Here, Lisa Mitchell, the Semalt Customer Success Manager, has talked about how to eliminate zombies or spam after you received an email. She also discusses how to clean up the infected computer systems. Meanwhile, you should bear in mind that ZombieAlert can be configured or altered for sending you the same messages as shown by SophosLabs.
Identify the IP addresses of the Zombie computers
The first step is to identify the IP addresses of the zombie computers so that you can block them easily. Once you received the alert email, you should observe which network or IP address this email has come from. It is essential to block the IP address as soon as possible, and you will have to look at the firewalls, core switches and network appliances for possible threats. Later on, you can map the external address to the internal address of your system. If an internal system’s IP address is creating a mess for you, it is a must to block it, and you will have to review the network devices before performing this task.
Identify the computer
Once you have successfully identified the internal IP address, the next step is to use your resources to find the computer and its location. One of the easiest ways to locate the computer is to use the network switch logs. Almost all big organizations use different methods to identify where their computer systems are presented and how those systems are used for various tasks.
Clean the affected computers
Once you have identified both the IP address and the location of the computer, the next step is to clean the affected computer device. For this, you can install the Sophos Antivirus software and scan your device thoroughly. If you have successfully installed SAV and it’s an updated version, you should disconnect your computer from the internet and run the full scan. Allow it a few minutes before restarting and connecting to the internet.
It’s important to note that you should disconnect your computer from all the networks and leave it in this form until you have scanned the device. Clean up all the threats and complete the fourth and fifth steps before connecting to the internet.
Monitor the computers after cleanup
It is important to back up your files and removes unnecessary files for a proper cleanup. If your computer system is locked, you can monitor it carefully and change its settings. Any file that is causing the problem should be scanned or deleted immediately.
Check the system before connecting to the internet
If you have installed the Sophos antivirus program, it will check your device for possible threats of viruses and malware. The program should be updated on a regular basis so that you can enjoy all benefits. If SAV is not installed, you should download it from a reliable website and install it as soon as possible.
Check if the computer browser and other files are up to date and as per the standards of the Windows Security Patches. Alternatively, you can read the articles by the Microsoft Baseline Analyzer to have an idea of how to get rid of zombies in a computer.
Monitor for malicious activities
Once you have connected to the internet after proper scanning, you should keep monitoring the device for malicious activities. Check your network connections and all the files carefully. If you encounter any problems, you should contact the technical support team of Sophos and follow their instructions carefully.