Menu
Reply
Highlighted
  • 186
  • 0
  • 11
deckhanddave
Dialled in
690 Views
Message 71 of 123
Flag for a moderator

Re: Finally had it with Virgin(I sound like a broken record)

Sorry Bill, I forgot to mention. I'm watching our two mobile phones, my Alexa stuff and printer on Sharkwire using the Win Hotspot and nothing at present. I'll check my NAS drives etc next, then my Meross stuff (Light bulbs and sockets). I'm getting the awful feeling that I aren't going to find anything though. I do regular scans of all my hard drives using Defender every day in the early hours and it always says nothing found. Can you see anything I'm missing? or any suggestions on how to better narrow down my search or speed it up? For instance, how long would you monitor specific items on livewire? I've been working on doing it all night and day for 24 hours, could I reduce that time? Any suggestions are appreciated. Thanks again for taking the time to try and help me out.

0 Kudos
Reply
Highlighted
  • 186
  • 0
  • 11
deckhanddave
Dialled in
679 Views
Message 72 of 123
Flag for a moderator

Re: Finally had it with Virgin(I sound like a broken record)

Prime example of how much Virgin think of a customer of 20 years. At 13.21 yesterday I had a call from 0345 4541098, what Ofcom call a dropped call where no one answers and it hangs up. At 13.42 today, I had a call from the same number and this time someone spoke.  It was Virgin Media Customer Care, I think he said. The line was very poor and I could hear everyone else in the call centre better than him so I asked him to ring me back on my house phone. He said he would and hung up. The time now is 17.43 and he didn't have the decency to call back. I know I haven't missed him because 1) the phone is right next to me and 2) it has a call log. I would like to suggest a change of title for them to Virgin Media Customer Don't Care Dept.

Highlighted
  • 1.5K
  • 182
  • 840
Very Insightful Person
Very Insightful Person
664 Views
Message 73 of 123
Flag for a moderator

Re: Finally had it with Virgin(I sound like a broken record)

Re – how long does all this take? It’s anybody’s guess. If a smart device has been compromised and new code inserted into it, it’s not going to make itself obvious by, say, changing its name. And if it has been programmed only to use its malware activities at irregular long or short intervals, that makes detection even harder – and much longer. Thus far, you have – changed passwords on devices and checked for suspicious outgoing traffic, followed the VM Marai guidance, and run Defender regularly. As you know Defender only covers your PC and not your smart devices. And, I’m waiting for some VM feedback on the “proxyget” statement.

You say you have also used used the TrendMicro Home Network Security product which does claim to look at your home network devices. There are other similar products available, but on the grounds that you already have the Trend product available, I suggest you continue to use that to see if it comes up with anything useful.

Have you pressed your bank(s) to disclose the reason why your access has been blocked?

 

0 Kudos
Reply
Highlighted
  • 186
  • 0
  • 11
deckhanddave
Dialled in
650 Views
Message 74 of 123
Flag for a moderator

Re: Finally had it with Virgin(I sound like a broken record)

Hi Bill. Regards the bank, I haven't really pushed them hard but that is coming. I fully expect to meet with a lot of resistance and to be totally honest, I hope they do because I want to take this over Virgin and the banks heads. I really do think that the way they just dismiss people is wrong and they need to put a robust scheme in place to assist people in this sort of mess. People are becoming more reliant on banks, the internet and the government is pushing people that way too. I'm 60 and have a fair understanding of the basics of internet use and I'm sure there are people older and less knowledgeable about it than I am, having to use it. Not being able to do my banking is a pretty serious loss and could cost me money and credit rating. Luckily I can sidestep this situation but I aren't happy doing it. I may be wrong but believe I am right and will fight as best I can to try and get that help put in place. Imagine if I were bedridden or housebound and relied on Universal credit. This would be a very desperate situation for someone in that position. I'm going to target my NAS drives tomorrow to see if anything comes up on them in Wireshark. At the moment, everything is showing clean that I tested. I'll post the results as I get them. Any ideas on how long to run a Wireshark test on an item? It would be nice if it was a period less than 24 hours. Thanks again for your help with this.

0 Kudos
Reply
Highlighted
  • 4.41K
  • 502
  • 1.44K
Very Insightful Person
Very Insightful Person
588 Views
Message 75 of 123
Flag for a moderator

Re: Finally had it with Virgin(I sound like a broken record)

@deckhanddave Hi Dave

I'd echo what @Kippies said about the router you linked to, seems way more than I or most folks currently need, but maybe not for yourself.

______________________
Scott

My setup: V6 TV box, M350 Fibre broadband with Hub 3 in modem mode connected to a Netgear R7000 router. Telewest/VM user since 2001.

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

 

Mark as Helpful Answer if I've helped

0 Kudos
Reply
Highlighted
  • 3.96K
  • 426
  • 1.44K
Very Insightful Person
Very Insightful Person
568 Views
Message 76 of 123
Flag for a moderator

Re: Finally had it with Virgin(I sound like a broken record)


@deckhanddave wrote:

Hi Bill. Regards the bank, I haven't really pushed them hard but that is coming. I fully expect to meet with a lot of resistance and to be totally honest, I hope they do because…


Consider pursuing the matter further with MSE to see if they can provide specific information concerning the  “potential source of unsafe traffic” mentioned in their reply.

0 Kudos
Reply
Highlighted
  • 186
  • 0
  • 11
deckhanddave
Dialled in
459 Views
Message 77 of 123
Flag for a moderator

Re: Finally had it with Virgin(I sound like a broken record)

Today is the 20/01/20 and I still can't do banking online and that started on or about the 7th. Nor can I find where the problem is. I've ran Wireshark using wifi and hotspot. The only thing left now is to set up a bridge and start again. Over the weekend I was able to briefly connect to the sites but it didn't last long. Supposedly today, I am getting a call from someone at Virgin who deals with broadband problems which was arranged by retentions or cancellations whichever. I'll post an update after that.

0 Kudos
Reply
Highlighted
  • 186
  • 0
  • 11
deckhanddave
Dialled in
442 Views
Message 78 of 123
Flag for a moderator

Re: Finally had it with Virgin(I sound like a broken record)

So today the engineer called as arranged although it was a bit early as I was told 15.50 yet he was told 14.30! We had a laugh about that as he called whilst I was ragging the bank over this problem. To update everyone on my progress or lack of it, the bank have checked my log or whatever they call it, (event log maybe) where they record every attempt to access my account and there is nothing showing at all. They can't see any sign of an ip block and so have escalated the case. The Virgin engineer I spoke to was very helpful and open and honest. I should have been talking to him two weeks ago. He was very frank and said he only gets these calls at the death, so to speak. He agrees he should get them earlier than this. You need to start listening to people Virgin. He was as perplexed as we have been. I told him about my set up and antivirus/malware. How and what we have done to check everything, including the Wireshark tests up to now and what I was getting from Trend House Call software.To try break this deadlock, he asked me to remove my service cancellation so that he could send me a new router and see where that takes us for starters. He has arranged to call back thursday and in the spirit of being open and honest, I told him it was likely I would still leave even if we fixed it because it should have been sorted 2 weeks ago. I also told him my intention is to take the case over Virgin and the banks heads to try and motivate them both to put a better system for dealing with these sort of problems other than saying, "It isn't our fault" now go away. I would like to thank everyone on here who have tried to help and those who are still trying. I appreciate all the efforts that have been made. My personal opinion is that Virgin lets you down by their poor first line customer care.

0 Kudos
Reply
Highlighted
  • 6.88K
  • 227
  • 1.31K
Community Lead
Community Lead
388 Views
Message 79 of 123
Flag for a moderator
Helpful Answer

Re: Finally had it with Virgin(I sound like a broken record)

Hi @deckhanddave 

I'm so sorry for the trouble you're having trying to get to the bottom of this.

I've had a few conversations with our security teams about your specific problem and the likely causes to be sure that we've got all the available data for you. This won't all be new to you, but I'll go from the start to make sure I don't miss anything.

We first received reports of malware on your network around the 27th December. Since then all of the following have been picked up at one time or other:

  • iotmirai
  • mirai
  • iotsatori
  • proxyget
  • conficker
  • msil/horsamaz
  • win32/toobtox
  • win32/neop
  • win32/mafod
  • win32/otran
  • win32/dooxud
  • win32/defsel
  • msil/bladabindi
  • vbs/jenxcus
  • msil/geratid
  • win32/sality
  • win32/yemrok

Whilst we don't get a specific report of the device(s) involved, anything marked 'iot' has likely come from an IoT device, such as CCTV cameras, in-home assistants, smart meters etc. Anything with win32 has likely originated from a Windows device. We don't send a letter for every breach, but I'm aware that you've had a letter for some of these. I'm sorry to report that the most recent activity was detected on Monday night. We've also received reports of the IP being blacklisted, which we're certain is why you can't access banking websites.

I've checked your public IP for example and it's currently showing on Spamhaus' XBL list. I won't share the report in the public thread as I don't want to reveal your IP address, but you can check that yourself by going to Spamhaus' lookup tool.

All of our guidance on malware alerts can be found at virginmedia.com/help/malware-alert - I know you've already checked that from receiving the earlier letter and from looking at this thread it seems some of the investigations have gone beyond that initial stage. There's also some advice in our Email board on what to do when your IP address is blacklisted, which is worth checking over as well.

Having checked everything on your connection and the local network, I'm certain that the banking problem is caused by blacklisting of your Virgin Media IP address. Unfortunately, until the malware can be cleaned up there's nothing meaningful we can do to solve the problem. If the new hub does give you a new IP address then you'll likely have access for a short period, but as soon as new malware reports come in then the address will be blacklisted again.

Let me know once you're finished checking over everything and I'll be able to check with our security team to see if any more activity is being reported at that point.

Kev

The do's and don'ts. Keep the community welcoming for all. Follow the house rules


0 Kudos
Reply
Highlighted
  • 186
  • 0
  • 11
deckhanddave
Dialled in
373 Views
Message 80 of 123
Flag for a moderator

Re: Finally had it with Virgin(I sound like a broken record)

Now that's really blown my mind! The only thing I haven't managed to do any checks on is a new smart meter that was fitted. Do you know when the first recorded item was? Was it the 27th Dec? Thanks for this input, I now know that whatever it is it is hiding very well. We had a new smart meter fitted Dec 17th, could it really be that? It's a SMETS 2 type. Also, we added some amazon alexa stuff. None of it shows port 25 being used and my router config says port 25 is closed. Can you not give me something with a bit more meat on it? Is it doing it at certain times? I feel like I'm in a dark smoke filled room groping around to find a body! It's the lack of usable info that makes this so ridiculously hard. Lastly, how are they seeing it and I aren't? I did a deep scan two nights ago with Win Defender and found nothing.

0 Kudos
Reply