Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Roadrunner Complaint

17 May 2010   #1
bonkers72

Win 7 Premium 64 Bit
 
 
Roadrunner Complaint

I got this e-mail from my service provider. Is this lagit? I have three computers in my home. Using a router. I check them all everyweek or so for spyware, malware, etc. Using Malwarebytes, spybot, super anti spyware,running virus scans, keeping them clean. How can I find out, or know for sure if one of them is in fact infected? Is there a program I can use to test one of my PC'S? Thanks for the help.


Road Runner has received complaints (with data) showing that a computer connected to
the cable modem assigned to your Road Runner account has been used to send mass
quantities of SPAM or UCE (unsolicited commercial email).

After reviewing the complaint data, it appears that your PC may be infected with malicious
software and is being hijacked and used as a "zombie" mail relay (or as part of a "botnet").
A botnet is a network of zombie computers that are infected with code that allows an unauthorized user
to control them via the Internet. These computers can be used to spread spam, launch denial-of-service
attacks against web sites, and conduct fraudulent activities.


The following news link provides addtional information:


http://www.rrsecurity-abuse.com/index.php


NOTE: If you are experiencing problems with the links provided in this message, try copying
and pasting them into the address bar of your browser window.


If you're sure no one has used your computer to send SPAM, then your PC is probably infected
with malware and is actively being exploited.

Please note that these messages are most often NOT being sent from your email address or
email application, but rather from a piece of malicious software running on your PC. You many have
also noticed your PC running slowly or acting strangely due to this activity. Here's a Link that might be helpful.

http://vil.nai.com/vil/averttools.aspx

Due to the difficulty in locating and identifying these malware components, we recommend that you
reinstall your operating system or have your computer professionally serviced as most antivirus programs
rarely detect these types of problems.



Because this activity does put our network at risk, as well as the service of our other customers, we do ask that you
reply to this email indicating action has been taken to resolve this issue. Additional complaints of this type may result
in the temporary interruption (without prior notice) of your service until the PC has been secured.

Thank you in advance for your cooperation in helping stop the spread of this problem.

Sincerely,

TW Wisconsin Road Runner Abuse Team



My System SpecsSystem Spec
.
17 May 2010   #2
zigzag3143

Win 8 Release candidate 8400
 
 

Quote   Quote: Originally Posted by bonkers72 View Post
I got this e-mail from my service provider. Is this lagit? I have three computers in my home. Using a router. I check them all everyweek or so for spyware, malware, etc. Using Malwarebytes, spybot, super anti spyware,running virus scans, keeping them clean. How can I find out, or know for sure if one of them is in fact infected? Is there a program I can use to test one of my PC'S? Thanks for the help.


Road Runner has received complaints (with data) showing that a computer connected to
the cable modem assigned to your Road Runner account has been used to send mass
quantities of SPAM or UCE (unsolicited commercial email).

After reviewing the complaint data, it appears that your PC may be infected with malicious
software and is being hijacked and used as a "zombie" mail relay (or as part of a "botnet").
A botnet is a network of zombie computers that are infected with code that allows an unauthorized user
to control them via the Internet. These computers can be used to spread spam, launch denial-of-service
attacks against web sites, and conduct fraudulent activities.


The following news link provides addtional information:


http://www.rrsecurity-abuse.com/index.php


NOTE: If you are experiencing problems with the links provided in this message, try copying
and pasting them into the address bar of your browser window.


If you're sure no one has used your computer to send SPAM, then your PC is probably infected
with malware and is actively being exploited.

Please note that these messages are most often NOT being sent from your email address or
email application, but rather from a piece of malicious software running on your PC. You many have
also noticed your PC running slowly or acting strangely due to this activity. Here's a Link that might be helpful.

http://vil.nai.com/vil/averttools.aspx

Due to the difficulty in locating and identifying these malware components, we recommend that you
reinstall your operating system or have your computer professionally serviced as most antivirus programs
rarely detect these types of problems.


Because this activity does put our network at risk, as well as the service of our other customers, we do ask that you
reply to this email indicating action has been taken to resolve this issue. Additional complaints of this type may result
in the temporary interruption (without prior notice) of your service until the PC has been secured.

Thank you in advance for your cooperation in helping stop the spread of this problem.

Sincerely,

TW Wisconsin Road Runner Abuse Team

TBH, It does sound legit. Botnets are notoriously difficult to find even with current AV defs, and knowledge. It is often the best course of action to format and re-install.

Ken
My System SpecsSystem Spec
17 May 2010   #3
stormy13
Microsoft MVP

Win 7 Ultimate x64
 
 

Give them a call. If it is legit they'll tell you one way or the other.

Also if it is legit and you don't get it fixed, the next time they contact you will probably be to tell you that you have been disconnected until such a time as it is fixed.

Quote:
How can I find out, or know for sure if one of them is in fact infected?
From the looks of it you have pretty much covered the basics and now time for some expert help. If you don't have it grab Hijackthis,

HijackThis - Trend Micro USA

and post the logs at any of the forums listed on the left.

Also if you haven't yet, check your router logs and see which of the computers is generating an unusual amount of traffic.
My System SpecsSystem Spec
.

17 May 2010   #4
Krispy1

Windows 7 Ultimate 64bit
 
 

well it could be legit or it could be totally bs.

i had a issue my isp were they banned my internet and they said i had a virus which i did not.

how they determine these things is by port scanning, which is a very old method and its not accurate and u get many false positive results. they usually monitor the ports and when certain ports open they deam that as a virus or a hacker when lots of cases it could be from certain software or home networking devices. an example would be there are programs for the iphone which let u use the screen as a touchpad mouse on the pc. the software opens specific ports to connect to your network. the isp may look at this and think u are being hacked or a virus is doing it. when they port scan they send packets threw to see wats going on and if the port is in use by a legit use they will get a packet loss and think its something bad.

but again this method could be right, the isp will always claim they are 100% right when even if there not so the best option is to just reformat your pc.
My System SpecsSystem Spec
17 May 2010   #5
antharr

Windows 7 64x
 
 

I have to issue these all the time for the ISP I work for.
My System SpecsSystem Spec
17 May 2010   #6
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Hi, bonkers72.

A search on the URL in the e-mail you received does show that it belongs to Time Warner and a DNS check of the domain name shows it as belonging to Time Warner Cable (Tools).

Although it may be possible to clean your computer (HijackThis will not be of much help in this case) it is most likely that you have one or more backdoor trojans on the computer. In which case, I agree with Ken that your best option is a format/reinstall of the operating system.

If you do banking or other secure operations on the infected computer, I suggest you go to a clean computer and change your passwords. Also change the password for your e-mail account.
My System SpecsSystem Spec
17 May 2010   #7
bonkers72

Win 7 Premium 64 Bit
 
 

Well.......it looks like I found the infected pc. My sons WAS the culprit. I had replies to this thread before I could cancel it. Thanks for all the responses. It had a trojan and some other malware on it. Looks like I need to follow up daily on his PC. Malwarebytes removed some trojans, superantispyware removed some as well and Housecall virus scan removed a hard one as well. Re-scaned the whole system and everything seems clean...except 1 TROJAN.ROOTKIT/GEN.PROCESS Anyway I can get rid of this? Don't want to reinstall!! Thanks. Oh....and I just thought of something...his O.S. is XP Home. Sorry for posting it here.
My System SpecsSystem Spec
17 May 2010   #8
CarlTR6

Windows 7 Ultimate 32 bit
 
 

I'm glad you found the offending computer. I hope you got it all.
My System SpecsSystem Spec
17 May 2010   #9
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by bonkers72 View Post
Re-scaned the whole system and everything seems clean...except 1 TROJAN.ROOTKIT/GEN.PROCESS Anyway I can get rid of this? Don't want to reinstall!! Thanks. Oh....and I just thought of something...his O.S. is XP Home. Sorry for posting it here.
A rootkit is not trivial. Let's see if we can see what is happening.

Download DDS and save it to your desktop from here.

Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

-----------------------------------------------------

Please include the following logs in your thread:
  • Contents of the DDS.txt posted as text in your reply
  • Post a copy of the Attach.txt to your post as well. It may be necessary to create a second reply if the Attach.txt is lengthy.
My System SpecsSystem Spec
18 May 2010   #10
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

http://www.rootkiton...om/rootkit.html


Quote:
Definition
Rootkit can be defined as a group of utilities that hackers can manipulate to keep access into a computer system once they have hacked into it. It gives them admission rights to find out usernames and passwords, allow strike against remote systems, remain hidden by erasing history from the system logs, and overabundance of various surreptitious tools.

Root Kit, RAT, Remote Access Trojan

Rootkit is a combination of two words, “root” and “kit”. Root means supreme or omnipotent, “Administrator” of the Linux and Unix operating systems. Kit means a group of programs or utilities providing access to a user to retain a constant root-level contact to a terminal. A presence of rootkit should remain untraceable
My System SpecsSystem Spec
Reply

 Roadrunner Complaint




Thread Tools




Similar help and support threads
Thread Forum
The Roadrunner is dead.
***If you care to read more*** First Petaflop Supercomputer, 'Roadrunner,' Decommissioned | News & Opinion | PCMag.com ***More information*** End of the road for Roadrunner
Chillout Room
Cable modem for use with Roadrunner??
I guess this is an old question but its been a couple of years. tw-Roadrunner rents cable modem for 3 bucks/month - What device can I buy that will do a good job of this so I don't pay rent forever, if any??? and does it make sense, in the final analysis?
Network & Sharing
Roadrunner Wideband DNS Issue
I've recently upgraded to Time Warner's Wideband internet, and when it works it is absolutely fantastic. The problem is, it doesn't like to work. Ever. I've already called Time Warner and they dispatched some guys to my house, and they fixed the problem for about a day. And then it started...
Network & Sharing
How to transfer a roadrunner address book to AOL
I am helping a friend to transfer from Roadrunner mail to AOL (on an XP system - LOL). I wonder whether anybody knows how to transfer her Roadrunner mail address book to AOL.
Browsers & Mail
EarthLink vs. AT&T vs. RoadRunner/TimeWarner
For those of you living in Southern California, who is your internet provider? I'll be in the market for a new ISP in a couple of days but am doing some research. My monthly price range = $40 no more than $50. I'm currently looking at EarthLink Cable, AT&T DSL, and TimeWarner/RoadRunner Cable.
Chillout Room


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 14:21.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App