Hello all. Hopefully this is quick. I have Centurylink DSL and have received a redirect from them whenever I use the internet. The redirect page indicates that my account may be infected. I chatted with support, installed their version of Norton, ran full scans, internet restored.
I received another email this morning with the following;
Date IP Additional Info =================== =============== ======================================================= 2017-12-04 09:27:24 220.127.116.11 infection => 'flashback', subtype => 'flashback', port => '49189', cc_port => '80', agent => 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1; sv:4; id:CB8518BF-D9C1-580F-8840-71B57FD94915) Gecko/20100101 Firefox/9.0.1', url => '/index.html', public_source => 'SecurityScorecard', asn => '209', cc_ip => '18.104.22.168', cc_asn => '32748', sourceSummary => 'Drone Report'
1. Flashback refers to a Mac virus. Can this be on a Windows machine?
2. It references Mozilla (Firefox browser?) but also Windows NT 6.1? I'm confused if this is a virus on the mac or the PC.
3. I should be able to do an "ipconfig" equivalent on the MAC and confirm the IP address matches correct?
Sorry if this sounds basic no-brainer stuff.
Edited by hamluis, 06 December 2017 - 11:05 AM.
Moved from MRL to Am I Infected - Hamluis.