IP Address Issue

Del's advise is good but, don't do a "reply" to an email from them. You might get confirmation from the bad guys. Call a known good phone number or use a known good email address for the ISP to do the confirmation.

There's no question that the email is from the genuine ISP, they have quoted her correct ID to her.

It is easy to get her IP address, especially if her router is just a router- not a hardware firewall.

If she only has McAffee VIRUS protection, she should upgrade to a software pack that offers stronger protection- like Kaspersky Internet Security and she should contact a local computer hardware supplier/service group to have a hardware firewall router installed that will not let anything "in" that does not match a specific list of safe MAC addresses (the computers in her group).

THEN she should contact her ISP with copies of whatever material has been sent to her for them to follow up on to try to bring the scammers to justice legally.

Good reply therefore GA!

Kaspersky is in my limited experience the best and has a rootkit cleaner built in.

The router cannot (as far as I am aware), have a virus or anything, unless you are using a PC as a router.

The router may not be properly set up and someone else is using it from outside the house. In some countries (here for example) this makes you liable for all illegal events (child pornography etc.) that your router is used for.....

A good router must have at least WPA2 security with PSK and the password should be as long as possible and not ever released to anyone......

WEP security is unacceptable today as it has been fully "hacked"....

The WLAN router should be "hidden" and not "open" to any spy software.....

There is usually a firewall (I call it a hardware firewall in this case) in the router, this needs to be activated.

The antivirus software should supply a software Firewall for each PC (Kaspersky does)....or another one needs to be installed and set up.

Kaspersky can be bought over ebay with say 3 or 5 licenses....not expensive. I paid around $20 for 3 licenses...

It does well in almost all magazine tests here in Germany.....usually within the first 3 places.....

It is not at all difficult for a scammer to capture the ID. CONFIRM BY TELEPHONE!!! If you are having no problems with the system to indicate infection, then this is a very suspicious e-mail. Do NOT rely on e-mail notification for something like this.

Hey, I got the exact same scam ! Asian accent, some blab about being micfosoft, telling me I had a virus. Said to him, "WTF makes you think I have a computer". Obviously they work on the basis that most people do, but you'ld have to be a bit barking mad not to suspect something wasn't right. Even managed to get this gut to passs me onto his supervisor (wanted to waste his call time) who, after a few seconds of abuse and threats from me, hurridly dumped the phone.

It is extremely unlikely that your router has a virus, although it is possible that a virus has changed your router settings. Try updating the firmware for the router.

If the router is not password protected by WEP or WPA it is possible someone else within range is using it (or they are infected).

It is more likely that one or more of her machines is infected with some sort of malware. Unfortunately rootkits can be very difficult to detect and get rid of.

In addition to the MS updates she should also try using Microsoft's Security Esssentials tools.

Relying only on McAfee to catch everything is not a good idea but fortunately there are plenty of free malware scanners out there : AVG, Clamwin, Malewarebytes, SuperAntispy and Spybot S&D come to mind off the top of my head. If it really is a rootkit you may need a more sophisticated tool like HijackThis to identify it.

WEP is outmoded as it has been fully hacked for some years now......

If an update cannot supply at least WPA2 security, throw the router away.....

Careful! One got me once that wanted me to give it a credit card # to buy some anti-virus software to get me out of the loop. Those people are sneaky.

This isn't much help re. her dispute with her ISP, but I had a rootkit infection on a machine a while ago. It was redirecting all my attempts to access internet sites to dodgy rip-off merchandise and porn sites. AVG couldn't find or fix it.

I didn't need to re-format (fortunately), but it took a lot of messing about to get rid of it. Eventually I bought Kaspersky (which found the infection, but coudn't cure it on it's own). The User's forum helped me out with instructions to download an ISO image for a Linux-based Kaspersky malware scanner which I made (again with their help) into a bootable drive on a USB stick. To tell the truth, the tech support at Kaspersky were pretty useless - it was the User Group guys who saved me.

I wish your friend well.

P.S. Del's advice to contact her ISP is a good idea, especially if she's not seeing any effects of the malware.

She would NOT see any effect of a Rootkit infection as it becomes part of the Windows Kernel and is therefore "Legal" in the eyes of most scanners....

I saw the effects of the rootkit infection I had very clearly - as I said in #5, all attempts to contact legitimate websites (BBC, CR4 etc.) were being re-directed.

She may or may not see the effects, depending upon what the effects were.

You did, she may not have.......

You've changed that from "She would NOT see any effect ..." to "she may not have...".

I cannot speak for the lady concerned, but I do feel that she is not a computer freak and just takes what she sees as being normal.........even if its not!!

What is your personal take at her (probable) level?

I really don't have one ... but if I typed in "http://www.bbc.co.uk/radio4/" and found a porn site, I'd suspect something was very wrong. I don't think I'm alone in thinking that that is not normal, no matter what the 'level'.

In that case I agree.....

We have seen here that say you want to do some banking, the site looks just like your banking site, everything actually works as it should because the virus is sending the data onto the correct site at the same time, but recording all passwords etc....

With TANs, this will probably not work anymore today (or should not), but even buying online at ebay could produce useful information for such virus "users"....

After following Del's advice and confirming by telephone with a call that you placed to the ISP provider that there is, in fact, an issue to be dealt with, the best tool I have found is rootkitrevealer, which is free from http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx. Note that I am not normally an advocate of MS solutions. The best solution would be to switch all of your on-line activities to a Linux-based operating system (or, if you have sufficient excess funds, Apple seems to be just as good). You can set your computers up as dual boot- Linux when surfing, Microsoft when you want to do something else...Or, you may find yourself migrating to Linux completely, because most everything you want to do in Windows (except gaming and CAD and older versions of Excel) can usually be done better and faster in Linux...No more root kits or other malware (at least until Linux gains enough market share to attract the attention of the bad guys).

IF Linux gets enough market share, the "bad guys" will not touch it.

It is on of those systems like Mozilla FireFox or Thunderbird- developed and maintained by a whole lot of VERY competent "good guys".

Any "bad guy" who attacks one of those systems will be electronically hunted down and electronically "killed/eliminated" for attacking one of "our" systems- not something from the money hungry dirt bags at Microsoft.

Thank you all for your help.

The ISP has given her very detailed instructions on how to get rid of it and she has called in a professional to do it for her now, so thanks again for all your help.

It is unlikely that the virus is in the router as this is typically driven via firmware that has checksum routines to guard against being modified in this way.

She should hire a professional to harden the router against unauthorized access as the virus could exist externally on a neighbors machine that has access to the open network.

However, it is quite likely that the ISP has already identified the very machine that contains the rootkit because it's identity is buried inside the transmission packets and they probably have sniffers capable of disassembling those packets. So it they told her it was a specific machine they probably know what they are talking about. It may be helpful if they give her the identifying information.

She may want to run this on each computer on the network:

http://downloadcenter.trendmicro.com/index.php?clk=tbl&clkval=355&regs=NABU&lang_loc=1#undefined

Good to see that you have an answer to your problem. I'll just add that the 'pro' versions of AdAware include rootkit protection.

Last week I had a popup window appear telling me my computer was infected with malware. The popup had the windows logo and an overall windows like appearance. Like a fool I clicked it. Another popup appeared with an Antispy logo, with no close button and no cancel button. I tried to open the task manager to quit the application, but task manager had already been hijacked and would not open. My CPU cooling fan was screaming. I suspect I was sending out BS emails until I yanked to LAN cable. Needless to say it was a root kit. Cost me a full day (with considerable help) to get rid of it (I finally just reformatted and upgraded to windows 7). I also installed Linux. Fortunately none of the other computers on my network were infected. These bastards are getting tricky indeed.

As indicated earlier- install Kaspersky Internet Security- you can down load a 30-day trial for free.

It prevents ANYTHING from leaving your machine with out your permission, and constantly looks at everything that is coming in. It also automatically updates about every 3 minutes or so to be totally on top of the latest attacks in the internet.

I started to use it because the gods at Norton apparently decided that 64-bit operating systems were not worth their time to protect- I am running XP-64.

I have been totally thrilled with my service and have it on ALL 4 internal machines, plus the 5 units that are with extended family members.

Thanks for the recommendation - I've been hearing the same thing about Kaspersky and plan to get it going.

My only complaint with it (which I could probably get fixed if I talked to the nice chaps at the forum) is that it completely ties up the PC while doing a full scan or while updating - may as well go for lunch or whatever, an leave it to get on with it, but this is often pretty inconvenient.

One other gripe (again, I could prob'ly fix it with help, but haven't been able to without) is that my laptop can no longer access the other PCs on the wireless network where I spend a lot of time working. This could be down to "Tuneup Utililities" - which came bundled with Kaspersky.

Can't you schedule it to update or scan overnight?

The problem is with my laptop - which I use for work every day and don't leave on overnight. My desktop machine's no problem.

Then a simple solution is to start it when you are finshed working and probram it to shut down your laptop when finished.....Q.E.D.

I don't intend to leave my laptop open and running anywhere in my absence.

And what was to be demonstrated?

That Kaspersky can do its big scan and shut down the PC at the end.

If you don't do it that way, then you have to run the scan and wait and watch.......

....not doing the scan is really not an option nowadays, though I suspect many do just that......

So take your pick.......

It may be scam as I had been receiving online pop-up warnings.

There are various types of viruses that attack the computer. Some virus will start functioning immediately as soon as it is downloaded.

Thanks

Chinese Mobile Phones

China Mobile Phones