Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

A device using your internet connection may be infected with malware

pb30531
Tuning in

on ‎28-07-2022 16:37

Our reference: VMIS158-SUSPICIOUS_ACTIVITY-F009998911
A device using your internet connection may be infected with malware
 
Hello All,
I have today received an email from Virgin indicating that I may have an infection on my system. I regularly run anti virus checks using Comodo and I am happy I dont have a virus. I do use a VPN and wonder if this is whats caused Virgin to think that there is something suspicious occurring.
However, what is concerning me the most is when I had a similar email warning from Virgin about 12 months ago my email (Thunderbird) suddenly stopped working and there followed days of my trying to fathom out why until eventually I spoke to someone in India who  indicated my password had been changed ( by who ?) and I was given a temporary password for one of my email accounts (Thunderbird) which has operated OK since. I dont know how to change my Virgin account password so the so called temporary password  set by Virgin has remained ever since.
Am I about to suddenly find that my account password has been or will be  changed again as a result of todays warning email ?. If so I will be ever so pleased - NOT!.
0 Kudos
5 REPLIES 5

Ashleigh_C
Forum Team
Forum Team

on ‎29-07-2022 17:03

Hi there @pb30531

 

Thank you so much for your post to our community forums and welcome back to the team, it's great to have you here. 

 

I am so sorry to hear that you are facing this issue with your account! 

 

Can I ask what email address the warning came from? 

 

You can change your password via your My Virgin Media profile and we would recommend changing this as soon as possible if you are still using the temporary one. 

 

You can also use the forgotten password link when signing in to reset the password this way. 

 

Thank you.

0 Kudos

pb30531
Tuning in
In response to Ashleigh_C

on ‎29-07-2022 19:27

Hi Ashleigh,

Thanks for the email. Following is a copy of the full header of the sender, I have removed as much of my detail as I can -:

[IMPORTANT] Virgin Media Alert: Your device may have a malware infection

Thu, 28 Jul 2022 16:00:22 +0100

account1

00004bcd25796124

0001

00000000

<internet-security@virginmedia.com>

pxxxx@blueyonder.co.uk

from md4.tb.ukmail.iss.local ([212.54.57.79]) by mc39.tb.ukmail.iss.local with LMTP id OGD1HIuk4mKHDQAAVp5eMA (envelope-from <internet-security@virginmedia.com>) for <pxxxxx@blueyonder.co.uk>; Thu, 28 Jul 2022 17:00:27 +0200

from smtpclienthelo ([212.54.57.79]) by md4.tb.ukmail.iss.local with LMTP id sEZ5HIuk4mJ4CwAANIUTRA (envelope-from <internet-security@virginmedia.com>) for <pxxxxx@blueyonder.co.uk>; Thu, 28 Jul 2022 17:00:27 +0200

from mx.emea.email-out.fireeyecloud.com ([52.215.218.140]) by mx12.tb.ukmail.iss.as9143.net with ESMTP id H4zyo3nPpOtvUH4zyoLYz0; Thu, 28 Jul 2022 17:00:26 +0200

internet-security@virginmedia.com

pxxxxx@blueyonder.co.uk

52.215.218.140

v=2.4 cv=Uu5wis8B c=1 sm=1 tr=0 ts=62e2a48b cx=a_exe:a_idp_d a=BjugOZXBdY1gNb9aOe+tNQ==:117 a=HA8xjwbbgu+22ypCUL6i2A==:17 a=NnpB_s8qolIZOc1H:21 a=KGjhK52YXX0A:10 a=IkcTkHD0fZMA:10 a=WxaJ9yQQIYwA:10 a=RgO8CyIxsXoA:10 a=NcN59idvAAAA:8 a=RGQxbMKRD3rOo6gnNxUA:9 a=8U30MHMbO671LbEJ:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=QEXdDO2ut3YA:10 cc=ntf

<internet-security@virginmedia.com>

from [127.0.0.1] ([127.0.0.1:43196] helo=smtp-injection-worker) by prd07-euw1-08 (envelope-from <internet-security@virginmedia.com>) (ecelerity 4.3.1.999 r(:)) with ESMTPS (cipher=AES128-GCM-SHA256) id C8/AC-26245-A84A2E26; Thu, 28 Jul 2022 15:00:26 +0000

193.38.82.67

193.38.82.67

from mailrelay04.ntl.com (mailrelay04.ntl.com [193.38.82.67]) by prd07-euw1-02 (envelope-from <internet-security@virginmedia.com>) FireEye ETP with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 210328567784A2E2690a83aca; batch_id 21/03-28567-784A2E26; Thu, 28 Jul 2022 15:00:23 +0000 (UTC)

v=1; a=rsa-sha256; c=simple/simple; d=virginmedia.com; i=@virginmedia.com; q=dns/txt; s=corporate; t=1659020423; x=1690556423; h=message-id:mime-version:from:to:date:subject: content-transfer-encoding; bh=FzlXXsFF67DtQ8bAr8G6TbZubJB0Q7x24vUCNXp/Vr4=; b=utBAY+2T+9lIAek+RhqsNQoGKt8E+5UQcoLYYz8iUevo3g0EjZCDb1xI W85jmFIySbmbqUdGttNBrz8+VFaYzYOaBx6PovRTJdXTr/J3pLH+ge01M taSsYJndqP+ZBjMZ9BaCk+BNFRKAIreMyoySFT4siZx6iAFXMzy+OmISv 6iCrVPk6gxSQK1gGDCJKhuGuKDOkCl3ohqSIW6MW4CMNhaDSVnBLxKPzy Y4AUgt+fQDdrkelNAJruC8+fiiG1k70zCEowcekRx1fXfBPKLaDdeESaI xYHAXadD4jNmoRweZIjY0W5KIAewgHs9G5Xc7TmXM9G2iZyTPNpe7qMLn w==;

4BeqKl5xqFnjO/NFlWPS1aBrhSEqdhkuuzR92qqRW+vaRqVM53/8Wi4lIbHVHRxAao15RvUSKL zkcOPFeLRKnQ==

N

false

from unknown (HELO KN1-CHX-P0004.systems.private) ([10.92.194.62]) by mailrelay04.virginmedia.co.uk with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 28 Jul 2022 16:00:22 +0100

from kn3-xcn-p0001.systems.private (172.19.46.61) by KN1-CHX-P0004.systems.private (10.92.194.62) with Microsoft SMTP Server id 14.3.487.0; Thu, 28 Jul 2022 16:00:22 +0100

1.0

text/html; charset="utf-8"

base64

eyAidGlkIjogIjIxMDMyODU2Nzc4NEEyRTI2OTBhODNhY2EiLCAiYWNjZXB0ZWRfdGltZXN0YW1w IjogIjIwMjIwNzI4MTUwMDIzIiwgImFjY2VwdGVkX3RpbWVzdGFtcF9lcG9jaCI6ICIxNjU5MDIw NDIzIiwgImRvbWFpbl9uYW1lIjogInZpcmdpbm1lZGlhLmNvbSIsICJhdHRfY291bnQiOiAtMiwg InNyY19pcCI6ICIxOTMuMzguODIuNjciIH0=

MS4xfLPAo/Tq2jBkjYm0naNHkNcKuqR/cpw7KgHnBy/jQhTDGsms9kxk0J/ga0z6Lg9/Y38s30KiMV2YzvlZUGvsgUcS9YWkqsXq2SmAmylpI6c3EHCOwqTk L+K0hTAZpLxZ1WiItcrJnrvWGhTJh3yomxO/sFxCSSLw+/xDBHzA+vg//O0SKRspAzXXSWdTbGY34zS1/aslpwfIm8po+ZGqaXKZ00yUZvE4QOsXp/QrjgGu 1oS6pV/EVnhDXZgOLANtsQ==

Your Virgin Media Account number: 12 - xxxxxxxx
Our reference: VMIS158-SUSPICIOUS_ACTIVITY-F009998911
 
A device using your internet connection may be infected with malware
 
Dear Mr Bxxxxx,
 
You have received this email as one or more of your Virgin Media mailboxes has recently been locked due to suspicious activity being detected.
 
It is important that you:
 
a. Do a full virus scan on your device with up-to-date anti-virus software
b. Reset your password to something new, unique to this account and secure.
 
After resetting your password, your mailbox will automatically be unlocked after 15 minutes.
 
Please ensure that the above points have been completed to prevent your mailbox from being locked again.
 
More help and support
 
For extra advice, or to double-check that this is a genuine Virgin Media communication, head to our community at virginmedia.com/community, click 'Help forum' and join the conversation on the Security Matters board.
 
Kind regards,
 
The Virgin Media team
 

 

 

 

 

 

  
   Please do not reply to this email.

   © 2013 Virgin Media. All Rights Reserved.
0 Kudos

Martin_N
Forum Team
Forum Team
In response to pb30531

on ‎30-07-2022 09:45

Thank you for that information. How long have you had the VPN? When did you take out your Virgin Media services?

Has there been any devices connected to the broadband recently that haven't been connected before?

^Martin

0 Kudos

pb30531
Tuning in
In response to Martin_N

on ‎30-07-2022 16:08

Hi Martin,

Thanks for the reply.

I have had my Express VPN for 2 years, I have been a customer of Virgin for about 15 or 20 years, Tele West before that and Bham cable before that and there are no new devices connected that havent been connected before other than perhaps a change in mobile phones. 

The email suggests one of my email accounts has been locked but none have that I am using at the moment, one on Blueyonder and one on Virginmedia so I dont know what the account mentioned as being 'locked' refers to?.

Below is a copy of the email I received.

------------------------------------------------------------------------------------------------

Your Virgin Media Account number: 12 - xxxxxxxxx
Our reference: VMIS158-SUSPICIOUS_ACTIVITY-F009998911
 
A device using your internet connection may be infected with malware
 
Dear Mr Bxxxxx,
 
You have received this email as one or more of your Virgin Media mailboxes has recently been locked due to suspicious activity being detected.
 
It is important that you:
 
a. Do a full virus scan on your device with up-to-date anti-virus software
b. Reset your password to something new, unique to this account and secure.
 
After resetting your password, your mailbox will automatically be unlocked after 15 minutes.
 
Please ensure that the above points have been completed to prevent your mailbox from being locked again.
 
More help and support
 
For extra advice, or to double-check that this is a genuine Virgin Media communication, head to our community at virginmedia.com/community, click 'Help forum' and join the conversation on the Security Matters board.
 
Kind regards,
 
The Virgin Media team
0 Kudos

Natalie_L
Forum Team (Retired)
Forum Team (Retired)
In response to pb30531

on ‎31-07-2022 16:47

Thank you for confirming. 

I would like to take a look from our side and see if there has been anything flagged on our system so I am going to pop you over a private message to confirm a few details. This will be available via the purple envelope on the top right of this page.  

Speak soon, 

 

Nat
0 Kudos
Top