Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comcast Says We Have a Bot


  • Please log in to reply
14 replies to this topic

#1 mred27

mred27

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 21 June 2013 - 08:57 AM

Got a Comcast email stating we have a bot. Doesn't way which computer so how do I check them please? Haven't run any checkers yet although, two of the three machines have malwarebytes professional running. Mine has Kapersky Internet Security 2012, another Avast and the third Avira.

 

Thought to troubleshoot mine first. The details of which are listed in my profile. Thanks.



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:29 AM

Posted 21 June 2013 - 08:19 PM

I've seen several cases of this lately and all of them were false positive.

 

What file is indicated by Comcast as a culprit?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:12:29 PM

Posted 22 June 2013 - 01:00 PM

You should have been given a link to Am I Botted. Did you check there? What does it tell you?

https://amibotted.comcast.net/all-clear.html
 
There should also be a so-called self-help guide. This is totally useless and won't do anything to help you determine IF there is a bot and on which computer. The procedures do not show any infections/malware. It will want you to download and install the Constant Guard Protection Suite, which includes Norton Security. Another option is to get help from paid support, which is from a 3rd party, not Comcast.
 
And unless they changed the wording of the notice, it says 
 

Constant Guard from XFINITY identified that one or more of your computers may be infected with a bot.


That does not necessarily mean there is one.
 
No, they will not be able to tell you which computer "MAY" have a bot.

And in the Comcast help forum, where there are NUMEROUS posts about this you could be told by an employee (if one happens to stumble upon your post) that they observed signs of likely malware infection. If questioned they will then say you "likely" have a bot.

First aid following a botnet notice is to run a full scan with your AV software. If that comes up clean, try the free version of Malwarebytes Anti-Malware.

Then check Am I Botted again the next day, preferably 24 hours later.
 
From cc_adame Comcast National Engineering in the Comcast help forum
 

The notice is tied to your modem 
 
http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1466883/highlight/true#M89772

 

Something using your cable modem is exhibiting the behaviour of a bot.
 
http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1466891/highlight/true#M89773

 

we're only alerting you because we are seeing activity from *something* behind your modem that is bot traffic. We can't tell you which device it is because that would require us to do Deep Packet Inspection, which nobody wants - we care about your privacy, and will not do that.
 
I recommend you contact CSA, who can further assist you with figuring out which device behind your modem is infected and can remove the notice.
 
Normal business hours (6:00 am to 2:00 am EST, 7 days a week) 888-565-4329http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1467167/highlight/true#M89784

 
Also from the that same topic which is why you should recheck after 24 hours. (if you get curious you can check before then)
 

1) going to the amibotted does not rescan it just reports that they saw activity in the last 24-26 hours.

2) Comcast clears the you are botted message after a few hours so it you wait 27-30 hours the website will say you do not have a bot until the magical bot activity is seen again.
 
http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1559963/highlight/true#M91304


For what it's worth, I received one of those notices in February. Am I Botted said yep, you are.
 
I ran AV and MBAM scans on the 2 computers I had access to. Nothing was found yet I was still told there was a bot. At that point I decided not to fool around with taking over the 3rd computer to run the scans. My husband would not have been happy giving it up for a while.

And the 4th computer it could have been on was one belonging to a guest in my home, and he had left the day before. As he is a long haul truck driver and would have had to pay for Wifi access at a truck stop I did not contact him and request he check his laptop.
 
The next day I checked again and Am I Botted gave the All Clear.
 
A lot of people have also reported that they were given the all clear about 24 hours later.
 
At this point in time don't panic and don't worry about it to much. If Am I Botted does keeps saying you are THEN you can do whatever it takes to determine whether it's fact or fiction.

side note: I recall Broni, who helps people clean up infected systems, also got one of the notices. Just for fun I looked up the topic he started in the Comcast forum. He was very critical of the notices, as have been many others and I happen to agree with them.

Edited by Queen-Evie, 22 June 2013 - 01:53 PM.


#4 mred27

mred27
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 22 June 2013 - 01:09 PM

I've seen several cases of this lately and all of them were false positive.

 

What file is indicated by Comcast as a culprit?

No file listed...just a generic message. Thanks.



#5 mred27

mred27
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 22 June 2013 - 01:13 PM

Thanks for the link! Says no bot detected. Will check again in a day or so. Appreciate the help! Thanks again!

You should have been given a link to Am I Botted. Did you check there? What does it tell you?
 
https://amibotted.comcast.net/all-clear.html
 
There should also be a so-called self-help guide. This is totally useless and won't do anything to help you determine IF there is a bot and on which computer.
 
And unless they changed the wording of the notice, it says

 
A lot of people have also reported that they were given the all clear about 24 hours later.
 
At this point in time don't panic and don't worry about it to much. If Am I Botted does keeps saying you are THEN you can do whatever it takes to determine whether it's fact or fiction.

 



#6 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:12:29 PM

Posted 22 June 2013 - 02:19 PM

Also for what it's worth, or in this case, what is worthless here is the link for the so-called self-help "removal" guide.

http://constantguard.comcast.net/botassist/index.html

Note that the page states "for safely removing".

NOTHING about the "help" removes anything.

If interested and you haven't tried it, please do so. You don't have to actually do the steps. Just keep clicking Next.

What you get are SUGGESTIONS, not anything that would find and remove the "bot".

#7 mred27

mred27
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 22 June 2013 - 03:20 PM

Thanks, Queen! Figures "Communistcast" would prove incompetent. LOL

Also for what it's worth, or in this case, what is worthless here is the link for the so-called self-help "removal" guide.

http://constantguard.comcast.net/botassist/index.html

Note that the page states "for safely removing".

NOTHING about the "help" removes anything.

If interested and you haven't tried it, please do so. You don't have to actually do the steps. Just keep clicking Next.

What you get are SUGGESTIONS, not anything that would find and remove the "bot".



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:29 AM

Posted 22 June 2013 - 07:25 PM

side note: I recall Broni, who helps people clean up infected systems, also got one of the notices. Just for fun I looked up the topic he started in the Comcast forum. He was very critical of the notices, as have been many others and I happen to agree with them.

There is more to it and I find this whole situation outrageous.

I was so upset that I made several calls to Comcast and I was eventually connected to some Comcast security division.

Several more phone calls and emails later NOBODY was able to tell me what exactly was detected.

This is like a joke. Why to scare people if they have no clue if anything is even going on.

I've been playing with computers for 25 years and I never ever had any single infection.

 

BTW make sure you do NOT install Constant Guard Protection Suite which is totally useless.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:29 AM

Posted 22 June 2013 - 07:31 PM

As I mentioned I had 3-4 cases of that Comcast scary email on another forum.

All were false positives.

Before I found out I went through a whole nine yards, wasting my time, checking those computers for something malicious.

 

Couple of samples:

http://www.techspot.com/community/topics/new-adware_criminalfinancial_sprotector-thread.193406/

http://www.techspot.com/community/topics/another-adware_criminalfinancial_sprotector-thread.193299/


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:12:29 PM

Posted 22 June 2013 - 10:07 PM

Broni, on 22 Jun 2013 - 7:25 PM, said:
BTW make sure you do NOT install Constant Guard Protection Suite which is totally useless.

So is ALL Comcast software. Comcast does not have a stellar history with branded software.

tip of the day: do not install Comcast Easy Solve. It's basically a glorified cache cleaner. It does not find problems because it won't find them. Neither will it "help" with connection problems.

#11 mred27

mred27
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 22 June 2013 - 11:09 PM

Thanks Broni and Queen for all your help!



#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:29 AM

Posted 22 June 2013 - 11:25 PM

You're very welcome :)

 

This topic is a great example of a confusion Comcast creates for no reason.

 

Just look at the message:

 

 

CONSTANT GUARD REPORTS

1 BotDetected

Bot NameTypeLast Seen

More Info

Adware_CriminalFinancial_SProtector Multi-Purpose June 15th 2013, 3:47:16 pm

LEARN MORE


Bot Notes: Unclassified
Times Seen: 235

 

 

What the heck is Adware_CriminalFinancial_SProtector Multi-Purpose?

Even Google search produces (practically) zero hits.

 

...and what the average user should do about it to remedy stupid email from Comcast.

OK, he can come to a forum like this one, go through all kind of scans, wasting some helper time to find his computer totally clean.

Then what?

Wait for another email from Comcast?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:29 AM

Posted 22 June 2013 - 11:28 PM

There were three hits on Google. One of them from Comcast forum so I couldn't resist to reply there :)

http://forums.comcast.com/t5/Security-and-Anti-Virus/Re-constant-guard-alert-bot/m-p/1725171/highlight/false#M93999


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:12:29 PM

Posted 23 June 2013 - 12:10 AM

Very good reply Broni.

I did not bother to post there (or here) when I received that email. The only reason I decided to run MBAM and antivirus scans was because I was finished using both computers that night. I knew they wouldn't find anything. I knew to check Am I Botted the next day and it would probably tell me no bots present.

Comcast is real good at scaring people. Not so good with the "removal" help, which is non-existent. I've not figured out how updating Java and Adobe Flash, installing Operating System (OS) updates, checking Your Security Software (there is a link for this one which tells you Find out if your computer has anti-virus software installed, and adding Immunet Protect and Secunia will REMOVE a bot or anything else.

Maybe it's on purpose so people will use the paid support option, Xfinity Signature Support, which is contracted to a 3rd party who will want to access your computer remotely to help you get of the dreaded bot which you may not even have. No thank you to that. I refuse to let someone I don't know access my system. If I need malware help I'll get it here at Bleeping Computer because I can be assured that those helping me KNOW WHAT THEY ARE DOING. I don't know the level of training and expertise of the Signature Support "helper".

In fact, if I need ANY help for ANY computer issue I would seek help here. For free.

That's another thing NOT use. If you decide you want to cancel Sig Support, good luck. The Comcast forum is full of complaints that it is almost impossible to cancel.

Other than being your cable/internet and maybe phone provider just say NO anything else with the name Xfinity or Comcast attached to it.

I help in the Comcast forum. I get asked a lot if I am a Comcast employee. I AM NOT and don't want to be. If were I would have to toe/tow the Comcast company line. Right now I'm content to criticize Comcast when necessary, to tell people Comcast software is crappy and to let them know that Signature Support is a rip off.

Edited by Queen-Evie, 23 June 2013 - 12:20 AM.


#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:29 AM

Posted 23 June 2013 - 10:20 AM

Hahaha...I didn't know you got that email too...what a pity.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users