Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bot Traffic Detected


  • Please log in to reply
6 replies to this topic

#1 nitro169

nitro169

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 30 October 2013 - 04:15 PM

Help me if you can,
 
After receiving the email attached below I ran full scans with MS Security Essentials as well as Malwarebytes anti malware without finding anything, yet according to the email I have a zeroaccess infection.
 
Is this a false positive identified by AT&T or do I have something hidden on my PC?
 
(EMAIL I RECEIVED)
***********************************************************
For the fastest response, please ensure that you retain the
subject line, and direct all replies to this warning letter
to [email protected]
***********************************************************

IMPORTANT COMPUTER SAFETY NOTICE from AT&T Internet Services
Security Center - "Bot Traffic Detected"

******* *****,

AT&T has received information which indicates that a device accessing
the Internet via your Internet connection is infected with malicious
software. Our investigation shows the following IP was assigned to you
at the indicated time and was being used to provide DNS services to a
zombie computer network, also known as a Botnet.

At Fri, 25 Oct 2013 00:02:16 +0000, your IP address was: **.***.**.**
Type of infection (if known): ZeroAccess
Source Port: 49156
Destination Port: 16470
Destination IP: 70.xx.xx.19

Botnets are networks of compromised computers under the control of a
hacker or group of hackers. Botnets are often used to conduct various
attacks ranging from denial of service attacks on websites, to
spamming, click fraud, and distribution of malicious software.

To address this problem we ask that you immediately take the following
steps to secure your network:

1) If your computer(s) are managed by an Information Technology (IT)
   group at your place of work, then contact them immediately.

2) AT&T offers a free online scan tool PC Health Check that will scan
   for virus/spyware activity. https://pccheck.att.com/

3) If your computer(s) are personally owned, then update the security
   software on your system (follow the instructions on your vendor's
   website). You might also consider installing new security software such
   as AT&T Security Suite. http://www.att.net/iss (You must be logged in
   with the Master Account ID to download AT&T Security Suite).

4) If you are an advanced user, then consider reimaging your
   computer(s) and installing the necessary software patches. For less
   advanced users, this can be done by a third party such as AT&T Connect
   Tech. https://remotesupport.att.com/index.aspx AT&T Computer
   consultants trained to clean infected machines might also be located in
   your area (you can search at yp.com).

5) In all cases, please respond by forwarding this email to:
   [email protected] with an acknowledgement of: "I am taking steps to address
   this infection." When we receive such an acknowledgment, we can
   maintain the high quality of service you expect from us. We welcome
   feedback on what removal tools or method were used.

Although the activity is likely unintentional, it is still in violation
of AT&T's Acceptable Use Policy. To review the AT&T Acceptable Use
Policy, go to:

http://www.corp.att.com/aup/

Below are some additional sites you can visit for tools or information:

AT&T PC Health Check - Online virus, malware and spyware scan.
https://pccheck.att.com/

Microsoft Systems Anti-virus:
http://www.microsoft.com/security_essentials/

Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/en-us/default.aspx

Apple Systems Anti-virus:
http://www.apple.com/downloads/macosx/networking_security/avastantivirusmacedition.html

We also recommend you run anti-spyware application, like Malwarebytes
Anti-Malware or Spybot: http://malwarebytes.org/mbam.php
http://www.safer-networking.org/en/index.html

Regards,
AT&T Internet Services Security Center

SAFETY NOTE: We have included links in this email as a convenience.
Please note that it is always safer to copy and paste URLs included in
email directly into your browser to reach the referenced site.

Edited by Queen-Evie, 30 October 2013 - 05:51 PM.
moved from Windows 7 to Am I Infected


BC AdBot (Login to Remove)

 


#2 Roodo

Roodo

  • Members
  • 760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 AM

Posted 30 October 2013 - 05:00 PM

No worry, do you get on chats. that can false positive

#3 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 1,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:02:04 PM

Posted 30 October 2013 - 05:40 PM

My first thought would be how was this e-mail addressed ?  'Dear Nitro' ( or whatever you account holder name is ) or 'Dear AT&T customer'. If the former, it almost certainly came from AT&T, if the latter it probably did not !

 

Having said that, all the links appear genuine, as is the advice to copy / paste them into your browser - clicking directly on links in e-mails when you are not certain who they are from is generally considered a BAD idea !

 

You say you have run scans with MS Security Essentials and Malwarebytes, and they come up clean so you probably are clean. I would keep an eye on the situation and if you have any suspicions about what may be happening inside your computer, post this problem in the 'Am I infected' section of BC. That's where the experts on malware etc. hang out. If you do decide to do this, be patient. It may take a day or two for someone to get back to you - these people are busy !  Then follow their instructions carefully, and if you don't understand something, post back for clarification.

 

Chris Cosgrove



#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R. I. T.S. (and proud of it)


  • Global Moderator
  • 9,388 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:My own little world. They know me here.
  • Local time:08:04 AM

Posted 30 October 2013 - 05:54 PM

You say you have run scans with MS Security Essentials and Malwarebytes, and they come up clean so you probably are clean. I would keep an eye on the situation and if you have any suspicions about what may be happening inside your computer, post this problem in the 'Am I infected' section of BC.


No need to start a new topic in Am I Infected since your post has been moved here. The malware removal experts can help you determine if it is for real or a false positive.

#5 nitro169

nitro169
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 30 October 2013 - 07:36 PM

The email was addressed to me by my first and last name, seems legit enough, I do not use any chat programs so I'm not sure why this would be triggered.



#6 hamluis

hamluis

    Moderator


  • Moderator
  • 43,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:04 AM

Posted 31 October 2013 - 09:51 AM

FWIW:  http://www.att.com/esupport/article.jsp?sid=KB409170&cv=801#fbid=lQ5YTN0rtsQ

 

Louis



#7 nitro169

nitro169
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 31 October 2013 - 01:45 PM

Thank you for the link, however I'm not sure how it pertains to my issue.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users