Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Centurylink msg - Possible Virus - Flashback

  • Please log in to reply
1 reply to this topic

#1 ericvangs14


  • Members
  • 2 posts
  • Local time:06:23 PM

Posted 06 December 2017 - 10:57 AM

Hello all.  Hopefully this is quick.  I have Centurylink DSL and have received a redirect from them whenever I use the internet.  The redirect page indicates that my account may be infected.  I chatted with support, installed their version of Norton, ran full scans, internet restored.


I received another email this morning with the following;


Date IP Additional Info =================== =============== ======================================================= 2017-12-04 09:27:24 infection => 'flashback', subtype => 'flashback', port => '49189', cc_port => '80', agent => 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1; sv:4; id:CB8518BF-D9C1-580F-8840-71B57FD94915) Gecko/20100101 Firefox/9.0.1', url => '/index.html', public_source => 'SecurityScorecard', asn => '209', cc_ip => '', cc_asn => '32748', sourceSummary => 'Drone Report'



1.  Flashback refers to a Mac virus.  Can this be on a Windows machine?  

2.  It references Mozilla (Firefox browser?) but also Windows NT 6.1?  I'm confused if this is a virus on the mac or the PC.

3.  I should be able to do an "ipconfig" equivalent on the MAC and confirm the IP address matches correct?


Sorry if this sounds basic no-brainer stuff.  


Thank you.



Edited by hamluis, 06 December 2017 - 11:05 AM.
Moved from MRL to Am I Infected - Hamluis.

BC AdBot (Login to Remove)


#2 ericvangs14

  • Topic Starter

  • Members
  • 2 posts
  • Local time:06:23 PM

Posted 06 December 2017 - 06:46 PM

Hello.  A quick update (and more confusion)...


I just got home and checked on 2 of the PCs connected to my router.  they both show the same ip address.  this is different than from what i get when i cmd ipconfig.


i guess this means that the ip referenced in Centurylink's note is the public ip address for my entire internet connection and doens't tell me anything more than that the attack is originating from my house correct?  again, apologies if this is basic IT 101.  


does the windows reference mean anything?


Thanks for any thoughts.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users