Roadrunner Complaint

Page 1 of 2 12 LastLast

  1. Posts : 186
    Win 7 Premium 64 Bit
       #1

    Roadrunner Complaint


    I got this e-mail from my service provider. Is this lagit? I have three computers in my home. Using a router. I check them all everyweek or so for spyware, malware, etc. Using Malwarebytes, spybot, super anti spyware,running virus scans, keeping them clean. How can I find out, or know for sure if one of them is in fact infected? Is there a program I can use to test one of my PC'S? Thanks for the help.


    Road Runner has received complaints (with data) showing that a computer connected to
    the cable modem assigned to your Road Runner account has been used to send mass
    quantities of SPAM or UCE (unsolicited commercial email).

    After reviewing the complaint data, it appears that your PC may be infected with malicious
    software and is being hijacked and used as a "zombie" mail relay (or as part of a "botnet").
    A botnet is a network of zombie computers that are infected with code that allows an unauthorized user
    to control them via the Internet. These computers can be used to spread spam, launch denial-of-service
    attacks against web sites, and conduct fraudulent activities.


    The following news link provides addtional information:


    http://www.rrsecurity-abuse.com/index.php


    NOTE: If you are experiencing problems with the links provided in this message, try copying
    and pasting them into the address bar of your browser window.


    If you're sure no one has used your computer to send SPAM, then your PC is probably infected
    with malware and is actively being exploited.

    Please note that these messages are most often NOT being sent from your email address or
    email application, but rather from a piece of malicious software running on your PC. You many have
    also noticed your PC running slowly or acting strangely due to this activity. Here's a Link that might be helpful.

    http://vil.nai.com/vil/averttools.aspx

    Due to the difficulty in locating and identifying these malware components, we recommend that you
    reinstall your operating system or have your computer professionally serviced as most antivirus programs
    rarely detect these types of problems.



    Because this activity does put our network at risk, as well as the service of our other customers, we do ask that you
    reply to this email indicating action has been taken to resolve this issue. Additional complaints of this type may result
    in the temporary interruption (without prior notice) of your service until the PC has been secured.

    Thank you in advance for your cooperation in helping stop the spread of this problem.

    Sincerely,

    TW Wisconsin Road Runner Abuse Team
      My Computer


  2. Posts : 28,845
    Win 8 Release candidate 8400
       #2

    bonkers72 said:
    I got this e-mail from my service provider. Is this lagit? I have three computers in my home. Using a router. I check them all everyweek or so for spyware, malware, etc. Using Malwarebytes, spybot, super anti spyware,running virus scans, keeping them clean. How can I find out, or know for sure if one of them is in fact infected? Is there a program I can use to test one of my PC'S? Thanks for the help.


    Road Runner has received complaints (with data) showing that a computer connected to
    the cable modem assigned to your Road Runner account has been used to send mass
    quantities of SPAM or UCE (unsolicited commercial email).

    After reviewing the complaint data, it appears that your PC may be infected with malicious
    software and is being hijacked and used as a "zombie" mail relay (or as part of a "botnet").
    A botnet is a network of zombie computers that are infected with code that allows an unauthorized user
    to control them via the Internet. These computers can be used to spread spam, launch denial-of-service
    attacks against web sites, and conduct fraudulent activities.


    The following news link provides addtional information:


    http://www.rrsecurity-abuse.com/index.php


    NOTE: If you are experiencing problems with the links provided in this message, try copying
    and pasting them into the address bar of your browser window.


    If you're sure no one has used your computer to send SPAM, then your PC is probably infected
    with malware and is actively being exploited.

    Please note that these messages are most often NOT being sent from your email address or
    email application, but rather from a piece of malicious software running on your PC. You many have
    also noticed your PC running slowly or acting strangely due to this activity. Here's a Link that might be helpful.

    http://vil.nai.com/vil/averttools.aspx

    Due to the difficulty in locating and identifying these malware components, we recommend that you
    reinstall your operating system or have your computer professionally serviced as most antivirus programs
    rarely detect these types of problems.


    Because this activity does put our network at risk, as well as the service of our other customers, we do ask that you
    reply to this email indicating action has been taken to resolve this issue. Additional complaints of this type may result
    in the temporary interruption (without prior notice) of your service until the PC has been secured.

    Thank you in advance for your cooperation in helping stop the spread of this problem.

    Sincerely,

    TW Wisconsin Road Runner Abuse Team

    TBH, It does sound legit. Botnets are notoriously difficult to find even with current AV defs, and knowledge. It is often the best course of action to format and re-install.

    Ken
      My Computer


  3. Posts : 6,879
    Win 7 Ultimate x64
       #3

    Give them a call. If it is legit they'll tell you one way or the other.

    Also if it is legit and you don't get it fixed, the next time they contact you will probably be to tell you that you have been disconnected until such a time as it is fixed.

    How can I find out, or know for sure if one of them is in fact infected?
    From the looks of it you have pretty much covered the basics and now time for some expert help. If you don't have it grab Hijackthis,

    HijackThis - Trend Micro USA

    and post the logs at any of the forums listed on the left.

    Also if you haven't yet, check your router logs and see which of the computers is generating an unusual amount of traffic.
      My Computer


  4. Posts : 189
    Windows 7 Ultimate 64bit
       #4

    well it could be legit or it could be totally bs.

    i had a issue my isp were they banned my internet and they said i had a virus which i did not.

    how they determine these things is by port scanning, which is a very old method and its not accurate and u get many false positive results. they usually monitor the ports and when certain ports open they deam that as a virus or a hacker when lots of cases it could be from certain software or home networking devices. an example would be there are programs for the iphone which let u use the screen as a touchpad mouse on the pc. the software opens specific ports to connect to your network. the isp may look at this and think u are being hacked or a virus is doing it. when they port scan they send packets threw to see wats going on and if the port is in use by a legit use they will get a packet loss and think its something bad.

    but again this method could be right, the isp will always claim they are 100% right when even if there not so the best option is to just reformat your pc.
      My Computer


  5. Posts : 214
    Windows 7 64x
       #5

    I have to issue these all the time for the ISP I work for.
      My Computer


  6. Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       #6

    Hi, bonkers72.

    A search on the URL in the e-mail you received does show that it belongs to Time Warner and a DNS check of the domain name shows it as belonging to Time Warner Cable (Tools).

    Although it may be possible to clean your computer (HijackThis will not be of much help in this case) it is most likely that you have one or more backdoor trojans on the computer. In which case, I agree with Ken that your best option is a format/reinstall of the operating system.

    If you do banking or other secure operations on the infected computer, I suggest you go to a clean computer and change your passwords. Also change the password for your e-mail account.
      My Computer


  7. Posts : 186
    Win 7 Premium 64 Bit
    Thread Starter
       #7

    Well.......it looks like I found the infected pc. My sons WAS the culprit. I had replies to this thread before I could cancel it. Thanks for all the responses. It had a trojan and some other malware on it. Looks like I need to follow up daily on his PC. Malwarebytes removed some trojans, superantispyware removed some as well and Housecall virus scan removed a hard one as well. Re-scaned the whole system and everything seems clean...except 1 TROJAN.ROOTKIT/GEN.PROCESS Anyway I can get rid of this? Don't want to reinstall!! Thanks. Oh....and I just thought of something...his O.S. is XP Home. Sorry for posting it here.
      My Computer


  8. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #8

    I'm glad you found the offending computer. I hope you got it all.
      My Computer


  9. Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       #9

    bonkers72 said:
    Re-scaned the whole system and everything seems clean...except 1 TROJAN.ROOTKIT/GEN.PROCESS Anyway I can get rid of this? Don't want to reinstall!! Thanks. Oh....and I just thought of something...his O.S. is XP Home. Sorry for posting it here.
    A rootkit is not trivial. Let's see if we can see what is happening.

    Download DDS and save it to your desktop from here.

    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      • DDS.txt
      • Attach.txt

    • Save both reports to your desktop.


    -----------------------------------------------------

    Please include the following logs in your thread:

    • Contents of the DDS.txt posted as text in your reply
    • Post a copy of the Attach.txt to your post as well. It may be necessary to create a second reply if the Attach.txt is lengthy.
      My Computer


  10. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #10

    http://www.rootkiton...om/rootkit.html


    Definition
    Rootkit can be defined as a group of utilities that hackers can manipulate to keep access into a computer system once they have hacked into it. It gives them admission rights to find out usernames and passwords, allow strike against remote systems, remain hidden by erasing history from the system logs, and overabundance of various surreptitious tools.

    Root Kit, RAT, Remote Access Trojan

    Rootkit is a combination of two words, “root” and “kit”. Root means supreme or omnipotent, “Administrator” of the Linux and Unix operating systems. Kit means a group of programs or utilities providing access to a user to retain a constant root-level contact to a terminal. A presence of rootkit should remain untraceable
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:00.
Find Us