Internet was blocked for a so called virus????????

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Resident Expert
Resident Expert
Posts: 6,860

Re: Internet was blocked for a so called virus????????

@Hkb for a pc or laptop you might need to run Norton Power Eraser or some other deep inspection tool, beyond the usual run of the mill Antivirus programs.  I'm surprised that Malwarebytes Antimalware didn't detect it but, it might be on another device, not just a pc or laptop.

 

To see what device is connecting to what external IP address you need to run a router with logging and blocking capability.  That would be something like Pfsense, Opensense, Sophos and maybe DD-WRT.  An ASUS router with Merlin's Asuswrt will also do both if loaded with Skynet and Diversion add-ons.  Skynet can block specific IP addresses and countries.  It has its own block list and whitelist and has a debug mode to watch for specific IP addresses which should allow one to determine what device is connecting to a specific external IP address.  I've never used it to track an outbound address but that should work.  I have used to watch for blocked traffic from specific LAN IP addresses which is another way to do this.  Diversion allows you to block domain names instead of specific IP addresses.

 

The botnet control IP addresses were taken down in late 2016 so I'm guessing that you now have a device or more that remains infected with no controller domain to contact. But it or they are still attempting to contact those domains. 



Highlighted
I've Been Here Awhile
Posts: 3

Re: Internet was blocked for a so called virus????????

We have been getting our internet shut every 2 months for a while now. We have checked every device connect to our internet and only 1 virus a few months ago but still getting shut off. We've checked our router and it is fine. We are beyond frustrated now and ready to switch internet supplier. Anybody have any other suggestions of what we can do?
Highlighted
Resident Expert
Resident Expert
Posts: 6,860

Re: Internet was blocked for a so called virus????????

@Ann75 have a look at my post just above yours.  What model of router are you running and whats the last firmware version and date on the router?



Highlighted
I've Been Here Awhile
Posts: 3

Re: Internet was blocked for a so called virus????????

I'm not sure what it is, my Mom is the one who takes care of it. I will get back to you on that.
Highlighted
I Plan to Stick Around
Posts: 8

Re: Internet was blocked for a so called virus????????

Virus warning from Rogers, legitimate? (TYPE: avalanche-generic )

 

I recently received an email from Rogers stating " There's a problem with an internet-connected device in your home that's interfering with the network in your area. This may be a computer, phone, tablet, sensors or any other device connected to your Wi-Fi. Unfortunately, we're unable to help you identify the problem device. The problem device in your home is infected with a virus. You need to remove the infection to strengthen the security of your information and ensure that only authorized users have access to your network. "

They later state that if I fail to correct the issue, my service may be terminated.

Although I'm uncertain of which device is infected, they did provide me with details of the virus.

TYPE: avalanche-generic

SRC_PORT: 63073
DST_PORT: 80

HTTP_HOST: trackeropenbittorrent.uni.me
DST_IP: 216.218.135.114

DST_ASN: 6939
DST_GEO: US
NAICS: 517311

Upon googling for information regarding the virus and the host, the only thing I was really able to come up with was this. https://www.abuseipdb.com/check/216.218.135.114 which does mention the host/ip address and virus but I have no idea what to do with this information.

 

The email address it came from was: Rogers Internet Security <abuse@rogers.com>

Is this legitimate?

 

I've run virus scanners and nothing was picked up, I've checked my phone and PC and no sign of an ''avalanche-generic'' virus anywhere, is there any other way to deal with this? If I blocked the listed ports in my modem/router and block the domain would that solve the issue?

Highlighted
I Plan to Stick Around
Posts: 305

Re: Internet was blocked for a so called virus????????

you typically get this email if someone from your house (or connected to your wifi) download copyright material from bit torrent.  

Highlighted
I Plan to Stick Around
Posts: 20

Re: Internet was blocked for a so called virus????????

Got an email and call from Rogers about a potential virus

 

IP 174.116.133.### .
 data: SOURCE TIME: 2020-07-05 18:51:28Z
IP: 174.116.133.###
ASN: 812
AS NAME: ROGERS-COMMUNICATIONS, CA
MALWARE FAMILY: quant
TYPE: botnet drone
DESCRIPTION: This host is most likely infected with malware.
DESTINATION IP: 195.22.26.248
DESTINATION PORT: 80
PROTOCOL: 6
UUID
: 8b4dcd30-0d2a-4972-a384-22b6471fd66a

 

P 174.116.133.### .
 data: SOURCE TIME: 2020-07-05 18:51:28Z
IP: 174.116.133.###
ASN: 812
AS NAME: ROGERS-COMMUNICATIONS, CA
MALWARE FAMILY: isrstealer
TYPE: botnet drone
DESCRIPTION: This host is most likely infected with malware.
DESTINATION IP: 195.22.26.248
DESTINATION PORT: 80
PROTOCOL: 6
UUID
: 93c69d53-1dd9-4e04-9473-f10312d6e1f1

 

 

I scanned both my computers for virus and it didn't find anything. Could this be a false alarm? 

Highlighted
Resident Expert
Resident Expert
Posts: 6,860

Re: Internet was blocked for a so called virus????????

@stockylobster there's two possible choices here:

 

1.  You have a botnet infection; or

2.  The destination IP address has been attacked by someone using a spoofed IP address (yours).

 

The destination IP address belongs to Clara.net in Portugal. 

 

https://bgp.he.net/ip/195.22.26.248#_whois

 

The details specify a TCP attack on port 80, which would be the http log in port on modems or routers.  That looks like a report from an Intrusion Prevention System running on a router. 

 

I would scan any connected devices with more than one antivirus application.  For windows desktops/laptops, consider loading Malwarbytes Antimalware as a secondary scan application.  I use that for a secondary application:

 

https://www.malwarebytes.com/mwb-download/

 

There is also a version for Android, IOS and Android.

 

Are you running the modem in Gateway mode, or in Bridge mode with a router behind it?  If you have a router running, check for the latest firmware update.  If its older than a year and doesn't look like there are any updates on the horizon I'd strongly consider binning the router and buying another one that will be updated with recent firmware updates.  In any event, if you have a router running, consider running a factory update and set the router up from scratch.  Don't load a backup config file. 

 

To check the UUID for your windows platforms, at a command prompt enter the following command:

 

wmic csproduct get "UUID"

 

Compare the UUID result with the UUID's listed in the report from Rogers, just to see if there's a match.  I haven't looked up how to find the UUID for MAC's or Android or IOS devices.

 

 

 

 

 

 



View solution in original post

Highlighted
I Plan to Stick Around
Posts: 20

Re: Internet was blocked for a so called virus????????

Hi,

 

My modem is in Bridge mode and my router's firmware is about 4 months old but I will factory reset and update again. I scanned both of my computers and none of them match.  I also ran antivirus and malwarebytes on both computers. Nothing was found. I also checked the UUID and doesn't match any of my computers either. Do you know if android devices have UUIDs? 

Highlighted
Resident Expert
Resident Expert
Posts: 6,860

Re: Internet was blocked for a so called virus????????

@stockylobster what router are you using, out of curiosity's sake?

 

It looks like Android devices can have a UUID, but, it doesn't look like there's an easy way to determine what that UUID is. 

 

If you run a google search for:   android uuid

 

You'll come across numerous links for android UUID generation, use, etc, etc.  There's nothing that comes up that shows easy access to an Android UUID, but, I didn't look beyond page one of the results at the present time.