US Cable Support > Comcast HSI > Constant Guard Security Alert?

Constant Guard Security Alert?

do you have more than one computer? could another be infected with something?

reply to Paul928
Yes my daughter has a computer...... I'll try doing a scan on that one later when I get home.....so what you are saying is this email is legitimate?

reply to Paul928
Go to »amibotted.comcast.net/ to verify your bot status.
--
JL
Comcast

When I get home, I'll run that on both computers......thanks for the info.

reply to jlivingood
The I am botted URL only looks at activity from your modem's IP so it most likely will not be able to tell you which computer connected to your router may have a bot.

That said I've been looking into the BOT report from my modem/systems and I have done quite a bit of testing and in one case even rebuilding from the Computer Makers Mfg. Distribution Disks. It's my feeling at this point that the new version of am i botted may be triggering unnecessary alerts. I have posted a request into the Comcast Help and Support Forums asking for information on what in particular they are seeing that is producing the alert (in my case the alert is for the Adware_generic bot) which generally has been easy to find using Norton, MSRT or other tools.
They have agreed that the new version has had some problems in showing the time at which the bot was last seen and they did change the retention time for the alert to 24hrs from seven days that was the case in the previous version.

reply to jlivingood
According to that link, I am indeed infected with the ad aware virus or something like that.....going to run another virus scan with Security Essentials, and also malware bytes, and see what is detected.....I've also heard that Superantispyware is a good scanner, so maybe I'll scan with that as well.

If you need help with getting rid of the nasty, you could try posting in the Security Clean Up forum.

»Security Cleanup

reply to Paul928
I occasionally get those alerts. To date my network is clean. I disregard them anymore.

Although, I'm running yet another scan in the background, It's my feeling that if these alerts are bogus we need to push on Comcast to clean up their detection methods/tools.

Otherwise the "Boy who cried Wolf" will be the case for me also.

reply to Paul928
Ran Security Essentials, Malwarebytes, came up clean on all of those on both computers....Now running Windows Malicious Software Tool...If that comes up with nothing, I have no idea of what to do next!

Check the addressee for the email you received and the email headers. I occasionally get those, but they are not actually from a Comcast domain.

When I do, I give the header info to ComcastSteve and he reports them.
--
Join Team Helix * I am praying for these friends .

reply to Paul928
If you find nothing, do nothing more. What I always find curious about these warnings is how the emails always lead you to download Constant Guard. Hmmmm.........!

reply to sortofageek
In my case and I think the person above, in addition to the email, Comcast's website, »amibotted.comcast.net is also saying I/we have the BOT, but I've been through the same and more set of scanners Paul928 is trying and also came up clean.

I'm starting to think that these are false positives from their recently revised website. In the Comcast direct forum I've asked for the information as to what triggers the alert, in particular I would like to know what IP they show my modem accessing that they consider to be a BOT domain. If they can provide me with the address or dns name I can check the site. Personally I think with the IPV4 and IPV6 work going I would not be terribly surprised that addresses are being re-used and that what was considered a 'safe site' might have become unsafe or what was an unsafe address may have become a 'safe site' now days.

Just my $.02

reply to sortofageek

Well after doing all those scans most of the evening, I still come up with nothing found! I'm starting to believe as many here that this may be a false positive of some sort....From the little research that I've done on this subject, I guess this has been going on for a while, and people seem to come up with the same results as I have.... Just wondering when or If Xfinity is going to fix this, and stop scaring the crap out of it's customers!

Not all malware infections are detected using free or commercial tools - this is not like anti-virus. Something to keep an eye on.

We're developing some new tools & capabilities in 2013 that will take this to the next level, since IPv4 NAT currently is a limiting technical factor for us.
--
JL
Comcast

I can understand that the IPv6 transition is preventing the rollout of new tools and capabilities, but like Paul628 mention I think the current state of scaring the heck out of your customers with inaccurate and incomplete reports is a disservice to your customers. Not to mention the hours/$ your customers are spending working on something that can't be found.

As I mentioned in the Comcast Direct Forum please provide the details about what triggers the bot alert and then I and others can work backward from our Router(s) to search for the problem.

Also I know that these bot alerts have been around since 2010 and I have been a comcast/aldephia customer for over 25 years, but my issues with getting them only started when the new version was put in last week, so please also review what changed last week that might be causing more false alerts than were created in the past.

Thank You.

reply to Paul928
Do you have a wireless router either with no password or a very weak one? Someone piggyback on your network! Does your neighbor have your password? Has your daughter given it to a friend? Check your router logs, see how many connected devices you see, verify mac addresses.

Yes, I have a wireless router using a long WPA2 character key using all types of characters, in addition I use software such as insidder, so I know what other wifi networks are in the area, and I review my routers reports to see if there is any access from computers other than ours.