Internet was blocked for a so called virus????????

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
I've Been Here Awhile
Posts: 3

Re: Internet was blocked for a so called virus????????

They did not tell me to contact them. All they did was to go to my email and find the email that they sent me, but it was not there. It also told me to go to rogers.com/getprotected. That's all they told me to do.

I also did the test that was mentioned in this post and it passed.

Community Manager
Community Manager
Posts: 3,372

Re: Internet was blocked for a so called virus????????

@Chromus

 

Check out the TechXpert Virus Info. here: http://communityforums.rogers.com/t5/forums/forumtopicpage/board-id/RAAETechXpert/thread-id/7

 

 

TechXpert will help you find, identify and remove any virus you may have.

 

 

RogersDarrell

I've Been Here Awhile
Posts: 2

Re: Internet was blocked for a so called virus????????

I got a call as well. I scanned for virus for every computer in my house, 2 macs and 1 pc. nothing.

 

Then I called back and ask for the detailed information, the tech support told me it is because of Bots, named SinkHole.

 

Any one know how to remove it?

Resident Expert
Resident Expert
Posts: 6,229

Re: Internet was blocked for a so called virus????????

Have a look at the following site:

 

http://resources.infosecinstitute.com/dns-sinkhole/

 

A sinkhole is used to direct traffic away from a botnet command and control server.  This occurs when a botnet is taken down, usually through the co-operative efforts of Microsoft, FBI, RCMP etc.  It doesn't remove the particular bot that you might have, but it disrupts the traffic so that the individuals running the botnet are unable to maintain control over their net. 

 

So, for a tech to say that you're blocked due a a Sinkhole is a misinterpretation of the information that he or she has available.  You need to go back to tech support and ask the CSR for the particular botnet that this incident refers to. Only by knowing what botnet this involves will you know what to look for and how to remove it.  Without that information, anything that you are told is completely useless, personal opinion.

 

If you happen to be running the modem in Bridge mode with a third pary router, run a factory reset on the router and reset all of the parameters from scratch.  Do not use a backup parameters file to reload the parameters.  There are numerous botnets out in the wild that are taking advantage of security holes in routers these day, so if you do have a router, run the reset, and also look for a firmware update.  If you have an older router and there is no update, it might be time to look for a newer router or load DD-WRT, Tomato or Merlin firmware. 

 

If your router DNS server address has been changed without your knowledge, running the factory reset will delete that entry, along with any other mailcious settings.

 

In the case of the pc's, at least for windows, you can look at the hosts files.  This is a file stored in C:\Windows\System32\drivers\etc

It should be opened with Notepad or a plain text editor, not Word.  You can open that file and clean out any entries that might exist.  Windows looks at that file first to determine the internet address associated with an address that you type into the browser address bar.  If that file has been changed without your knowledge, there is a good chance that youv'e been redirected to a botnet command and control server, so, if there are any questions as to what that file contains, you can clean it out and save it.  I think you have to be in an admin account to do that.  Spybot, which is an spyware detection program will change change that file so that known malicious addresses are given an internal wrap around ip address and therefore attempting to use that address will not allow you to connect externally.  Here's an example of the wrap-around addresses:

 

# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com

 



I've Been Here Awhile
Posts: 2

Re: Internet was blocked for a so called virus????????

Thanks for your sharing! When I called, I did asked if Rogers had more detailed info so that I can identify which machine is problematic.

 

Unfortunetly, she said nothing more.

 

I had to suggest Rogers to provide more details so users can easily identify the issue.

Resident Expert
Resident Expert
Posts: 6,229

Re: Internet was blocked for a so called virus????????

Without more details, the info is useless.  It might be a pc, or mobile device, or, it might be a router, just depends on what you have on your network.  For an androide and IOS device, a reset might be in order.  Unfortunately, for IOS there is an ongoing issue with developers using XCode files downloaded from Chinese servers instead of the official Apple servers.  As a result, many of Apple apps are infected, from what I remember reading.  This hit the news again very recently.   Here's a link or two to have a look at:

 

http://arstechnica.com/security/2016/01/malicious-apps-in-google-play-made-unauthorized-downloads-so...

 

http://www.pcmag.com/article2/0,2817,2496598,00.asp

 

 

 



Resident Expert
Resident Expert
Posts: 14,000

Re: Internet was blocked for a so called virus????????

Unfornately tieing down to the specific device.. can prove difficult, by anyone.

From rogers end, they just see that its comming across their network, from the IP/MAC of your modem.

They cant see any more detail otherwise as to the source.



I Plan to Stick Around
Posts: 17

Re: Internet was blocked for a so called virus????????

Just got a call this morning saying the same thing.

 

This time i am starting to believe that Roger is spamming. Only got my laptop connected to my router and I just did a full check up, nothing wrong with my laptop or router. I even went to that link that was supplied to me from Rogers in which I have posted here and again saying I was :

Success! We detected your IP address as 99.xxx.xxx.xxx and did not find an open DNS resolver running.

 

Also when the BOT rogers called their client and tell them to check their email for the reason of the problem, make it stop because its never there in the inbox. I only use that yahoo roger inbox for just roger. There is NEVER or EVER got an email from them to explain the problem. So yes this would look more like a scam or spam. Maybe Rogers need to do a full scan on their own servers before contacting their clients and give them false informations.

 

UPDATE: I call in and explain the problem and the girl basically told me it was my UPNP was turn on at my router. Sure enough it was but I dont see the danger on that, regardless turn it off and life goes on.

Resident Expert
Resident Expert
Posts: 14,000

Re: Internet was blocked for a so called virus????????

Having UPNP on is suposed to make life easier.. some programs, etc which can run easier by opening up certian ports to make it run better all on its own.

BUT at the same time, something malicious COULD be then enabling those ports when its doing spaming, etc.

By turning UPNP off, at least it hopefully will eliminate that out.



I've Been Around
Posts: 1

Re: Internet was blocked for a so called virus????????

I have the phone call, I ignore them a few times,
then Call Costumer services and ask them to stop the calls
then my internet was disconnected I call the phone number They provide
I have the MOST RUDE CUSTOMER SERVICE                
WHIT NO SOLUTIONS.

 

I call a second time and they reconnected my Internet
not before "Warning me" if i don't get rid of the Virus I will be disconnected again...


I have been a customer for more than 8 years
and I am ready to move my service (and my money)
to another company next time I get disconnected...


Terrible service Rogers..!

Order Now!
Wilder vs. Ortiz II Live
LIVE: Saturday, November 23, 2019 8PM ET
Channels: 348 (HD) | 350 (SD) | Ignite TV 499
Price: $74.99 (HD) | $69.99 (SD) | Ignite TV $74.99
DTV can order on Nov. 21st & Ignite TV customers can order now!

Reigning heavyweight world champion Deontay "The Bronze Bomber'' Wilder takes on his most dangerous challenger as he defends his WBC title in a rematch against once-beaten Cuban slugger Luis "King Kong'' Ortiz.

Topic Stats