Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am receiving a Constant Guard Bot Warning


  • Please log in to reply
5 replies to this topic

#1 ziggle

ziggle

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 21 November 2014 - 11:14 PM

I have three Windows computers on my network (7,8.2,8.2) and two phones. Two computers have Kaspersky, one has AVG. All run Windows Firewall. Two weeks ago, I began receiving the following warning.

 

TDSS-TDL_CriminalFinancial_Artro Multi-Purpose November 21st 2014, 4:37:22 pm

 

I have run the following anti-virus tools on all my computers in an effort to find this Bot:

  • Kaspersky
  • Kaspersky TDSSkiller
  • Symantec PowerEraser
  • Malwarebytes
  • BitDefender
  • Windows Defender offline (one computer)

None of the tools has found anything. Comcast is less than useless. What should I try next?

 

 



BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:09:42 PM

Posted 22 November 2014 - 12:12 AM

I will assume you checked using Am I Botted? which gave you the names of the detected bots.

Do you have a network set up and have more than one computer connected to the network? If you do, it could be on any computer that is on your network.

Then again, there may be NO bot.

Did you receive an email from Comcast about this?

Unless they changed the wording of the notice, it says
 

Constant Guard from XFINITY identified that one or more of your computers may be infected with a bot.


That does not necessarily mean there is one.

Do you have a network set up? If so, it could be on any of the computers that connect to your network. Then again, as stated above, there may be no bot on any of them.

No, they will not be able to tell you which computer "MAY" have a bot.

And in the Comcast help forum, where there are NUMEROUS posts about this you could be told by an employee (if one happens to stumble upon your post) that they observed signs of likely malware infection. If questioned they will then say you "likely" have a bot.

The notice is tied to your MODEM which is why if there is a network you don't know which computer MAY have a bot.

From cc_adame Comcast National Engineering in the Comcast help forum
 

The notice is tied to your modem

http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1466883/highlight/true#M89772


Something using your cable modem is exhibiting the behaviour of a bot.

http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1466891/highlight/true#M89773


we're only alerting you because we are seeing activity from *something* behind your modem that is bot traffic. We can't tell you which device it is because that would require us to do Deep Packet Inspection, which nobody wants - we care about your privacy, and will not do that.

I recommend you contact CSA, who can further assist you with figuring out which device behind your modem is infected and can remove the notice.

Normal business hours (6:00 am to 2:00 am EST, 7 days a week) 888-565-4329http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1467167/highlight/true#M89784


First aid following a botnet notice is to run a full scan with your AV software. If that comes up clean, try the free version of Malwarebytes Anti-Malware. You indicate that you have used several scanners and they found nothing. If you do have a network you will need to scan ALL computers using the network.

Wait 24 hours and then check Am I Botted? again. (if you get curious you can check before then)

At this point in time don't panic and don't worry about it to much. If Am I Botted does keeps saying you are THEN you can do whatever it takes to determine whether it's fact or fiction. The malware removal folks here at Bleeping Computer will be glad to help you.
 

1) going to the amibotted does not rescan it just reports that they saw activity in the last 24-26 hours.
2) Comcast clears the you are botted message after a few hours so it you wait 27-30 hours the website will say you do not have a bot until the magical bot activity is seen again.

http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1559963/highlight/true#M91304


They used to have a so-called self-help guide. This was totally useless and did not do anything to help you determine IF there was a bot and on which computer. The procedures did not show any infections/malware. It wanted you to download and install the Constant Guard Protection Suite, which includes Norton Security.

I got one of those you may be botted emails in February of 2013. I did scan 2 of the 4 computers on my network and scans came up clean. After that I decided to wait the 24 hours and check again. When I did Am I Botted said all clear.

You can download and installTrend Micro RUBotted. This is a beta but works just fine.
If you want to try it http://free.antivirus.com/us/rubotted/index.html

While this is an older topic it still contains good advice http://forums.comcast.com/t5/Security-and-Anti-Virus/What-do-I-do-if-I-receive-a-BOT-notification/m-p/1082387/thread-id/83716/message-uid/1082387

Bottom line is to run those scans. Even though it may turn out to be nothing, there could also be some truth to it.

Edited by Queen-Evie, 22 November 2014 - 12:16 AM.


#3 ziggle

ziggle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 22 November 2014 - 12:16 AM

Everything you said is true for me. At this point, I have done all you recommended, including runing RUBotted (I forgot to mention that). I have also added AVG's mobile virus checker to my Android phones (nothing found). I will wait 24 hours.

 

Thanks.



#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:09:42 PM

Posted 22 November 2014 - 12:29 AM

I would like to thank you for using the words Constant Guard in your topic title. As soon as I saw it I knew Comcast was involved.

Also, please post the results of the re-check. I'm curious enough to want to know what it tells you.

#5 ziggle

ziggle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 22 November 2014 - 12:30 AM

Will do. Thanks for the support.



#6 ziggle

ziggle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 22 November 2014 - 06:07 PM

I received another bot warning -- same as before. I had rescanned all my computers and put the AVG mobile scan on my phones (Androids). Could my router logs show anything that would be useful? Any ideas on how to proceed?

 

I did try the Direkt tool, but that found nothing.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users