Same thing here, this afternoon was the first alert. I think Comcast and Constant Guard want our cash with their software. But, that's just me.
Shame on Comcast on pulling such a cowardly marketing tactic, trying to rile up fear so you would buy their constant guard service.
There is no charge for Constant Guard. It's free for Comcast internet customers.
Having said that, there is an Identity Guard service which must be subscribed to and has nothing to do with malware/infection/bots.
I will assume you checked using Am I Botted?
which gave you the names of the detected bots.
Do you have a network set up and have more than one computer connected to the network? If you do, it could be on any computer that is on your network.Then again, there may be NO bot.
Did you receive an email from Comcast about this?
Unless they changed the wording of the notice, it says
Constant Guard from XFINITY identified that one or more of your computers may be infected with a bot.
That does not necessarily mean there is one.
Do you have a network set up? If so, it could be on any of the computers that connect to your network. Then again, as stated above, there may be no bot on any of them.
No, they will not be able to tell you which computer "MAY" have a bot.
And in the Comcast help forum, where there are NUMEROUS posts about this you could be told by an employee (if one happens to stumble upon your post) that they observed signs of likely
malware infection. If questioned they will then say you "likely" have a bot.
The notice is tied to your MODEM which is why if there is a network you don't know which computer MAY have a bot.
Comcast National Engineering in the Comcast help forum
The notice is tied to your modem
Something using your cable modem is exhibiting the behaviour of a bot.
we're only alerting you because we are seeing activity from *something* behind your modem that is bot traffic. We can't tell you which device it is because that would require us to do Deep Packet Inspection, which nobody wants - we care about your privacy, and will not do that.
I recommend you contact CSA, who can further assist you with figuring out which device behind your modem is infected and can remove the notice.
Normal business hours (6:00 am to 2:00 am EST, 7 days a week) 888-565-4329http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1467167/highlight/true#M89784
First aid following a botnet notice is to run a full scan with your AV software. If that comes up clean, try the free version of Malwarebytes Anti-Malware.
Wait 24 hours and then check Am I Botted? again. If you do have a network you will need to scan ALL computers using the network.
(if you get curious you can check before then)
At this point in time don't panic and don't worry about it to much. If Am I Botted does keeps saying you are THEN you can do whatever it takes to determine whether it's fact or fiction. The malware removal folks here at Bleeping Computer will be glad to help you.
1) going to the amibotted does not rescan it just reports that they saw activity in the last 24-26 hours.
2) Comcast clears the you are botted message after a few hours so it you wait 27-30 hours the website will say you do not have a bot until the magical bot activity is seen again.
They used to have a so-called self-help guide. This was totally useless and did not do anything to help you determine IF there was a bot and on which computer. The procedures did not show any infections/malware. It wanted you to download and install the Constant Guard Protection Suite, which includes Norton Security.
I got one of those you may be botted emails in February of 2013. I did scan 2 of the 4 computers on my network and scans came up clean. After that I decided to wait the 24 hours and check again. When I did Am I Botted said all clear.
For what it's worth, the Comcast Help Forums, Security subforum, has had several postings over the past few days about the same thing-receiving "you are botted" messages. http://forums.comcast.com/t5/Security-and-Anti-Virus/bd-p/13
Some state they ran various scanners and found nothing.
One suspects the traffic it seems to be detecting is coming from individual web sites and pop-ups/unders, not the computer.
Comcast did some recent upgrades with the network bot detection service and that when people started to receive these notices. It could very well be a false positive.
I suspect that Comcast did some recent upgrade with their network security bot detection services and many of us are getting hit with false positives. The other possibility is a very subtle, very wide spread set of bots that have gone undetected for a long time are are just now being detected.
Just before I started this reply, I went to am i botted and it tells me that 2 bots detected-date Sept. 6.
I then downloaded and installed Trend Micro RUBotted. Ran it and no bots detected.
If you want to try it http://free.antivirus.com/us/rubotted/index.html
Note that it is a beta.
While this is an older topic it still contains good advice http://forums.comcast.com/t5/Security-and-Anti-Virus/What-do-I-do-if-I-receive-a-BOT-notification/m-p/1082387/thread-id/83716/message-uid/1082387
Bottom line is to run those scans. Even though it may turn out to be nothing, there could also be some truth to some of them.
Just for fun, I looked at amibotted just before I started composing this reply. It found 2.
As for me, I am ignoring the 2 Comcast says it saw. I ran all my scans this morning before I saw am i botted and nothing malicious was found by any of them.
edit to add: both computers scanned with my arsenal. The other one is also clean.
Edited by Queen-Evie, 07 September 2014 - 11:04 AM.