Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comcast Bots and users have only Comcast in common???


  • Please log in to reply
2 replies to this topic

#1 GregM63

GregM63

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 01 April 2015 - 11:46 AM

Here is my latest from comcast. Seems i am not the only one affected. What do we have in common other than comcast being our providor? I would suggest this is a comcast network problem.     CONSTANT GUARD REPORTS 1 Bot Detected
       
  •  
 
 

 



BC AdBot (Login to Remove)

 


m

#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:09:37 PM

Posted 01 April 2015 - 01:10 PM

I will assume you checked using Am I Botted? which gave you the names of the detected bots.

Then again, there may be NO bot.

Did you receive an email from Comcast about this?

Unless they changed the wording of the notice, it says
 

Constant Guard from XFINITY identified that one or more of your computers may be infected with a bot.


That does not necessarily mean there is one.

Do you have a network set up? If so, it could be on any of the computers that connect to your network. Then again, as stated above, there may be no bot on any of them.

No, they will not be able to tell you which computer "MAY" have a bot.

And in the Comcast help forum, where there are NUMEROUS posts about this you could be told by an employee (if one happens to stumble upon your post) that they observed signs of likely malware infection. If questioned they will then say you "likely" have a bot.

The notice is tied to your MODEM which is why if there is a network you don't know which computer MAY have a bot.

From cc_adame Comcast National Engineering in the Comcast help forum
 

The notice is tied to your modem

http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1466883/highlight/true#M89772


Something using your cable modem is exhibiting the behaviour of a bot.

http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1466891/highlight/true#M89773


we're only alerting you because we are seeing activity from *something* behind your modem that is bot traffic. We can't tell you which device it is because that would require us to do Deep Packet Inspection, which nobody wants - we care about your privacy, and will not do that.

I recommend you contact CSA, who can further assist you with figuring out which device behind your modem is infected and can remove the notice.

Normal business hours (6:00 am to 2:00 am EST, 7 days a week) 888-565-4329http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1467167/highlight/true#M89784


First aid following a botnet notice is to run a full scan with your AV software. If that comes up clean, try the free version of Malwarebytes Anti-Malware.

Wait 24 hours and then check Am I Botted? again. (if you get curious you can check before then)

At this point in time don't panic and don't worry about it to much. If Am I Botted does keeps saying you are THEN you can do whatever it takes to determine whether it's fact or fiction. The malware removal folks here at Bleeping Computer will be glad to help you.
 

1) going to the amibotted does not rescan it just reports that they saw activity in the last 24-26 hours.
2) Comcast clears the you are botted message after a few hours so it you wait 27-30 hours the website will say you do not have a bot until the magical bot activity is seen again.

http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1559963/highlight/true#M91304


They used to have a so-called self-help guide. This was totally useless and did not do anything to help you determine IF there was a bot and on which computer. The procedures did not show any infections/malware. It wanted you to download and install the Constant Guard Protection Suite, which includes Norton Security.

I got one of those you may be botted emails in February of 2013. I did scan 2 of the 4 computers on my network and scans came up clean. After that I decided to wait the 24 hours and check again. When I did Am I Botted said all clear.

You can download and installTrend Micro RUBotted. This is a beta but works just fine.
If you want to try it http://free.antivirus.com/us/rubotted/index.html

While this is an older topic it still contains good advice http://forums.comcast.com/t5/Security-and-Anti-Virus/What-do-I-do-if-I-receive-a-BOT-notification/m-p/1082387/thread-id/83716/message-uid/1082387

Bottom line is to run those scans. Even though it may turn out to be nothing, there could also be some truth to it.

Edited by Queen-Evie, 01 April 2015 - 01:15 PM.


#3 GregM63

GregM63
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 01 April 2015 - 02:07 PM

In reply Yes I used amibotted which detects the bot SpyEye_CriminalFinancial_Origin. RuBotted detects nothing. I have isolated the other pcs on my network they are not affected.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users