I suspect that you would get the same treatment from any other ISP, in terms of receiving warning calls, which you ignored. I'm not apologizing for the rude treatment, I'll leave that for some Rogers employee to discuss with you, but, if an ISP has detected outgoing traffic from a virus, or botnet, then yes, they will usually contact the customer in an attempt to resolve the problem. That is for your protection as well as the protection of any one else that the virus, trojan or botnet might be attacking. Moving to another company without resolving the problem might just make this another ISP's problem.
So, with that in mind, you should be running scans of all of your internet connected equipment with more than one anti-malware program. Malwarebyes Anti-malware (Free) comes to mind as a secondary scanner for pc's and Mac's (?). Android devices I'll leave for others to recommend a good anti-malware program. If you use a router, you should ensure that it's running firmware dated no earlier than about 6 months ago. Thats due to the numerous security problems that have come up over the last two to three years with routers from all companies. If you are running a router that has't had an update over the last two to three years and there is no update available from the manufacturer, its time to buy a new router from a company that provides regular updates.
It has been a couple of weeks now since I have been getting automated security alert messages on my phone. I also recieved an email telling me I had a Gozi infection on one of my computers. At any given time I have 3-4 laptops in my household (and 3 smartphones), and I have a working Kaspersky subscription on each of them. Nevertheless, I decided to scan the computers with Malwarebytes, (it cleared up some malware, none of which I could identify as Gozi). The next day, my internet connection was suspended.
I ran a scan again, this time going more in depth to try and look for specific signs of the infection according to several webpages. I even searched on the Rogers Community Forums for help but I couldn't find an article specific to my problem.
Short story, I got my connection activated again, only to be suspended exactly one week later (today). I have run a thorough scan of all the laptops in my house and they appear to be clear of any Gozi infections. I called up the CSR, and was told that the problem appears to have been solved, but in the future if the "scanner" on their end encounters anything similar, they might slap me with a longer suspension. I was hoping someone could give me some clues as to what could potentially be going on here, as I've done everything on my end.
The little that i have read.. have some said that that one is a particularly hard one to detect/remove sometimes 😞
But that it is/can be used for a spaming out type of attack.. which would make sense then as to why rogers connection is possibly catching it and having an issue.
These things are REALLY hard to narrow down sometimes 😞
Really all i can sugest.. is a step by step process. (which is a REAL pain.. but sometimes the only way to narrow it down)
Day one.. just have device 1 on the network only. If nothing bad, next day add another.. then another.. till something triggers.
Recently My Internet get blocked with a virus named as (.locky extension) RSA-2048 and AES-128 ciphers. I don't know what it is, but it sneaks very silently into my PC. I don't what harmful activities does it brings into my system, but it encrypted all my files that I have into my system. Furthermore, it demands some ransom money from me. I don't have any single penny to pay to its developers. what should I do to remove (.locky extension) RSA-2048 and AES-128 ciphers completely from my system? Please help!!!
(.locky extension) RSA-2048 and AES-128 ciphers is a harmful ransomware infection that usually comes to encrypts all your files and execute some malicious codes on your system. It will lock all your files, and used by its cyber criminals to make money by using victim personal files. This harmful virus usually get spread with suspicious e-mails and other free download files. Once get inside, it will frustrate you by encrypting all your files and programs. Hence, whenever you will open your files such as MS Word and other programs file on your system, you will find that all your files get encrypted, and you just need to follow the instructions of (.locky extension) RSA-2048 and AES-128 ciphers to pay certain money to its hijacker and get your files back.
However, other high level threats are spyware and other rootkit viruses will get downloaded into your PC to give more trouble to your system. When you pay the ransom money, its hacker get chance to enter into your system and buy you will not supposed to get your files back. Because these scammers are not trustworthy people you should not pay any single penny to its hacker. To avoid more issues on your system, you should remove urgently from your system.
Just got an email with this subject line that is obviously spam... the alleged infraction time stamp is TOMORROW and other details are utterly inapplicable to me. Does Rogers have an email that I can forward it to for investigation?
Which antivirus are you running?
Most likely its MALWARE and not necessarily a virus, which sometimes some AV doesnt fully catch.
I would try running something more dedicated like MALWAREBYTES.
Make sure you run updates on EVERYTHING that can. Computers, iphones, android, etc. Any number of these things if not updated could have a vulnerability in them, which if not updated, could have something on them.
I received a message about the Mirai Antivirus.
Looks like i solved the problem.
I've Scanned my devices with MCafee, Desktop and android box and found nothing. So i installed Wireshark on my desktop and started to scan my network.
I realized a great number of SSDP packets coming from my android box. After some tests I've found the DLNA app which the box uses to work as a chormecast/apple TV was the culprit for that. Uninstalling it stoped the SSDP requests. When doing my research i've found this link from rogers: https://www.rogers.com/customer/support/article/rogers-terms-of-service-ssdp-vulnerability which talks about SSDP vulnerability. as i don't use UPNP, i disabled it on my router and also checked my public ip for SSDP vulnerabilities. I believe the issue was solved and Rogers won't find any abnormalities on my network.
Service suspended due to Andromeda botnet
My services has been suspended 3 times due to detection of avlanche andromeda botnet in one of my machines.
I have 1 desktop, 1 iPad and 4 laptops. Plus few android and iPhones.
I tried various AVs be it malwarebytes, McAfee, Symentec, cylance but the issue still persisted.
Removed all unwanted programs that I could think of from all machines.---- did not helped.
I am using hitron Roger's modem and no third part router.
I got the suspicious destination IP and host name and port number from Roger's. Checked the status on virustotal and the IP and host names were malicious. But it's hard to track down which device it might be.
Any tips on next steps