blocked the biz connection at one of my clients for an hour and a half because of lookups that I set up to a single ddns ip from one of the local monitoring nodes behind the modem.

    As a singular example it doesn't mean much, but from what I've observed over the years... the people at your isp are probably pulling your chain for their own biz purposes.

    The important thing to remember is that their categorization tech, is probably about a accurate as the two that Untangle is using.

  8. #8
    Master Untangler
    Join Date
    Jun 2015
    Posts
    162

    Default Trojan.Win32.Makanpu.A

    Interesting that when I access the IP from my mobile via LTE itís a cloudflare address.

    And Iím using Cloudflare for DNS so why would this be considered a Trojan to ISP?


    Sent from my iPhone using Tapatalk
    Last edited by miles267; 07-10-2019 at 06:09 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2