Reply
Contributor
Posts: 7
Registered: ‎02-13-2007

Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

I have received an email twice in the last week alerting me that Alureon malware was detected on my system.  We've followed the directions and scanned all laptops and pcs in the house but nothing was ever found.  I've read some of the threads on here from other customers who have gotten notices that there was a bot detected and they were never able to find anything either - not specifically Alureon.

 

It sounds like this thing behaves like a virus (of sorts).  It can lie dormant in your system until something wakes it up.  Is it correct that while it is dormant, it cannot be detected? 

 

We have noticed nothing suspicious on our systems and I'm concerned that I keep getting this message (even a voicemail) and I can find nothing. Is there a way I can at least determine which system might be infected? 

 

Thanks for any and all responses.

 

T

Security Expert
USAF_E-8_RET
Posts: 5,043
Registered: ‎10-28-2003

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Have you checked out Option #1 here?

 

http://xfinity.comcast.net/constantguard/botassistance/dnsbot

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Contributor
Posts: 7
Registered: ‎02-13-2007

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)


USAF_E-8_RET wrote:

Have you checked out Option #1 here?

 

http://xfinity.comcast.net/constantguard/botassistance/dnsbot



 Yep.  That is exactly where the email and voicemail led me.  I followed the directions and the tool found nothing.  I also scanned with SuperAntiSpyware, Malwarebytes, some Microsoft malware tool and a full scan with norton.  Nothing was found. 

Security Expert
USAF_E-8_RET
Posts: 5,043
Registered: ‎10-28-2003

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

You can call the Customer Security Assurance Department for more assistance on your situtaton?  If no joy, perhpas a malware removal site (FREE) linsted in this link may be able to help.  http://forums.comcast.com/t5/Security-and-Anti-Virus/Where-to-Seek-Malware-Removal-Assistance/m-p/88...

 

 

How to contact the Comcast Customer Security Assurance Department:

 

 

 

The Customer Security Assurance organization has been established to ensure a safe and secure online experience for Comcast customers. This team is a dedicated group of security professionals who respond to issues pertaining to phishing, spam, infected PCs (commonly referred to as "bots"), online fraud and other security issues.

 

 

 

Normal business hours (M-F, 9:00 am to 11:30 pm EST
S-S, 10:30 am to 6:30 pm EST)

1 - 888-565-4329

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Official Employee
B-Mor
Posts: 63
Registered: ‎12-10-2010

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Have you checked your router?

There is an FAQ on the xfinity.com/dnsbot page that says "How to find the infected computer?" Did you follow the steps in that link?

 

Official Employee
jlivingood
Posts: 1,095
Registered: ‎05-09-2007

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)


B-Mor wrote:

Have you checked your router?

There is an FAQ on the xfinity.com/dnsbot page that says "How to find the infected computer?" Did you follow the steps in that link?

 


Exactly. 

 

And check http://dns-ok.us/ and https://amibotted.comcast.net

JL
National Engineering & Technical Operations
Security Expert
USAF_E-8_RET
Posts: 5,043
Registered: ‎10-28-2003

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)


B-Mor wrote:

Have you checked your router?

There is an FAQ on the xfinity.com/dnsbot page that says "How to find the infected computer?" Did you follow the steps in that link?

 


What B-Mor really meant since  very few of our customers even know the page exsists that he is referring to or the URL:

 

Go here: 

http://xfinity.comcast.net/constantguard/botassistance/dnsbot

 

The FAQ is the last FAQ on in the left column at the bottom of the page which provides the following:

 

 

 

How to find the infected computer?

 

If you have multiple computers in your home and you are not sure which one may be infected, there is another way to do so. Instead of connecting your computer to the internet via the wireless gateway or home router, connect each one separately to the cable modem one at a time. Once an individual computer is connected to the cable modem, go to http://www.dns-ok.us. If you get a green page back, the connected computer is OK; if you get a red page back it is infected.

If you continue to receive notification from Comcast that you are infected and you have ensured that all your computers are OK, then it is likely that your home router / wireless gateway settings have been changed by the DNS Changer malware and you will need to reset this following the manufacturer’s instructions.

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Contributor
Posts: 7
Registered: ‎02-13-2007

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

I followed the directions for cleaning all my PCs and took some other measures based on information I found in other areas on the web but I did not see that FAQ.  I will try it and see if I can figure out which PC has the bot - although, I may have taken care of it by now.  i've not gotten any new email alerts.  Thanks USAF.

Visitor
Posts: 3
Registered: ‎03-16-2009

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

 

Suggestion, make sure you that if you have a "static ip" and/or "static dns" set up on your computer (for whatever reason) that you check and update the 'static dns' as it has/is changeing for comcast.

 

The lastest comcast dns is 75.75.75.75 with secondary of 75.75.76.76

 

Just another thing to check if you are sure you do not have alureon or any of its related ilk.

 

Recognized Contributor
AGhelp
Posts: 97
Registered: ‎02-28-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

[ Edited ]

Just to let others know, the green screen check showed nothing on mine either. i had to use the link provided at comcast

 

amibotted.comcast.net/demo/detected.html

 

I also had to run it a couple of times. We found that 1 computer was infected and gave us the time stamp and names of the bots detected, it was called DNS Changer not the Alureon through the check. However, when we "erased" with Norton's, we only saw 1 thing erased.

 

it was weird timing though since our internet in the area was out at that time. Anyway, I used their fix it yourself tools "Nortons Eraser" and 1 click change. Afterwards, we saw nortons was not opening or working. No idea if it was messed up before the eraser program.

 

Nortons chat actually double checked a bot was not present and reinstalled nortons to function properly.

 

Most important: Change setting password on router. We used the wizzard to change the settings from the manufacturers defualt settings. Added our own name/password and high encription.

 

So far, I asked comcast to check if there was anymore reported DS Changer activity on our network and they told me there hasn't been so far. I had to persist to get them to tell me that though. However, they are able to give you the information through the security department. Sometimes, a person on the forum will be nice enough to check your account. Don't request help from signature support unless you can pay though. The security department listed in the above post can check your activity.

 

 

New Visitor
jen2012
Posts: 2
Registered: ‎03-02-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

I have received this same notification regarding Alureon. I have checked my computer (has Norton 360 on it) and my step-son's, which is a Mac. There is no Constant Guard program for Macs. Does anyone have experience with checking/adjusting the DNS settings on a Mac?

 

So far, I have spent hours on hold for the Security Assurance team. Unfortunately, I have two toddlers who limit my ability to spend much time on this, though I've already put in a lot of hours, as previously mentioned.

 

Is there a step-by-step set of instructions for the Mac users?

Visitor
Posts: 3
Registered: ‎03-16-2009

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

^ Setting DNS on Mac. I don't use a Mac, but Googled the step-by-step in the link below. If your Mac is set to 'automatic' you should be 'ok'. If your Mac is set to 'static dns' just make sure it's not set by your son-in-law for a specific purpose. If it is set for a specific purpose then see my response above on the "static" Comcast dns settings.

 

http://www.askdavetaylor.com/find_the_dns_servers_on_your_mac.html

 

 

Official Employee
B-Mor
Posts: 63
Registered: ‎12-10-2010

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

For assistance in removing the DNS Changer malware from either a PC or MAC please visit the following webpage which has been set up to specifically address this issue with step-by-step instructions based on your operating system.

 

http://xfinity.com/dnsbot

 

You may also have to contact your router manufacturer to determine the best way to make sure your router's settings are correct as well.

New Visitor
Posts: 1
Registered: ‎08-05-2008

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Sorry for replay but just to let you know that I called my computer technician and he checked my computers ,said there was nothing wrong of any of them.Then I called comcast and spoke with some of internet issues customer service technician and after explaining what I did and that I didn't find anything wrong ,he simply told me to just forget about it !! I asked but what will happen tomorrow if I stayed without internet connection if I do not download this Guard,He simple answer to me that tomorrow this notice will just go off and like nothing happened !! So get an answer from there :smileysad:( We do not have Aleureon malware in our computers !! They just want us to download their program in our computers.Thank you ,but NO thank you.My computers are fine and I do not go on any malicous websites so I am not downloading it...And I am happy I paid my computer technician to come and check my computers ,before downloading this program.
I am writing this just to let you know that just one phone call and explanation that my computers are checked by profesional ,changed conversation and they told me to just ignore it and tomorrow it will stop pop up that warnings and leave us alone.I am shocked because that mean that there is nothing wrong with a lot of us and they just want us to download that program.I wonder why!?
I feel betrayed because they sent me so many warning for nothing and I am disable and in so much pain ,and I got stressed out about this a lot...and find out I didn't need that program at all from begining..I am so sad :smileysad:(

Contributor
Posts: 7
Registered: ‎02-13-2007

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

@AGhelp - this was very helpful information but I'm still puzzled.

 

So, over the course of about 3 weeks I've done the following ...

 

I've downloaded and run the Fix It Yourself Norton tool that comcast provides on their xfinity/dnsbot page no less than 2 times on each computer and nothing was ever found.

 

I've run Malware Bytes and SuperAntiSpyware on all my PCs at least 3 times.  A Trojan was found on my kids' PC the first time I ran it 3 weeks ago but nothing has been found since and I still get the emails and letters from Comcast saying I have a bot.

 

I ran a full scan with Norton Anti-virus twice in addition to the regularly scheduled twice a week scans on all three of my pcs and nothing was found but tracking cookies.  Each time, I cleaned them.

 

I checked the "how to tell which pc" thing and all PCs got the green "ok" screen

 

I went to amibotted.comcast.net and tested them there and they all came out clean.

 

My router has a non-factory ID and password with WPA2 (or something like that) security.  It always has, so I didn't change anything there.

 

Lastly, I've not noticed any kind of bot-like activity.  No bouncing or returned emails or anything.  Supposedly my service will be cut off tomorrow due to this bot thing.  This is very frustrating - especially seeing that there are many, many people experiencing the same thing.  One would think that if there is a way to detect malicious activity, there should be a way to track where it is coming from.  IP Address or NIC Address, so it can be isolated.

 

I will try again to get through to the security department but I can't sit on the phone all day.

 

Thanks everyone for your help, but this issue is not yet resolved.

Security Expert
USAF_E-8_RET
Posts: 5,043
Registered: ‎10-28-2003

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Hi Uuuuugh,

 

I understand your frustraton with sitting on the phone, but as March 7 draws closer, the busier the Security folks are going to get on the phone.  Perhaps a PM to ,   or may be a better route to go at this point in time.

 

Here is info on PM if you are not familiar!

 

Private Messages (PM’s)

 

 

 

At the top of each Forum page you will see a small white envelope screenshot.108.jpg

 

 

 

This is the icon for Private Messages, referred to as ‘PM’s’. A Private Message is a way to communicate in private, to another User, Moderator, or Administrator out of public view in the Forums.

 

  

The white envelope turns to yellow when you receive a PM. screenshot.107.jpg

  

To open a PM to read it, double click on the yellow envelope. If you click on the white envelope a window will open with tabs for your Private Message Inbox, Sent Messages, Friends, Ignored Users, and Compose new Message. You can also access this area by clicking on the Username in a Thread or post. By default, Private Messages are enabled. You can disable this feature in My Settings>Preferences> Private Messenger.

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Recognized Contributor
AGhelp
Posts: 97
Registered: ‎02-28-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

-----------Uuuuugh

 

 

Looks liek you have followed all the steps I know except 1.

 

Although you had changed your password on the router previously, they have THAT information. Mine happened to be the default and I had never changed the manugfacturer's password when I installed.

 

 Use your previous log in and password for your router to get access to the administrater rights on your router and change it to a new one. I changes username, password to the router ssid, and password encryption. I actually changed it again today to double check and ran the amibotted again.

 

From what I understand, it can be cleared off your computer but if you don't change the password on your router the dnschanger bot can still gain access through your actual router. It may reinfect your computers or simply run directly through the router by taking it over.

 

I'm not an expert, but if the amibotted page showed nothing several times I would say its probably on the router. I would just change to make sure. Who honestly knows if we don't whether or not we will have access.

 

Recognized Contributor
AGhelp
Posts: 97
Registered: ‎02-28-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

--------aldi1

 

Hopefully your clear.

I know you said the technician checked all your computers but did he change your router settings? It can actually be your router with the bot and not the computer itself.

 

I think some of it is probably being overplayed but the deadline is the FBIs not comcast and I would rather be safe. Although I wouldn't pay them either.

 

I only recieved 1 email and a letter in the mail regarding1 date. The test actually showed another date and it showed up as

DNS changer Bot not the Aleron name (I know Im speeing it wrong).

Contributor
Posts: 7
Registered: ‎02-13-2007

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Update: So, after about 35 minutes on hold, I spoke with a representative from the Security Assurance department.  He confirmed that my router is clean by checking my DNS settings.  He then directed me to reset the DNS settings on my pcs.  They were all "DNS server address obtained automatically" already, so I'm not sure how much of a difference that makes.

 

He told me that was all I could do and wait a few days to see if I get another letter.  He also told me that only the infected pc would be prevented from getting to the internet.

 

I'm not happy about the result but hopefully I'm done with this.  Good luck everyone else.  I will consider this resolved but if I get another bot letter or find that I cannot get to the internet from one of my pcs, I'll do another update.

Recognized Contributor
AGhelp
Posts: 97
Registered: ‎02-28-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Me to...please keep updating since I was told the same thing. Nothing since the 17th although i began cleanup on 28th when I recieved letter in mail. Everybody cross your fingers and our digital world is not about to go upside down. At least there's smartphone 3g if needed :smileywink:

Recognized Contributor
AGhelp
Posts: 97
Registered: ‎02-28-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Update-computers seem to be up. Need to do some more investigating and checks on other devices.

 

Hopefully no additional problems

Official Employee
ComcastJordan
Posts: 780
Registered: ‎03-17-2008

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Really glad to hear it, AGhelp.  Unfortunately, I was away from the forums for a few days and missed your posts.  Please keep us updated.

Contributor
Posts: 11
Registered: ‎10-27-2006

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

I don't know about others, but I am still getting these pain in the a-- in browser warnings all over my web pages. I have done everything I can, as has everyone else. Through my research today I was at least able to validate that this IS a real threat and not just a hoax. I read on the FBI website that a judge has extended the deadline for 4 more months! I found a PDF on the website that helped me figure out which computer was affected and changed the DNS settings on that computer as the settings were actually corupted. I then went back to the comcast website to run through the self-correct option. I actually did the same steps on my laptop and on the affected computer at the same time and I was given 2 completely different sets of fix-it steps! WTH! The affected computer directed me to install and run the Norton Eraser while my laptop directed me to the Microsoft website's Malicious Software Removal Tool. Affected computer runs Windows XP and laptop runs Windows 7, but I wouldn't think that would elicit two completely different fix-it protocols. I started to run the Eraser on the affected computer, but then decided to do a quick "background check" on the Eraser. There were some fishey comments about it so I decided to do the Microsoft Tool on both computers. Guess what! Nothing found. On either computer. I scanned through the report and it doesn't even appear that it works with the DNS_Changer. Meanwhile, the Comcast warning keeps popping up blocking all of my web pages. I read something that said that you can turn off the warnings at least temporarily until the next warning, but it did not say how you are supposed to do that. I guess I will try the Norton's eraser tool after all, after a bit more research. Ugh!!!! 

Official Employee
B-Mor
Posts: 63
Registered: ‎12-10-2010

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

I will try and address a couple of questions from experiences and questions other customers have had.

 

  1. Yes, an extension was granted today by a federal judge which extends the server cutoff date to July 9. For more information there is an article you can read here.
  2. If you are receiving the notifications from Comcast that states you have the DNS Changer Malware it is because Comcast has received information from the ISC that lists your IP address as connecting the the malicious DNS servers. Comcast is letting you know that your IP is connecting to those servers based on their reports. 
  3. If you have guests that log in to your router with their laptop, or a neighbor who is using your wireless access, and they are the ones that are affected, then it will look the same to the ISC or Comcast. 
  4. All computers and routers should be checked. Both Windows and Mac machines can be affected. Routers are also frequently compromised.
  5. Customers have gotten GREEN results at dns-ok.us on their Mac and then cleared their Cache and Cookies and come up RED. According to the DNS Changer Working Group (DCWG) Red is always an accurate sign of infection, but there are situations where Green may be incorrect. For the most accurate reading you should bypass the router when using the dns-ok.us webpage for diagnosis.
  6. While Comcast does give you a link to Symantec's Norton Power Eraser for PC, you are under no obligation to use it. If you can find another tool that you would prefer to use, please do. There are only a few tools out there that I am aware of that actually catch DNS Changer and not all of them catch all variants. As for the Mac, there are only two tools that have heard of that supposedly will catch the malware. 
  7. Just because your malware scan came up clean does not mean that the DNS settings of that machine, or the router are unchanged.
  8. You are under no obligation to pay for any service to remove the malware or scan your machine whether it is a service provided by Comcast or local to you. Comcast does make available a service to assist customers who cannot or would rather not do it themselves, however, Comcast has also put the steps to do it yourself together to assist those who wish to do so, and while they are accurate, there are many conditions and variations to home computers and technolgical level of the user that may not make those instructions the best choice in their particular circumstance.
  9. The DNS Changer EyeChart RED page (which is a non-Comcast page) states the following in regard to removing the malware: It is extremely difficult to remove this particular malware from your system.  The only 100% effective method to remove the trojan is to completely reformat your hard disk.  If you are not familiar with how to do this, we strongly suggest that you seek out the assistance of a qualified PC support service,If you do not remediate this infection, you may be unable to access the Internet after March 8, 2012. If they are recommending that the only way to completely remove it is to format, then it might be safe to assume that no one program will fix every issue on every computer.
  10. The ONLY Comcast page you should be going to in relation to this particular issue ishttp://xfinity.com/dnsbot which will translate to http://xfinity.comcast.net/constantguard/botassistance/dnsbot. If you do not see DNSBOT in the address bar, then you are on the main Constant Guard Bot Assistance page and the instructions will be different and incorrect.
  11. This is not a Comcast issue. Over 4 Million computers were affected globally and Comcast is attempting to assist it's customers in making sure that they can continue to use the internet on whatever date the FBI and the ISC take the malicious Rove Gang DNS Servers offline.
  12. There are two types of browser warnings currently. One you can close by clicking the link, and one that requires a call to a dedicated line for this issue. 
  13. When talking to Comcast Customer Security Assurance reps, they can only go by what you tell them. If you tell them you have taken every step possible, scanned/removed the malware, manually checked the DNS on each and every one of your machines, factory reset the router, secured it with a new admin password and WPA2 encryption and new strong passphrase, tested each machine with dns-ok.us bypassing the router and connecting directly to the modem, and every machine is green in the eyechart, they have to take you at their word that you have done everything, but still inform you that the ISC continues to report that your IP address is hitting the rogue DNS servers and that is the reason you got the notification. 

I can understand the frustration of these notices, but please realize that this is not an issue that Comcast created, and unlike many other ISPs Comcast is working to aid our customers in making sure that their computers are clean and settings are correct so that when the FBI does shut down those servers, Comcast's customers will be online and using the internet and have decreased vulnerability of it's user's computers for future compromise due to the Rove/Alureon/TDSS botnet.

 

Contributor
Posts: 11
Registered: ‎10-27-2006

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Thank you for the detailed response. It helps...a little. A couple more questions and comments:

 

How do you check the DNS settings on the router? The comcast instructions (that I found) did not say anything to help with checking your DNS settings. I got this info from the FBI site, but it did not explain the router part clearly. We have a wireless router that we got from Comcast. I do have a password on it that I changed when we got it so doubtful that the neighbors are using it. 

 

From what I have read, the DNS-ok.us web page is completely useless because we are going to get green no matter what at this point because this site will only tell you if your being sent to the wrong sites. Since our ISP (Comcast) is redirecting traffic if our DNS settings are bad it will not return the wrong IP address and will not give you red. 

 

I decided to try the Norton Power Eraser after all...and it was useless as well. I did a bit more research and decided to next try the free malware detection tool on Malware Bytes website. It's not even done scanning yet and it has already detected 33 affected objects. Yay! Finally some progress.

 

I know about the clean scan vs. changed DNS settings. I checked and corrected the DNS settings first and then started running the scans. The scans have not found anything on any of the computers. Changed DNS settings or not. Why do the directions have you run the scan first and then check the DNS settings?

 

We get what you are saying about paying for the services to clean up the computer. The problem is, if all of the scans say we are clean, we really do not want to pay $100 or more to have someone else tell us the same thing. How do we know we are infected other than just what comcast tells us. If we fix the DNS settings and the "bad guys" have been caught, isn't there any way we can just "lock" the DNS settings from changing again?

 

Why in the HECK (not the word I wanted to use) does Comcast have two completely different sets of directions that both look exactly the same to the layperson if they do not intend to confuse the crud (not the word I wanted to use) out of us?!  Especially when the link on the alert takes you to the Main Constant Guard Bot Assistance page and not to the page that you are saying we should be using?

 

Why are there two different types of browser warnings and why would Comcast think that I would trust the phone number in the warning (or any of the links for that matter) when the issue is supposedly that websites are redirecting you to corrupt IP addresses? It's taken me this long to even trust that this is a real issue. I was very skeptical until I received the letter in the mail. Why didn't they just do that in the first place it it was this big of a deal? And how come I don't remember hearing more about this on the news if it is this big of a deal?

 

Instead of the instructions provided in the do-it-yourself page on the website, why didn't they give the steps you outlined in #13 (only with more specifics as to how to do each step)? 

 

So many questions still about how this has been handled, by Comcast, by FBI, by the media, by anyone involved. I'm sure glad I am off work right now so that I have the many hours to spend that I have so far. It should not be this difficult.

Gold Problem Solver
BruceW
Posts: 6,901
Registered: ‎12-03-2007

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)


lifelearner wrote: ... We have a wireless router that we got from Comcast.  ...  and why would Comcast think that I would trust the phone number in the warning ...

These two points are bothering me a great deal as well. IMHO,

 

  • For the DNS Changer mess, Comcast should web have pages for each of the routers and/or gateways it issues containing instructions for checking the device's DNS settings and correcting them if necessary. The cost to Comcast would be trivial and the benefit to customers would be enormous.
  • Any phone numbers that appear in Comcast emails and/or web page injections should also appear on a standard Comcast web page so they can be verified as trustworthy. It's shocking that Comcast asks customers to call a phone number without giving them any way of determining that the number is genuine.
Recognized Contributor
AGhelp
Posts: 97
Registered: ‎02-28-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

[ Edited ]

I have to fully and completely agree with everthing both of you've said. Same experience and I'm sorry but I already pay alot for service.

 

I am grateful. However, reading this "overview" makes me question another issue.

 

NOTHING SAID YOU SHOULD HARDWIRE INTO MODEM AND RECHECK FOR A RED SCREEN!

 

I only found the bot through the amibotted one through comcast. Listed more then what seemed to have cleaned up using the eraser. Was double checked by Nortons (FREE IN 20 MINUTES, NO SALES PITCH)!

 

Should we double check through hardwire with the amibotted?

 

I actually was relieved yesterday, thinking I was in the clear since my computers could all get online. Now, I hear an extention was given and now I can't verify if it's fixed.

 

IT WOULD HELP IF COMCAST SENDS OUT A WRITTEN NOTICE CLOSE TO THE DEADLINE VERIFYING THAT ALL PREVIOUS COMPUTERS SHOWING BOT LIKE ACTIVITY HAVE NOT SHOWN ANY NEW ACTIVITY!

 

An e-mail might work, but many are suspicious of the recent phishing attempts that look like REAL emails. I had not opened comcast e-mail after a phishing attempt a week before the Bot avtivity showed up on our network. The time stamp that showed up first- I had NO SERVICE and IT WAS KNOWN ISSUE IN OUR SERVICE AREA THAT APPEARED TO BE AFFECTING OUR SERVICE.

 

Had contacted comcast several times to restore service, AREA problems. If I had no internet how did it go through our network/isp?

 

We want to work with you as costumers, we want to fix it, the amount of MISINFORMATION I recieved was beyond ANYONE'S PATIENCE level

 

If you make CUSTOMERS KNOWLEDGABLE OF THE SITUATION PRIOR TO A PROBLEM, reps knowledgable (they had no idea what I was talking about when I wanted to determine if the letter was legit after the email phishing scam), make sure customers can easily verify that it's legit, and HELP- you will keep customers.

 

As far as the extention:

 

It's a mater of spending about 50 cents on customer service to send us a simple letter to help ease customers mind's about whether they successfully got rid of the bot. I feel it's worth it to keep my $200 a month service!

 

 

I thought it was phishing too. NOT A PHONE NUMBER I"VE EVER SEEN FOR COMCAST!

 

On top of that, when I finally got ahold of a "legit" number from comcast reps for the Assurance Team to verify if it was a legit problem I was told:

 

"the do it yourself method in the letter is the same thing, we perform the the steps, only difference is it's at your convenience." Still a charge basically, you order online instead of on the phone.

 

Now: we have to have a credit card, cannot bill your account, and we want to remotely take over your computer.

 

ISN"T THIS WHAT WE ARE TRYING TO AVOID- GIVING OUT OUR INFORMATION!

 

I honestly thought it was a scam. I've suggested this type of information should be up on the comcast homepage DAILY. Especially the ALERTS and THREATS.

 

I would rather see that then some of the useless information that scrools through the top of the page.

 

 

RANT done for the day HOPEFULLY

 

Do we need to hardwire to verify it's gone through amibotted?

 

This was NOT put anyplace else. I was told to go through all the steps. and recheck the system. A moderator verified nothing had been seen since a specific date: which by the way was not the date that appeared on last seen activity page of amibotted report. Nortons rechecked the computer that found something to "erase" through the Norton's eraser. Nortons eraser didn't find anything on other machines but did all steps anyways.

 

Should we re-check them, keep using the eraser tool to double check, and do a hardwire check?

 

EDIT: After everything I forgot I did do a hardwire check and wireless check. Should we be re-checking only with hardwiring computers was a more accurate question

Contributor
Posts: 11
Registered: ‎10-27-2006

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

I continued with the scan through Malware Bytes Anti-Malware last night and this morning there was no report despite last night it saying that it had already detected 33 items. My husband might have closed it inadvertently this morning, so I decided to run it again and it has already detected the 33 items again. I also got an update alert this am on the affected computer for a couple of Apple programs (husband has an i-phone). I downloaded and installed those, no problems with this process. I just noticed that I am not getting the DNS Changer alerts anymore. Don't know if I got the problem resolved somehow or if Comcast just stopped sending the alerts for the time being. I guess we'll see. This is a very frustrating issue and I know the tech people at Comcast are probably just as frustrated, but it just seems that there needs to be better communication within the company so that there is one "path" to the cure. I know that every computer is different, but would it be so difficult to develop a "flow chart" type page that one (whether customer or customer service rep) would access and follow the questions to the solution? Something like: if this, then this (link included to program suggested); result was this, then do this (next link included) etc. Tech people seem to forget that most of the words they are using are not English. I used to feel fairly comfortable working with my own computers, but it has gotten where I hardly even understand the warnings, the explanations, or the descriptions. I highly dislike this feeling.
 

Recognized Contributor
AGhelp
Posts: 97
Registered: ‎02-28-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Although I never specifically asked about iphones, the basically told me android, smartphones, tablets, and devices could not be affected. Think they said OEM systems but not sure. Just router and computers themselves.

 

I don't think they will quite sending notices. Date was extended by a judge to July I think. The problem is, with the date extended those that have tried to fix it really don't know for sure if it fixed. I would keep checking every so often on amibotted to see if you have a report showing up, just in case.

 

Yes, bad communication, not enough knowledge sources, and difficult to sort through. About ready to go to the free library :smileyhappy:

Contributor
Posts: 11
Registered: ‎10-27-2006

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

AGhelp, just fyi, I wasn't trying to imply that the problem was with the iphone, I was just meant to explain why I was downloading Apple programs on a Windows computer. I was also just thinking that because I got the notice that there were new apple components available (and I hadn't got this message before) and I didn't have any problems downloading and installing them (like I have with the Windows security updates) that maybe my issues were resolved, or at least improved. I don't think the phones are affected unless maybe you are using your wireless modem at home to access your webcontent on the phone. My nephew was getting the alert on his phone for a bit (Android OS). They aren't supposed to be sending the notice if you are no longer infected, I don't think. I agree about the court's extension. It is nice that I could still access my internet yesterday, but also a little annoying to know that the problem may have just been extended another 4 months. Something I read said that only the affected computers will not be able to access the net after the "shut off." I do not know if that is still the case for a home like ours with 4 computers, 3 wireless and 1 hardwired. The hardwired is the affected computer. And will that still be the case if I have corrected the DNS settings (still not sure how to check settings on the router), but not located the malware? Anybody from Comcast that can answer this question?

Recognized Contributor
AGhelp
Posts: 97
Registered: ‎02-28-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Thanks for letting us know about the alert on the Android OS. I was assurred they could not be affected. Haven't turned on tablet yet or connected phone because was afraid it could go through. Curious if it really can hit them now.

 

I'm glad they waited too, it was just funny when I said "all comuters running" comcast acted like a must be fine in their response. They neglected to mention everyone was up and running because of the extention. Now it's a wait and hope we fixed it.

 

Many people, like me, got a last minute notice. I misunderstood the post you had left.

 

If anyone else has had alerts for android systems or know if their's a removal type program or way to check them, please pass along.

 

I was told they couldn't be affected by comcast moderator. Along with extra devices like printers, xbox, ps3 and tablets.

 

Comcast moderators will sometimes let you know if they've seen any recent activity or provide the last activity for you on the forum. For the most part, they are trying. Had better help here then anywhere.

 

I di wish they had a way for us to be notified of no longer seeing activity, say after a month or a couple weeks before the next deadline date. It would be greatly appreciated by customers

Contributor
Posts: 11
Registered: ‎10-27-2006

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Just to be clear, we don't know if the Android OS was "affected" or not. He was just getting the alert when on a website when connected through the household wireless router. Since he was using the same acces point (not sure if this is the technically correct term) he would get the same notice as all the other computers connected to the net through that router would...that "one or more of your computers is infected" etc. From what I understand, all of the computers connected to a single router share an IP address and Comcast only becomes aware of the problem when one (or more) of those return an incorrect DNS number back through the router. The alert goes back out to all units on that router. So just because my nephew got the alert, doesn't mean that his phone was affected.

 

That brings up another question though. I wonder if one of the infected computers can still infect the others on a single household's network. I believe that the risk to outside computers has been alleviated (at least until they turn off the alternate whatevers in July), but I don't know if that applies to other units on the same side of the router. Anyone know? Since I know that one of my computers is affected (and the others appear to be fine), do I need to keep checking the others until the malware is isolated on the affected unit?

 

I'm thinking that there could have been a couple of issues at play with regards to Comcast's response to your "all computers running" comment. 1) maybe they were confused as I was because I thought that someone had said something about their computer not connecting to the internet and you were implying that now it was connecting okay, not thinking about the shut of date (although that may have been a different thread) or maybe 2) Comcast hadn't even heard yet that there was an extension to the deadline (you know, that communication thing?)

 

Well, good luck to you. I am still running the Malware Bytes scan and it has now found 35 items. Been going for over 5 hours now. Still need to find out how to check the router's DNS settings. Or is it the modem? No I think it's the router. Ugh!

Contributor
Posts: 11
Registered: ‎10-27-2006

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Well, finally completed the full scan of the affected computer with Malwarebytes Anti-Malware version 1.60.1.1000 (free to download and rated outstanding on C/Net). Full scan took over 5 hours. Total of 59 objects found including at least 7 trojans and many adware (all missed by Norton Power Eraser and others recommended by Comcast). I saw DNS Changer listed in the file names on two of the trojans. So, I am hoping I got the bas----. Unfortunately, I still can't delete some programs, I am still getting a dll error on startup, and I still can't install this Windows security update. Not sure if these are just permanent issues now due to the long infection? It is an old computer, so not a huge loss if can't be repaired, but still frustrates me. I don't like problems I can't solve : ( 

Recognized Contributor
AGhelp
Posts: 97
Registered: ‎02-28-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

That's one reason i was afraid to scrub too much,

lost a computer once. Couldn't even reboot from disk. It was nasty.

 

Basically, they said only the infected computer wouldn't connect. I had all up so thought it was fine....saying thankfully all day. A moderator said "That's Great" so thought it was cleared.

 

This morning found out they never took them off line so if infected you were still on. Okay, but still wish I knew for sure.

 

I did find some info on malware on android is rising. Nothing on this particular bot. I do run one of the upper 90% success rated virus protection against malware and anti-virus so I guess it's all I can do.

 

I will probably add 1 every couple of days to network and see if I get a notice.

 

As for router, you configure it with your own password (and name). Some say to factory setting but if your like me, I had not changed it. resetting it would simply be the same as not doing it if I understood correctly.

 

I had to go to manufacturers website and see how to change it cause I have older model. Looked for "How to change password and configuration" in F and Qs

 

 Also changed encryption and passkey. Added all computers back to newly set up network and configuration.

 

Hopefully it worked but will be rechecking every couple of days to make sure. I am worried that it may lie dormant.

 

Thanks for the other scan you tried. I may look into it since it found more. Eraser had only removed 1 when I showed reports for 6 so I'm skeptical.

 

Let us know if you think the other tool you used was worthwhile or if you believe it's what caused the additional problems you're having.

 

Thanks for sharing info

Contributor
Posts: 11
Registered: ‎10-27-2006

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

I would definitely recommend the Malwarebytes tool. It is free, highly rated, and found a bunch of stuff nothing else did. It did not cause the other issues. The other issues have been there since the beginning and...I solved them!!!!! I googled the error message I was getting when I was trying to delete the bad copy of Adobe reader and got great instructions from Adobe on how to "reset my registry permissions". I feel like a pro now : ) I was finally able to delete the bad program. Still not able to download the Adobe Reader 10, but they state on the website that there has been problems like that and they are working on it. After I was able to delete the bad Adobe program, which probably allowed the DNS Changer in in the first place from what I read, I was finally able to download the Microsoft security update that was supposed to have helped prevent this problem, but apparently came along to late. There are still a few random old programs that won't seem to leave my list of programs despite going through the uninstall process. At one point I got a message that said my Recycle Bin was corrupted. I guess I'll research that next. I haven't restarted yet to see if the dll error still comes up. Keep your fingers crossed!

New Visitor
jen2012
Posts: 2
Registered: ‎03-02-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Thanks for the help and advice. It is much appreciated.

 

Update for my situation:

I spoke to the Comcast Security Assurance team (was able to get through to them around 1:00 a.m.), and it turns out that I have not had any Alureon problems since January 29th. As recently as one week ago, I received a letter stating that my internet would be shut down on March 6th if I did not take care of the problem. Apparently, I took care of the problem in the first go-round of diagnostics/virus checks, but Comcast did not recognize that.

 

I encourage those getting "Bot" messages to call and ask about your current "Bot" activity as seen by a Comcast Security Assurance team member in order to be sure you need to continue these crazy repairs!! It may be unnecessary.

 

In case it helps others, I was told to call the number for Security Assurance (888-565-4329) and then choose options 3 and 7. That got me to a person right away, though I'm not sure if it was just because it was 1:00 a.m.

 

Jennifer

Recognized Contributor
AGhelp
Posts: 97
Registered: ‎02-28-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Tahnks for the update. The last time I knew, activity was not on mine since18th. Which I wasn't even in town. However, it would be helpful if they could send out another letter a few weeks before the deadline, reassurring that no new activity was reported or provide the last day of activity. The date they gave me didn't match the date it gave on amibotted. When I asked why only one date showed up they said it was the only day they found activity. However, it wasn't the day comcast gave me or told me it occurred in the e-mail.

 

I am wondering, will they still be notifying costumers of activity if the deadline was extended?

 

I wasn't specifically thinking of Adobe, but I was wondering if automatic updates allowed it through. It's the only thing I could think might of been able to get through when internet was down.

Recognized Contributor
AGhelp
Posts: 97
Registered: ‎02-28-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Comcat updated me with some additional information I thought I would pass along:

 

It appears that if the DNS Changer bot is no longer showing activity, costumers should be in the clear. The bot was neutralized in December, comcast had stepped up notifications to alert people they were infected so the time stamp shown is most likely not when infected or the first time your network system had bot activity, it was when comcast stepped up notifications so people can could fix the problem.

 

I am aware others were notified earlier then I had been., If our computers were infected for up to 2 months before notification, I really do wish they would have done the notification process quicker.

 

I'm still happy they informed us but the computer was most likely infected for at least 2 months or longer.

 

Luckily it was not my main one but everyone should be aware the dates you recieved notice may not be the accurate date of how long you were infected.

 

Will re-post this information under the DNS changer thread so others are aware to.

Official Employee
ComcastJordan
Posts: 780
Registered: ‎03-17-2008

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Posting my same response from another forum since this thread spreads wide :smileyhappy:

 

AGhelp,

I need to clarify your statement a bit.

You are correct that the bot has been rendered ineffective for it's original, nefarious purposes.  However, the fallout from the bot is that infected computers and networking devices will have incorrect DNS settings.  As a result, once the federal deadline (now July 9th) passes, any machines that have not fixed their settings will no longer be able to access the internet.

This is NOT due to any action by Comcast.  Once your DNS settings are fixed on your computer or networking device you will restore your ability to access the internet.

 

Essentially  your computer has the wrong settings to look up how to address anything on the internet.  Removing the bot (or the bot being taken down) doesn't fix the fact that the settings, which are stored on each person's computer, are incorrect.

 

Hopefully that makes sense.

Recognized Contributor
AGhelp
Posts: 97
Registered: ‎02-28-2012

Re: Constant Guard Alert - Alureon Malware Detected (but nothing ever found)

Onlt trying to say

 

If still getting notices, then your system or dns settings probably not fixed. If not, probably in the clear. Posted in both since many people may only look at one or the other thread.

 

I was thinking we needed to continually keep checking for reinfestation of the bot. Just glad that's not necessary but more awareness is important