To expand a bit on what Quietman said (thank you Quietman for the links)
The keyword here is "may".
The following is the canned speech I use when someone reports receiving a Constant Guard notice from Comcast:
I will assume you checked using Am I Botted?
which gave you the names of the detected bots.Then again, there may be NO bot.
Did you receive an email from Comcast about this? (You said you did)
Unless they changed the wording of the notice, it says
Constant Guard from XFINITY identified that one or more of your computers may be infected with a bot.
That does not necessarily mean there is one.
Do you have a network set up? If so, it could be on any of the computers that connect to your network. Then again, as stated above, there may be no bot on any of them.
No, they will not be able to tell you which computer "MAY" have a bot if you call Comcast.
And in the Comcast help forum, where there are NUMEROUS posts about this you could be told by an employee (if one happens to stumble upon your post) that they observed signs of likely
malware infection. If questioned they will then say you "likely" have a bot.
The notice is tied to your MODEM which is why if there is a network you don't know which computer MAY have a bot.
Comcast National Engineering in the Comcast help forum
The notice is tied to your modem
Something using your cable modem is exhibiting the behaviour of a bot.
we're only alerting you because we are seeing activity from *something* behind your modem that is bot traffic. We can't tell you which device it is because that would require us to do Deep Packet Inspection, which nobody wants - we care about your privacy, and will not do that.
I recommend you contact CSA, who can further assist you with figuring out which device behind your modem is infected and can remove the notice.
Normal business hours (6:00 am to 2:00 am EST, 7 days a week) 888-565-4329http://forums.comcast.com/t5/Security-and-Anti-Virus/constant-guard-alert-bot/m-p/1467167/highlight/true#M89784
First aid following a botnet notice is to run a full scan with your AV software. If that comes up clean, try the free version of Malwarebytes Anti-Malware.
Wait 24 hours and then check Am I Botted? again. (if you get curious you can check before then)
At this point in time don't panic and don't worry about it to much. If Am I Botted does keeps saying you are THEN you can do whatever it takes to determine whether it's fact or fiction. The malware removal folks here at Bleeping Computer will be glad to help you.
1) going to the amibotted does not rescan it just reports that they saw activity in the last 24-26 hours.
2) Comcast clears the you are botted message after a few hours so it you wait 27-30 hours the website will say you do not have a bot until the magical bot activity is seen again.
They used to have a so-called self-help guide. This was totally useless and did not do anything to help you determine IF there was a bot and on which computer. The procedures did not show any infections/malware. It wanted you to download and install the Constant Guard Protection Suite, which includes Norton Security. (*side note* Comcast no longer has the Constant Guard Protection Suite. They do still offer Norton free to customers)
I got one of those you may be botted emails in February of 2013. I did scan 2 of the 4 computers on my network and scans came up clean. After that I decided to wait the 24 hours and check again. When I did Am I Botted said all clear.
You can download and install Trend Micro RUBotted. This is a beta but works just fine.
If you want to try it http://free.antivirus.com/us/rubotted/index.html
While this is an older topic it still contains good advice http://forums.comcast.com/t5/Security-and-Anti-Virus/What-do-I-do-if-I-receive-a-BOT-notification/m-p/1082387/thread-id/83716/message-uid/1082387
Bottom line is to run those scans. Even though it may turn out to be nothing, there could also be some truth to it.
And when in doubt, you can start a topic in Am I Infected? and someone will help you determine if your system is infected.
There is a possibility that infection exists on your computer. It may or may not be the one Comcast is telling you about.
Edited by Queen-Evie, 19 June 2015 - 11:07 AM.