• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

bot problem?

Hi all --

I received email notification today from Xfinity that I may have a bot.  I checked their amibotted website, and it says for my address, today they detected the RK_Pihar_group 5 times in the last 24 hours, last at 9 AM this morning.  I am running Norton Security Suite, version 5.2.2.3 on Windows 7 home premium.  I updated the virus definitions to current, and ran a full system scan.  Nothing was detected except tracking cookies.  I ran a "reputation scan" and only found one file used by five or less -- that was a Microsoft Money .dll -- and Microsoft Money would not run without it -- I think it's legit -- it is mnyob99.dll -- I have a really old version of MSMoney.  My windows updates have been up to date.  I Installed Spybot Search and Destroy, updated the definitions, and did a full system scan, and only came up with one IE BHO, which it fixed, plus some more tracking cookies.  I also installed and ran Immunet Protect 3.0, which is supposed to play well with Norton -- that didn't find anything either.  Any help on solving this problem will be appreciated.  When I get done tonight, I'm going to tell Norton to close all firewall traffic.  Would appreciate any help on this one -- Comcast wants $99.00 for tech support plus $19 a month -- that's ridiculous.

littlepeaks

Replies

Kudos0

Re: bot problem?

Hi all --

I received email notification today from Xfinity that I may have a bot.  I checked their amibotted website, and it says for my address, today they detected the RK_Pihar_group 5 times in the last 24 hours, last at 9 AM this morning.  I am running Norton Security Suite, version 5.2.2.3 on Windows 7 home premium.  I updated the virus definitions to current, and ran a full system scan.  Nothing was detected except tracking cookies.  I ran a "reputation scan" and only found one file used by five or less -- that was a Microsoft Money .dll -- and Microsoft Money would not run without it -- I think it's legit -- it is mnyob99.dll -- I have a really old version of MSMoney.  My windows updates have been up to date.  I Installed Spybot Search and Destroy, updated the definitions, and did a full system scan, and only came up with one IE BHO, which it fixed, plus some more tracking cookies.  I also installed and ran Immunet Protect 3.0, which is supposed to play well with Norton -- that didn't find anything either.  Any help on solving this problem will be appreciated.  When I get done tonight, I'm going to tell Norton to close all firewall traffic.  Would appreciate any help on this one -- Comcast wants $99.00 for tech support plus $19 a month -- that's ridiculous.

littlepeaks

Kudos0

Re: bot problem?


littlepeaks wrote:

Hi all --

I received email notification today from Xfinity that I may have a bot.  I checked their amibotted website, and it says for my address, today they detected the RK_Pihar_group 5 times in the last 24 hours, last at 9 AM this morning. 

You can contact the Comcast Customer Security Assurance Department: and they will be able to verify what was detected and if anything has been detected since that time.  This is a free service and they are usually pretty helpful.
Business Hours:6:00 am – 2:00 am EST
 7 days a week

Contact:(888) 565-4329

I am running Norton Security Suite, version 5.2.2.3 on Windows 7 home premium. 

You are also runing an older version of Norton Security suite (NSS).  The current version is 6.3.0.14.  The following links will tell you how to upgrade your NSS to the current version:

 

http://community.norton.com/t5/Norton-360/Product-Update-Norton-Security-Suite-6-2/td-p/724778
Upgrade to V 6


http://community.norton.com/t5/Norton-360/Comcast-Norton-Security-Suite-6-3-is-now-available-Windows-8/td-p/788324
Update to 6.3.0.14

Also please run LiveUpdate (rebooting as requested) until such time as it responds "no updates found".  You will be totally up to date with NSS when this opccurs.

I updated the virus definitions to current, and ran a full system scan.  Nothing was detected except tracking cookies.  I ran a "reputation scan" and only found one file used by five or less -- that was a Microsoft Money .dll -- and Microsoft Money would not run without it -- I think it's legit -- it is mnyob99.dll -- I have a really old version of MSMoney.  My windows updates have been up to date.  I Installed Spybot Search and Destroy, updated the definitions, and did a full system scan, and only came up with one IE BHO, which it fixed, plus some more tracking cookies.  I also installed and ran Immunet Protect 3.0, which is supposed to play well with Norton -- that didn't find anything either. 

Please check and see if Tea Timer is enabled in Spybot Search and Destroy.  If tiis please disable it as it is a real-time function and can cause conflicts with Norton.

I would also recommend removing Immunet as although Immunet clams to play nicely with Norton, it could still cause conflicts and to be perfectly honest, it is not as robust as Norton.

There is one addtional tool that is normally recommend for the folks receiving ther Xfinity Bot norification and that is the Microsoft Malicious Software Removal Tool which can be found here:

http://www.microsoft.com/security/pc-security/malware-removal.aspx

Any help on solving this problem will be appreciated.  When I get done tonight, I'm going to tell Norton to close all firewall traffic.  Would appreciate any help on this one -- Comcast wants $99.00 for tech support plus $19 a month -- that's ridiculous.

You should not have to make any changes to your Firewall in order to prevent this from occurring and do not even consider spending money for tech support based on a Xfinity Bot Warning.

littlepeaks


 Hi littlepeaks,

I'll reply within your originial post to try to provide you a plan of attack.

Also, there is  addtional info re: Bot and what could have caused the situation they detected in the following link.  If you are on wireless, please ensure you have a secure connection.

http://customer.comcast.com/help-and-support/internet/signs-your-computer-is-infected-with-a-bot/

Please let us know how this turns out.

Kudos0

Re: bot problem?

Thanks for the reply.

I do not have TeaTimer turned on on Spybot S & D.

Even though the Microsoft Malicious Software Removal Tool was run on my PC with the last updates, I ran it again, and told it to do a whole system scan (nothing found).

I called the Comcast Security Help Desk, and they were unable to help -- except telling me to go to the "amibotted" site to see any bot activity.   I ran it again this morning, and had no additional detections, although I told Norton to stop all traffic for the night.  Comcast Security Help Desk are the people who directed me to the pay Comcast hot line.

When I get back from church, I'll try to upgrade Norton to Version 6.  Since I have free Norton through Comcast, I hope it'll let me do that. 

One other thing I was considering doing, was doing a system restore -- I see I have a restore point on Aug. 29.  Would this help?

Thanks

Kudos0

Re: bot problem?

OK, I upgraded to Version 6.3.0.14, with no problems.  I also did a full system scan again, and nothing was found.  I have been checking the Xfinity web site to monitor bot activity, and nothing has been detected since yesterday morning at 9 AM.

Kudos0

Re: bot problem?

Oh -- I am not using wireless, and am only using one PC.

Kudos0

Re: bot problem?

Hi littlepeaks,

By Comcast Security Help Desk - are you referring to the number I gave you for Security Assurance above?  If so  that is not the type of  response one normally receives from them - perhaps because it is a holiday weekend?

Anyway, I would warn you against doing a Windows System Restore, as it normally messes up Norton security suite to the point of having to totally tremove and reinstall the program.  Thtat is esopecially true since on Aug 29th you had the older version of NSS installed and revertting back to version 5  will cause other problems - especially with your ID Safe login data.

BTW, before doing anything, if you use Identity Safe for your logins, please Export (Backup) the data now that you are on version 6.  Version 6 can export it as a .DAT file and also as a .CSV file (which is printable).

To be honest with you - it sounds like whatever Comcast spotted may be gone now and hopefully will not return.  You can continue to run the AmIbotted  rom time to time to check for yourself.

Kudos0

Re: bot problem?

Thanks.  I don't use Identity Safe, although it is installed on my computer.  I think I installed it when it wasn't ready for prime time.  I have a Windows login password -- once, when I tried to type in the password, it was typing 12345678... instead of my password.  I have since forgotten the master password for Identity Safe.  I use KeePass to store passwords.  I'll keep an eye on amibotted to see if anything turns up. 

It seems like Norton's firewall should be smart enough to keep my PC from botting, though.

lp

Kudos0

Re: bot problem?


littlepeaks wrote:

Thanks.  I don't use Identity Safe, although it is installed on my computer.  I think I installed it when it wasn't ready for prime time.  I have a Windows login password -- once, when I tried to type in the password, it was typing 12345678... instead of my password.  I have since forgotten the master password for Identity Safe.  I use KeePass to store passwords.  I'll keep an eye on amibotted to see if anything turns up. 

The problem you had with typing numbers instead of letters was caused by Guarded ID which is a component of Constant Guard Protection Suite (CGPS) -which is really, as you said "not ready for Primetime". 

That said, you may be confused between CGPS and Norton Security Suites' Identity Safe.  Norton's does not cause any of the situations encountered with CGPS.

That is fine that you use another password manager.

It seems like Norton's firewall should be smart enough to keep my PC from botting, though.

lp


This thread is closed from further comment. Please visit the forum to start a new thread.