Reply
Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Bot Alert Email

I have received a few of these emails over the past month:

 

Dear XFINITY Customer,
Constant Guard from XFINITY identified that one or more of your computers may be infected with a bot. A bot is a malicious form of software that is used to send spam, host a phishing site, or steal your identity by monitoring your keystrokes without your knowledge. It may be possible you are unaware that your computer is infected with a bot.
We strongly recommend you visit XFINITY.com/BotAssistance for important information on how to remove malicious software from your computer(s).
We appreciate your prompt attention to this important security notice.
Sincerely,
Constant Guard from XFINITY

 

I have Avast Antivirus and Malware Bytes running on my computer.  Both are fully up to date.  I also am using Windows Firewall and Windows 7 is up to date.

 

Each time I received one of these emails I ran a full system scan with both Avast and Malware Bytes.  I also did a rootkit scan with Kaspersky's rootkit scanner.  All scans have turned up nothing.

 

I'm not sure what Constant Guard is detecting, but I can't find any trace of a bot or malware on my system.  I know they can't catch everything, but I'm not seeing any hint of malicious software.  What gives?

 

Brad

Gold Problem Solver
BruceW
Posts: 7,738
Registered: ‎12-03-2007

Re: Bot Alert Email


hdarb wrote: ... I'm not sure what Constant Guard is detecting, but I can't find any trace of a bot or malware on my system. ...

You didn't mention wireless. It's a long shot, but if you have a wireless router, check your security setup: http://forums.comcast.com/t5/Home-Networking-and-Router-Help/How-to-Secure-a-Wireless-Router/td-p/11.... Changing the wireless password would be a reasonable precaution.

 

Other than that, it sounds like you're doing all you can. Have you talked with Customer Security Assurance? They might be able to provide additional information about the bot detections: 1-888-565-4329 M-F 9am-11:30pm ET, S-S 10:30am-6:30pm ET, http://security.comcast.net/get-help/contact-comcast-security.aspx. Please let us know what they have to say.

Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Re: Bot Alert Email

Thanks for the suggestion.  I will try changing my wireless router's password.  I haven't talked with Comcast Customer Support yet.  I'm not a fan of calling customer support lines, so I thought I'd try to get some more information here first.

 

Brad

Security Expert
LoPhatPhuud
Posts: 2,838
Registered: ‎11-01-2005

Re: Bot Alert Email

Don't waste your time call Customer Support for information or assistance with the bot notice. Most know little about it and they don't have access to the information you need. Call the Security Assurance team..

 

Comcast Customer Security Assurance team

1-888-565-4329


M-F, 9:00 am – 11:30 pm EST
S-S, 10:30 am – 6:30 pm EST




"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Re: Bot Alert Email

I called the Comcast Security Team.  I was told that the most recent suspicious activity occurred this morning around 8 AM, when I was sleeping and my computer was turned off.  The tech suggested that someone may have compromised my wireless router, so I did a hard reset and changed the SSID and password.  He also said that the Constant Guard alert seemed to be "stuck" on my account, so he reset it.  I'm going to see if these steps alleviate the problem.  If not, I'll call them back.

 

Resetting my router also had the convenient effect of speeding up my internet service.  For the last couple of days my connection speed has seemed to have been getting progressively slower.  I thought it was just due to network traffic, but today it was barely crawling.  Resetting the router has brought everything back up to normal speed again.  Apparently something was "gumming up" my wireless router.

 

Brad

Gold Problem Solver
BruceW
Posts: 7,738
Registered: ‎12-03-2007

Re: Bot Alert Email


hdarb wrote: ... I'm going to see if these steps alleviate the problem.  If not, I'll call them back. ...

Sounds good, especially the part where the router reset took care of the speed problem. I hope that takes care of things for you. But if there are further developments, please let us know.

Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Re: Bot Alert Email

I was hoping that I had fixed the problem.  I received another bot notice today around 11:30 AM, when the computer was turned off.  The notice said that it was a reminder, so perhaps it relates to the prior bot activity?  I haven't had a chance to call Comcast yet, though I plan to do that soon.

 

My router has been running slow again today.  Perhaps I'm paranoid, but could the two issues be related?  It's not my computer that has the slow connection, but the wireless modem/router.  I checked this with my iPhone and PS3, which all received the same slow speed over both WiFi and wired connections.  I had to leave for work, so I haven't had a chance to try resetting the router to see if that fixes the problem.  Or is it possible my router is starting to die?  I've had it for about 6 years now.

 

Brad

Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Re: Bot Alert Email

I called Comcast again and the tech I spoke with told me there have been over 30 bot-like hits on my account in the past 48 hours.  He gave me a couple of ideas for possible bots that I could search for on my computer.  He also recommended that I get the router exchanged because if it's dieing, while unlikely, it could be causing errors or inadvertently redirecting some activity and triggering the bot notices.

 

If none of this works I'm going to try one of the online tech support forums for more help.  Otherwise I may have to do a format and restore of my computer.

 

Brad

Gold Problem Solver
BruceW
Posts: 7,738
Registered: ‎12-03-2007

Re: Bot Alert Email


hdarb wrote: ... He also recommended that I get the router exchanged because if it's dieing, while unlikely, it could be causing errors or inadvertently redirecting some activity and triggering the bot notices. ...

It does seem unlikely that a failing router would be triggering bot notices. But at this point, you almost need to swap it out to see if that improves the slowdown problem and/or the bot notice problem.


If none of this works I'm going to try one of the online tech support forums for more help.  Otherwise I may have to do a format and restore of my computer.

Ouch! Hope it doesn't come to that. I believe that Bleeping Computer, among others, has a good rep for malware removal. Let's hope that if changing the router doesn't solve both problems, then a session with a malwale specialist will.

 

Good luck, and please keep us posted.

Official Employee
cc_adame
Posts: 334
Registered: ‎09-13-2010

Re: Bot Alert Email

[ Edited ]

Brad,

 

Please PM me with your current IP address ( http://whatismyip.com ) and I'll check to see if we're still see the activity.

 

Thanks,

 

Adam

 

Link fixed - Thanks!

--
Adam
Comcast National Engineering // Customer Protection Team
Security Expert
USAF_E-8_RET
Posts: 5,175
Registered: ‎10-28-2003

Re: Bot Alert Email


cc_adame wrote:

Brad,

 

Please PM me with your current IP address (http://whatismyip.com) and I'll check to see if we're still see the activity.

 

Thanks,

 

Adam


Adam,

 

Your link does not seem to work. but this one does: http://www.whatismyip.com/

 

Also here's some info on PM's for Brad if they are not familiar with PM's

 

 

Private Messages (PM’s)

 

 

 

At the top of each Forum page you will see a small white envelope screenshot.108.jpg

 

 

 

This is the icon for Private Messages, referred to as ‘PM’s’. A Private Message is a way to communicate in private, to another User, Moderator, or Administrator out of public view in the Forums.

 

 

 

 

 

The white envelope turns to yellow when you receive a PM. screenshot.107.jpg

 

 

 

To open a PM to read it, double click on the yellow envelope. If you click on the white envelope a window will open with tabs for your Private Message Inbox, Sent Messages, Friends, Ignored Users, and Compose new Message. You can also access this area by clicking on the Username in a Thread or post. By default, Private Messages are enabled. You can disable this feature in My Settings>Preferences> Private Messenger.

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Re: Bot Alert Email

I sent you a PM Adam.  And thank you, USAF_E-8_RET for the assistance.  I knew what a PM was, but I had no idea how to send one through this forum.

 

BTW, I posted a help request on bleepingcomputer.com.  So far the only response I've received is from someone who's suggested I just ignore the bot notices.  Here's the link to the discussion:

 

http://www.bleepingcomputer.com/forums/topic425184.html/page__pid__2455569#entry2455569

 

Brad

Security Expert
USAF_E-8_RET
Posts: 5,175
Registered: ‎10-28-2003

Re: Bot Alert Email


hdarb wrote:

I sent you a PM Adam.  And thank you, USAF_E-8_RET for the assistance.  I knew what a PM was, but I had no idea how to send one through this forum.

 

BTW, I posted a help request on bleepingcomputer.com.  So far the only response I've received is from someone who's suggested I just ignore the bot notices.  Here's the link to the discussion:

 

http://www.bleepingcomputer.com/forums/topic425184.html/page__pid__2455569#entry2455569

 

Brad


Yes the individual who responded did go ballistic on these forums awhile back, so I would expect such a reply from him.

 

I suggest you go to DSLR.   See this link for more info on them:

 

http://forums.comcast.com/t5/Security-and-Anti-Virus/Where-to-Seek-Malware-Removal-Assistance/m-p/88...


BTW, LoPhatPhuud (a Security Expert here) also volunteers his time over there.

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Re: Bot Alert Email

Thanks.  I posted my problem on the malware/virus removal forum on bleepingcomputer.com.  I had to run a report of all the programs and processes running on my system.  It may take a few days to hear back from anyone.  I'll keep you posted on what happens.

 

On a side note, a technician from Comcast is coming by today to check my signal and replace my modem/router.  I was told by customer service that there were several "red spots" on my line, which likely indicate signal or hardware problems.

 

Brad

Security Expert
USAF_E-8_RET
Posts: 5,175
Registered: ‎10-28-2003

Re: Bot Alert Email

OK Brad, thanks for the update.

 

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Re: Bot Alert Email

Comcast installed my new modem/router yesterday.  Aside from my internet now running much faster (a welcome bonus), I've been told there hasn't been any new bot activity from my new ip address.  Mind you, I only used my computer for a few hours after the new modem was installed, so this could be a coincidence.  But with the frequency that I was getting hits of bot activity (at one point over 30 in two days), I would think that I should see some activity in that short amount of time.

 

I've asked Adam to check my new ip address one more time on Monday, after a weekend of frequent computer usage.  If nothing shows up by Monday, I think I can call myself cured.

 

I'm still wondering if the failing router had anything to do with the bot notices.  I know it's very unlikely, but the timing seems to suggest it might not be so farfetched.

 

BTW, I haven't heard anything more from the forums at bleepingcomputer.com.  I'll post here again if I find out anything new.

 

Brad

Security Expert
USAF_E-8_RET
Posts: 5,175
Registered: ‎10-28-2003

Re: Bot Alert Email

Great Brad - hopefully there will nothing to report  BOTwise come Monday!

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Re: Bot Alert Email

Adam checked my ip address and there hasn't been any bot activity since last week.  I hope this means I'm free and clear and that the bot isn't just inactive for now.

 

Brad

Gold Problem Solver
BruceW
Posts: 7,738
Registered: ‎12-03-2007

Re: Bot Alert Email


hdarb wrote: Adam checked my ip address and there hasn't been any bot activity since last week.  I hope this means I'm free and clear and that the bot isn't just inactive for now. ...

Good deal -- hope that holds for you. It's a shame they're so backed up over at BleepingComputer. It would be interesting to know what the gurus there find, if anything. Keep us posted, OK?

Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Re: Bot Alert Email

Will do.  I ended up closing my post over at bleepingcomputer because no one had replied in 5 days and the system asked me to reply if I still had a problem.  If the issue recurs I will definitely return there and start a new post.

 

Brad

Security Expert
USAF_E-8_RET
Posts: 5,175
Registered: ‎10-28-2003

Re: Bot Alert Email

[ Edited ]

Brad,

 

orry you got no response from Bleeping Computers - I would suggest you to go this route if there is a next time:

 

If your computer is still infected, then you will need additional assistance You'll find instructions and links for the programs needed here:

http://www.dslreports.com/faq/13616

 

Once you have the log, post them here, along with any antivirus and antispyware logs you may have: http://www.dslreports.com/forum/cleanup

 

Note that membership at DSLR is not required to post logs in the SCU forum, but it is highly recommended.

 

I recommend this as one of our Seucrity Expert's here also volunteers his time @ that site.

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

New Visitor
John12345678
Posts: 2
Registered: ‎12-05-2010

Re: Bot Alert Email

I just received the same Bot warning email, which I have gotten several times over the past few weeks.  Each time I run a full scan of of antivirus program and it comes up with nothing each time.  I just called Comcast support and they patched me through to internet support.  The tech told me to disregard the emails because they were just comcast's way of adertising their antivirus program.  If this is true, it is completely unethical and maybe even illegal.  If he was misinformed and I really do have a bot, then it was a total waste of my time to call customer service.

Gold Problem Solver
BruceW
Posts: 7,738
Registered: ‎12-03-2007

Re: Bot Alert Email


John12345678 wrote: ... The tech told me to disregard the emails because they were just comcast's way of adertising their antivirus program.  ...

The tech is a fool. Please call Customer Security Assurance for information about bot detections: 1-888-565-4329 M-F 9am-11:30pm ET, S-S 10:30am-6:30pm ET, http://security.comcast.net/get-help/contact-comcast-security.aspx. Please let us know what they have to say.

New Visitor
John12345678
Posts: 2
Registered: ‎12-05-2010

Re: Bot Alert Email

Thank you for providing that phone number.  Ijust called and while the tech was extremely nice, the call did not provide much help.  I told the rep that I have an antivirus on all computers, which is updated daily and that I ran full virus scan and malware bytes scan.  He said that it was probably a suspicious website that was visited and to look out for suspicious emails.  He also asked if I had router security, which I do.  Basically he said that the email was to make sure I was "crossing on my i's and dotting all my t's".  No further action required.  He did agree that the Comcast rep that told me it was a way of advertising their antivirus program was incorrect but went on to advise me of the comcast website where I could get free and paid product to enhance my security. 

Connection Expert
EG
Posts: 43,717
Registered: ‎12-24-2003

Re: Bot Alert Email


BruceW wrote:

John12345678 wrote: ... The tech told me to disregard the emails because they were just comcast's way of adertising their antivirus program.  ...

The tech is a fool.

 

FWIW, the phone reps are NOT "techs".......

 

Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Re: Bot Alert Email

I still don't know what to make of the notices I received.  For two weeks after my router was replaced there was no bot activity reported on my account.  Then today, out of the blue, I received another bot notice.  I sent a PM to Adam to see if he can check on this for me.

 

I understand why Comcast is using this program, but I think the implementation has been poor.  If you're going to send emails to your customers regarding possible bot activity, you need to provide more concrete proof and more legitimate answers.  I can fully understand why many Comcast customers are getting ticked off about these notices and the general lack of information available.

 

Brad

Official Employee
cc_adame
Posts: 334
Registered: ‎09-13-2010

Re: Bot Alert Email

Brad,

 

Thanks for the feedback. This is something we're definitely working to make better. This thread may interest you: http://forums.comcast.com/t5/Security-and-Anti-Virus/Bot-Education/td-p/1080895

 

 

--
Adam
Comcast National Engineering // Customer Protection Team
Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Re: Bot Alert Email

Adam,

 

Thank you for the link and for providing me with more detailed information.  I appreciate it.  Unfortunately, I cannot find any evidence of that particular trojan on my system, after reading up on it via the web.

 

I'm going to try pleading my case to the folks over at dslreports.com, as was suggested previously, to see if they can be of assistance.

 

Thanks,

Brad

Contributor
hdarb
Posts: 16
Registered: ‎08-18-2011

Re: Bot Alert Email

I went back to bleepingcomputer.com instead of dslreports.com (their maintenance programs caused problems with my system that I had to use System Restore to fix).  After reviewing the logs I generated, I'm told that there is absolutely nothing malicious on my computer.  There has been no reported bot activity on my account for several days now, according to Comcast.  None of my virus or malware scans have turned up anything.  So, the bot notices were either caused by the failing router or by an infected website I may have visited by mistake.  Either way, I've decided to ignore any Comcast bot notices from now on, as the false-positive rate seems to be way too high.

 

Thanks to everyone for your assistance.

 

Brad

New Visitor
Steve1951
Posts: 1
Registered: ‎11-21-2011

Re: Bot Alert Email

Adam, I've received numerous Bot Alerts from Constant Guard. I went through the recommended process in the email, had both my desk top and PC "cleaned" by a professional IT service company and a few weeks ago replaced my router. But I'm still receiving the "Reminders" from Constant Guard. I don't know what else I can do.

 

What would you suggest?

Thanks!

Official Employee
cc_adame
Posts: 334
Registered: ‎09-13-2010

Re: Bot Alert Email


Steve1951 wrote:

Adam, I've received numerous Bot Alerts from Constant Guard. I went through the recommended process in the email, had both my desk top and PC "cleaned" by a professional IT service company and a few weeks ago replaced my router. But I'm still receiving the "Reminders" from Constant Guard. I don't know what else I can do.

 

What would you suggest?

Thanks!


Steve, I'll PM you with some more information.

--
Adam
Comcast National Engineering // Customer Protection Team