You are both correct, I can't remember if I e-mailed/PM'd George or mentioned it in one of the threads in the Cooler, but if I remember correctly, he said he'll have the "security team" @ CC look at it.  Of course nothing has changed and like BJ said, I'm using compatability mode anyway, so I forgot about it also.  Thanks for bringing it up again Bartleby. 

 

---

DoubleG wrote:

Hello Barmar

Nice to hear from you. I did see the screen print for the constant guard but was wondering what gk77 pop up was saying as 77 said comcast stated pop up and email he got was not from them.

---

I assumed it was because the Comcast rep was unfamiliar with this feature. He should be able to compare the pop-up he got with the one at the beginning of the thread.

 

 

---

hclark1160 wrote:

funny how they recommend crappy norton security to download. NOD32 is much better.

---

Hardly surprising. They have a partnership with Symantec, it's the security software that comes for free with the service.

 

What does it do?

---

Pharrell wrote:

What does it do?

---

http://customer.comcast.com/Pages/FAQViewer.aspx?Guid=dd3521d5-23f9-4758-85ec-d1f59b89b05e

What is the lag time from when the Constant Guard decides there's a problem and when the email is sent. Since the emails don't give the time and date that a problem was detected, it is harder to distinguish what machine at my home the message is responding to, or if it is a false positive because (for example) a pattern of overnight activity was detected because I browse a lot at night.

 

---

stephenl123 wrote:

What is the lag time from when the Constant Guard decides there's a problem and when the email is sent. Since the emails don't give the time and date that a problem was detected, it is harder to distinguish what machine at my home the message is responding to, or if it is a false positive because (for example) a pattern of overnight activity was detected because I browse a lot at night.

 

 

 

Good suggestion! I will factor that in. If you got a notice recently, it was due to malware seen within the past week or two, FWIW.

I received my first notice 5 days ago.  Verified Windows/Norton updates and scanned four PCs.  NOTHING, not even tracking cookie showed up.  When I received 2nd email, I called tech support this afternoon, to find out how to put this to rest.  OMG.  'No one knows' what signals MY IP address is giving to elicit the bot alarm letter.  Oh yes, if pressed, he'd admit there ARE programmers involved in the process of generating these alarm emails. But PEOPLE (Comcast customers) don't TALK to programmers.  I wouldn't understand what they are saying.  OMG - YES, he said really this to me.  After 20 min, I had appt and had to give up the fight for SOME INFORMATION PLEASE.  Suggestions (other than letting me speak to someone WHO CAN REASON) varied between paying someone (like Norton?) a fee to scan my PCs FOR ME (as I can't trust the results received from following the Comcast-recommended checklist!), or, if everything came up clean, consider my problem non-existent, and ignore the repeated emails.  Did I say OMG already?

 

Back to square one.

 

---

LeslieS wrote:

I received my first notice 5 days ago.  Verified Windows/Norton updates and scanned four PCs.  NOTHING, not even tracking cookie showed up.  When I received 2nd email, I called tech support this afternoon, to find out how to put this to rest.  OMG.  'No one knows' what signals MY IP address is giving to elicit the bot alarm letter.  Oh yes, if pressed, he'd admit there ARE programmers involved in the process of generating these alarm emails. But PEOPLE (Comcast customers) don't TALK to programmers.  I wouldn't understand what they are saying.  OMG - YES, he said really this to me.  After 20 min, I had appt and had to give up the fight for SOME INFORMATION PLEASE.  Suggestions (other than letting me speak to someone WHO CAN REASON) varied between paying someone (like Norton?) a fee to scan my PCs FOR ME (as I can't trust the results received from following the Comcast-recommended checklist!), or, if everything came up clean, consider my problem non-existent, and ignore the repeated emails.  Did I say OMG already?

 

Back to square one.

---

We can't disclose the exact methods of detection for if we did, the folks behind the bot networks would work around them. If you received a notice 5 days ago, it was probably at my or my team's request. What you have done so far is fine but not sufficient. Please go to http://constantguard.comcast.net and follow all four steps for Windows. The last two tools - Immunet and Secunia are very important.

 

I can tell you this, on your IP address, our systems detected malware/bot activity as recently as 12/8/10. 3 different bot armies have been observed, with the most recent one detected and active 3 times so far in December.

 

We're working on a tool to enable customers to lookup these details themselves but it is not yet ready.

 

Jason

 

Thanks for the reply. My post was a LOT shorter than the circular conversation I really had w Security Support, and I edit out (in between, we know programmers exist, and "I wouldn't understand") that I wasn't asking HOW to program a bot, but how to FIND IT (as nothing had come up). I've gone back to the link to the 4-step process, and see that I get stopped at step 4... It's a frame within a comcast page without a scrollbar so I can see/click further links (more tools, I presume). I'll figure it out and get back to you all.  Thanks for just a little more detail... may be all I need

Step 4 recommends the download of these two tools:

 

http://secunia.com/vulnerability_scanning/personal?cgc

 

and 

 

http://www.immunet.com/free/comcast/index.html

I run Norton on all my computers plus my router is firewalled it even sends me an email when your trying to ping it so why would you send me an email stateing my computer might be infected I did a scan and found nothing. I find these scare tactics on Comcast's part abusive and a cheap ploy to sell some sort of service

 

---

jlivingood wrote:

Step 4 recommends the download of these two tools:

 

http://secunia.com/vulnerability_scanning/personal?cgc

 

 

 

Which version, the 1.5.0.2 or the 2.0 beta release?

Well, the v1.5.0.2 version fails to install on my Windows XP system.  Guess will try the 2.0 beta version.

 

Also, would be helpful if Comcast were to tell us what we are supposed to be looking for, like the name of the Bot) and how to tell when we have removed it successfully.  So far have had nothing frond with: Microsoft® Windows® Malicious Software Removal Tool (KB890830),, a few things found and removed with Windows Live safety scanner, nothing found with the Comcasr/Symantec anti-virus scanner, and this is going on 1 days of running full scans on my system.  When do I know when to stop?

Well the PSI v2.0 beta also fails to install on my system.  Only a dialog box that says "Installation Failed" and no details as to why. 

 

So my next step is????

 

---

4CrawlR wrote:

Well the PSI v2.0 beta also fails to install on my system.  Only a dialog box that says "Installation Failed" and no details as to why. 

 

So my next step is????

---

Did you try installing Immunet?

 

 

---

rontthatsme wrote:

I run Norton on all my computers plus my router is firewalled it even sends me an email when your trying to ping it so why would you send me an email stateing my computer might be infected I did a scan and found nothing. I find these scare tactics on Comcast's part abusive and a cheap ploy to sell some sort of service

---

 

These are certainly not intended as scare tactics. Also, having a firewall and A/V in many cases will not be able to stop malware. If that were the case, then lots of computers at Google wouldn't have been infected, or other large companies with locked down desktops, automatic A/V, and strict firewall and web proxy rules.

 

Here are some random examples:

http://www.obsessable.com/news/2009/03/05/acrobat-bug-can-lead-to-malware-installs-without-even-open...

 

http://www.theregister.co.uk/2010/01/19/google_china_attack_malware_analysis/

 

http://blog.damballa.com/?p=847

 

http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

 

http://googleonlinesecurity.blogspot.com/2010/03/chilling-effects-of-malware.html

 

---

jlivingood wrote:

 

---

4CrawlR wrote:

Well the PSI v2.0 beta also fails to install on my system.  Only a dialog box that says "Installation Failed" and no details as to why. 

 

So my next step is????

---

Did you try installing Immunet?

 

---

 

Yes, it found nothing with the full scan.

Then tells us with what we are infected with I can find nothing even with your tools. So tell me how it is hiding itself and where it can be found you sent me an email saying one of my computers may be infected so then it must be something Norton can't find and you can so tell us where it is otherwise don't send emails stating you MAY be infected thats like saying you May have a Heart attack tonite.

 

---

jlivingood wrote:

 

---

4CrawlR wrote:

Well the PSI v2.0 beta also fails to install on my system.  Only a dialog box that says "Installation Failed" and no details as to why. 

 

So my next step is????

---

Did you try installing Immunet?

 

---

 

OK, so it looks like the PSI 2.0 beta did install, despite the dialog box to the contrary.  At least there was a process running on the icon tray.  Running that shows 7 programs that are not fully up to date or secure.  Not sure what to do about that, or if I need to do anything about that. 

 

Again, what am I supposed to look for with this tool to determine if something is in need of attention. 

 

---

rontthatsme wrote:

tell us where it is otherwise don't send emails stating you MAY be infected thats like saying you May have a Heart attack tonite.

---

LIKE

 

 

---

4CrawlR wrote:

 

---

 

OK, so it looks like the PSI 2.0 beta did install, despite the dialog box to the contrary.  At least there was a process running on the icon tray.  Running that shows 7 programs that are not fully up to date or secure.  Not sure what to do about that, or if I need to do anything about that. 

 

Again, what am I supposed to look for with this tool to determine if something is in need of attention. 

---

Secunia simply monitors all the software addons that websites use, such as Flashplayer, Shockwave, and Java, to make their graphics work. For instance, you can't watch videos on YouTube unless you have Flashplayer installed on your machine. Just like any other software, addons need updates to keep them secure from hackers. Secunia will tell you if you need to install updates to any of these. It will run a scan and come up with a list of outdated stuff. Click on the little round arrow in each result to download and apply the update.

 

 

I have problems with this because it seems that I have to apply the same update multiple times before Secunia is happy and gives me 100%. That's one reason why I put it off sometimes.

 

---

Nikki16 wrote:

 

---

Secunia simply monitors all the software addons that websites use, such as Flashplayer, Shockwave, and Java, to make their graphics work. For instance, you can't watch videos on YouTube unless you have Flashplayer installed on your machine. Just like any other software, addons need updates to keep them secure from hackers. Secunia will tell you if you need to install updates to any of these. It will run a scan and come up with a list of outdated stuff. Click on the little round arrow in each result to download and apply the update.

 

 

I have problems with this because it seems that I have to apply the same update multiple times before Secunia is happy and gives me 100%. That's one reason why I put it off sometimes.

---

 

OK, so a few programs show update links, one is Adobe Acrobat (I have a paid for 6.x version that I use for making PDF files) and it takes me to the version 9 page which wants me to buy the new version for $199.99.  How can I tell if this old Acrobat version is the cause of this supposed BOT I may have.  It has probably been 2 weeks or so since I last used this program and only use it a few times a year, so forking out $200 for a new version makes little sense unless I know 100% for sure it is the problem.

 

Another update link is for Apple Quicktime and that one takes be to the Quicktime installer.  But I have the Itunes+Quicktime version installed and I know for sure that instailling the Quicktime-only version will "F" up the Itunes install.  So do I install the link that PSI points to or re-install the software I already have that was updated a few weeks ago as I recall?

 

And if I have been through all 4 pages of the Comcast "fix" script, am I done/clean/bot-free or did I just waste 2 days doing someone's guess as what might be a fix for a problem my PC might have?

OK, so calling in on the 1-800 number, the guy there, who did not seem to know much about what this Costant Guard BOT-email was about, said that if I had run through all 4 pages of steps at: https://constantguard.comcast.net/ that I was good to go.  So I guess unless I hear other wise, that is all you need to do.

@jlivingood:

 

Please pay atention to the rest of the Security Board and the vast amount of posts regarding Constant Guard.

 

 

 

I have 4 PCs total: (2) Win 7 x64s - 1 of them 'away' today, (1) Win 7 x32, (1) Win XP SP3.  Installed PSI on all 3 available.  On one, I went with the 2.0 Beta version, out of curiosity. Don't recall any issues with the installs.  The ENTIRE rest of my day since my post this morning has centered around updating or deleting various applications deemed as out-of-date or risky. For the most part, the PSI app was very helpful in quickly finding info & updates. On the top of the short MUST DO list, a Security pal at work had told me months ago to KEEP ADOBE PRODUCTS UPDATED. Must be a lot of truth in that advice, as Adobe seems to cause A LOT of security concerns.  If PSI worth anything... Adobe & Java were issues in common (multiple ways) on all 3 PCs. I use FireFox, so the "unresolvable" MSIE issues were non-issues for me.  EXCEPT, PSI requires that MSIE + Adobe Flash (for MSIE) be installed to display your scan history chart.  Pretty ironic!  And, installing alone doesn't seem to be enough... it must be your default browser.  ??  Oh well, I can live without the chart.

 

So, at this point, I have 3 machines up to 100% smiles from PSI. Nothing I did today revealed ANY BOTS, but presumably I've closed some doors.  It may be the fundtion of the 2nd recommended download - Immune.  Another anti virus program?  I don't know if it's still true, but I thought layering anti-virus suites was asking for trouble.  However, a quick blurb from a CNet review has persuaded me to try it, to satisfy myself, I have NO bad bots.

 

"Common Windows security wisdom says it's a bad idea to run multiple antivirus apps simultaneously. Generally that's true, but Immunet 2.0 intends to play nice with your existing protection and bolster it with help from the cloud and the crowd. Immunet's latest update introduces new scanning tools, detection engines, and support in a bid to persuade users that the program is the spackle they need to plug the holes in their security wall."

LOL, I hope some beats me to the punch on writing up their results from Immunet, as I've been typing here for 20 min. But I owe jlivingood something, as he at least gave me what I asked for!  Even if Immunet finds no bots, I did get alerted to several needed application updates (to included latest security patches) by PSI.  So thanks Jason.

 

 

 

@USAF,

.

You do your fair share answering questions regarding Norton, mega kudos for that. 

.

From what I've been reading from customers regarding constant guard, it's confusing to say the least, and I for one would say in big bold type:  RUN, DON'T WALK TO the SECURITY CLEANUP FORUM AT DSL :

.

http://www.dslreports.com/forum/cleanup

.

ciao, bj

 

Hello,

 

i received this email today. I am very careful while browsing the web, and do not download files from untrustworthy sites. I also scan every download with Avast. I am very concerned, however, because despite this email telling me I have a bot, I cannot find anything on my computer. I have used Avast, then uninstalled that and have used AVG. I used a Malware detector and it came back with nothing. I am afraid if I do have somehting, it is a rootkit that cannot be detected by any program, including Norton. What do I do in this situation? Reformat the hard drive? Will Comcast send me additional details or let me talk to someone about specifics? Please help - I am very upset and have spend the last 6 hours a nervous wreck while I research this situation and try to figure out what is going on.

 

---

4CrawlR wrote:

 

  Another update link is for Apple Quicktime and that one takes be to the Quicktime installer.  But I have the Itunes+Quicktime version installed and I know for sure that instailling the Quicktime-only version will "F" up the Itunes install.  So do I install the link that PSI points to or re-install the software I already have that was updated a few weeks ago as I recall?

---

 

So I manually installed the "latest" update from Apple and no go.  Turns out the QT-only is the version 7.6.9, which is what PSI wants to see, but the same page on apple.com lists 7.6.8 as the latest version of QT for Itunes, which is what I installed.

 

Also, on the old Adobe applications I have installed, I only use those for converting locally created files to PDF format.  I have the most current version of the Acrobat Reader installed for viewing on-line and down-loaded PDF files. 

 

Aside from the above two instances (3 files in total), my PSI score went from 94% to 98% but I see no way to get to 100%.  So is this OK or is this the cause of my purported BOT infestation? 

 

How can I tell when things are cleaned up???

 

 

 

---

CC_Dete wrote:
Removed for flaming and trolling

---

CC_Dete, a Comcast employee is upset his employer's greed and incompetence is being exposed.

 

Test

 

---

stephenl123 wrote:

What is the lag time from when the Constant Guard decides there's a problem and when the email is sent. Since the emails don't give the time and date that a problem was detected, it is harder to distinguish what machine at my home the message is responding to, or if it is a false positive because (for example) a pattern of overnight activity was detected because I browse a lot at night.

---

We try to keep it recent (generally past 2 weeks) to avoid the possibility of false positives.  There is recent detection related to your IP that indicates possible malware infection within that timeframe.

 

Some interesting reading below:

- http://discussions.apple.com/thread.jspa?threadID=2680148&start=0&tstart=0

- http://blogs.chron.com/techblog/archives/2010/10/comcast_goes_after_bots_but_how_effectively.html

 

One of my computers connected to the net is an old SGI Irix machine, wonder if I can get a Norton version for it?

 

And again, I ask if there is a way I can test to see that I have cleaned my machines of this purported bot.  If not, why?

i was sent this email

 

Dear Comcast Customer,

The Constant Guard™ service has identified that one or more of your computers may be infected with a Bot. Please read on.

A Bot, also referred to as malicious software or malware, is used to gain control of your computer, typically without your knowledge. Online criminals can use Bots to collect your personal and private data, such as Social Security numbers, bank account information, and/or credit card numbers by monitoring your keystrokes. This can lead to identity theft and fraud.

We strongly recommend visiting the Comcast Constant Guard Center at https://constantguard.comcast.net for instructions to help you remove the Bot from your computer(s). If you select to remediate the Bot by yourself, please follow all the steps provided within the Constant Guard Center to assist in Bot removal. We also advise that you keep your computer(s) protected by performing regular Operating System updates and by using Norton Security Suite anti-virus software.

Sincerely,

Comcast Customer Security Assurance

 

why can t comcast just tell me what the infection is.

and why do they insist on anti malware programs that screw up systems worse than some malware.

not a very happy camper

 

wonder if they have an app. for my ipad .. scan that

 

 

---

wtfnow wrote:

i was sent this email

why can t comcast just tell me what the infection is.

and why do they insist on anti malware programs that screw up systems worse than some malware.

not a very happy camper

 

---

 

What do you mean? We have told you the infection is malware. Many bots are 'utility bots' so one moment they can send spam, the next DDoS, and then capture keystrokes, etc.  And, you needn't take our advice on what tools to try. The important part is that you are aware that you are very likely to have malware. 

 

BTW, associated with your IP are 2 bot net families in the past week, sighted active on 9 occasions.

Some results from Immunet... (note:I am on my 3G iPhone because I don't want to turn on my network)
I installed the 14-day full trial on 2 computers and didn't find anything. Do you have to register before it can find anything? Then I forgot about it. Today I am checking my router logs for signs of malware coming out of my computer (not sure if bot would attempt to port scan and propagate if I haven't cleaned it fully).

So I see tons of dropped packets from random ports on my PC to random IP addresses on ports 53 and 32137. I freak. Figure I am still infected or something. (my pc had awoken from hibernation during the day) googling the ports I eventually discover they are from Immunet Protect! It sends outgoing udp traffic on those ports. So warning! It will try to connect every 30 seconds. The random IPs I looked up were in the US- amazon, comcast, etc, so I assume it has a list of server IPs somewhere to phone home.

Still paranoid to turn Internet modem on. Now I need to look up the perfect keylogger DifXInstall32.exe that spybot found.

There is another thread here where one of the authors of Immunet has said he will take questions on how it works. It is a novel approach to AV with a lot of merit.

Suelynn2z:

 

Let me introduce myself.  My name is Adam J. O'Donnell, and I am one of the authors of Immunet.  I wrote the cloud component, which I will get into in a bit.  I can answer some of your questions about the product.

 

So.... the full version of the product (and the 14 day trial) differs from the free/out of trial version in a few ways, but the largest is that if you have the full version you are covered when you are offline.  If you are online, it will still catch viruses, even if you are out of the trial window, so you don't need to worry about that part.

 

Our product is a cloud-based AV technology, meaning it looks up hashes and fingerprints associated with executables over the internet to know if it is a virus or not.  The port 53 and 32137 traffic is your copy of protect asking our servers (hosted at Amazon) if a file is a virus or not.  This is the latest and greatest way of doing AV, and I personally expect that if an AV program doesn't have this kind of technology now, they will in a few years.

 

Finally, most malware doesn't send UDP traffic, the protocol we use for looking up whether or not a file is a piece of malware.  Most of the time, if it is trying to connect to a command and control server or it is trying to copy local data off your computer (like your credit card number), it will use TCP, which is better suited for larger data transfer.  Sadly, the bad guys do know what they are doing and do produce decent quality software.

 

Take care

 

Adam

That is very nice of you to admit to knowing more than the generic email That was sent out.

 

"BTW, associated with your IP are 2 bot net families in the past week, sighted active on 9 occasions"

 

Now if you want to be real helpful send me the mac. address to the pc That was active on  nine occasions.

 

i have run scans with avg. , defender, and Microsoft security essentials with good results. no infections found.

 

the only thing not scanned was my ipad. Wonder if my gmail login for my ipad pocket cloud (rdp) is  setting off the flag.  Any way thanks for the reply.

 

 

 

 

 

 > Now if you want to be real helpful send me the mac. address to the pc That was active on  nine occasions.

 

To know that we'd have to have software on your home gateway (router) and/or your LAN. We do not have that and I doubt very much you'd be comfortable granting us that access...

 

 > i have run scans with avg. , defender, and Microsoft security essentials with good results. no infections found.

 

Have you tried Secunia, Immunent, or MalwareBytes?

 

 

 

---

adamjodonnell wrote:

Suelynn2z:

 

Let me introduce myself.  My name is Adam J. O'Donnell, and I am one of the authors of Immunet.  I wrote the cloud component, which I will get into in a bit.  I can answer some of your questions about the product.

 

So.... the full version of the product (and the 14 day trial) differs from the free/out of trial version in a few ways, but the largest is that if you have the full version you are covered when you are offline.  If you are online, it will still catch viruses, even if you are out of the trial window, so you don't need to worry about that part.

 

Our product is a cloud-based AV technology, meaning it looks up hashes and fingerprints associated with executables over the internet to know if it is a virus or not.  The port 53 and 32137 traffic is your copy of protect asking our servers (hosted at Amazon) if a file is a virus or not.  This is the latest and greatest way of doing AV, and I personally expect that if an AV program doesn't have this kind of technology now, they will in a few years.

 

Finally, most malware doesn't send UDP traffic, the protocol we use for looking up whether or not a file is a piece of malware.  Most of the time, if it is trying to connect to a command and control server or it is trying to copy local data off your computer (like your credit card number), it will use TCP, which is better suited for larger data transfer.  Sadly, the bad guys do know what they are doing and do produce decent quality software.

 

Take care

 

Adam

---

 

So I am now finding on my WinXP desktop that if left on for maybe 8-10 hours (like overnight) that the agent.exe process is taking up 99% of my CPU time and the system is totally unresponsive and I have to power it down and restart in order to get access again.  Per ProcessExplorer, agent.exe is the "Immunet Protect Agent".  This started happening about a week after installing Immunet s/w. 

 

What is going on?

 

4CrawlR,

I think this is being addressed in the Immunet thread, so you'll pardon if we don't cross-post.

4CrawlR,

I believe this being addressed in the Immunet thread (http://forums.comcast.net/t5/Security-and-Anti-Virus/Hello-from-an-AV-software-author/td-p/838105)  We'll keep that discussion there to reduce cross-posting.

---

Jordan_RO wrote:

4CrawlR,

I believe this being addressed in the Immunet thread (http://forums.comcast.net/t5/Security-and-Anti-Virus/Hello-from-an-AV-software-author/td-p/838105)  We'll keep that discussion there to reduce cross-posting.

---

Yes, that is fine and only one reply is needed. 

 

Plus I don't seem to get any answers to any of my questions in this thread anyway.