Menu
Reply
  • 5
  • 0
  • 0
thatguy1982
Joining in
523 Views
Message 1 of 7
Flag for a moderator

Your device may have a virus email. Need to verify that I have solved the problem

The account holder (my other half) has just got a email saying that your device may have a virus and is attacking other computers. I believe I have isolated the computer causing this and the problem is now solved, and it happened through thinking windows defender would protect most threats (obviously not, will be getting Barclays free Kaspersky offer again in the morning)
I would just like someone at VM to verify that the problem has been solved as I really do not want my internet to get suspended.
The reference number from the email is :

VMIS60-NETWORKATTACKS-F005538143

Can I also say, in a personal note how awesome it is that virgin noticed this while I was sleeping so I could act quickly to find it and stop it, another reason why they are the best.

Thanks in advance
0 Kudos
Reply
  • 5
  • 0
  • 0
thatguy1982
Joining in
477 Views
Message 2 of 7
Flag for a moderator

Re: Your device may have a virus email. Need to verify that I have solved the problem

Ok, I just phoned 150 to be told by a guy called Moses that it is a automatically generated message and please IGNORE it.
Ans that if it was important we would I of got a phone call. I am guessing the phone call would of came right before loss of service.
As I said I am a technical person and already verified that something had attached itself to Explorer.exe process and was hammering the network botnet style and took the quick route of reinstalling as this all happened at 1am.
So why have I been told to ignore it, what if I was a non technical user, my data would possibly be at risk (not in this case, but a different virus might of been) and VM have said and I quote "your internet is fine,everything is secured"
So is everything fine, is there still a attack going on ? Was it the computer I renstalled or another one ?
I don't know, all I know is if my service does stop, I hope there is a record of me being told this.
0 Kudos
Reply
  • 10.82K
  • 310
  • 634
Forum Team
Forum Team
467 Views
Message 3 of 7
Flag for a moderator

Re: Your device may have a virus email. Need to verify that I have solved the problem

Hi thatguy1982,

 

Welcome to the community and thanks for posting.

 

My apologies to hear of the experience you are having with a virus on your computer.

 

Our security team do send notifications to customers if there is a threat/vulnerability on their home network. You can take a look at this link > Security Hub for more information.

 

If you would like me to check this further, can you send me a Private Message with the email you received (editing any personal information), the name on the account and the full address please.

 

Look forward to hearing from you

Sam

 

 


New around here? To find out more about the Community check out our Getting Started guide


0 Kudos
Reply
  • 5
  • 0
  • 0
thatguy1982
Joining in
464 Views
Message 4 of 7
Flag for a moderator

Re: Your device may have a virus email. Need to verify that I have solved the problem

Yes I know all that and I know there was rouge software causing it, but as it's a network venerablity and I have more than one device connected I wanted to know if the venerablity and suspicious activity has stopped. I will pm you shortly with the details and I hope you can confirm that it is sorted
0 Kudos
Reply
  • 3.64K
  • 217
  • 1.03K
Sololobo
Community elder
808 Views
Message 5 of 7
Flag for a moderator
Helpful Answer

Re: Your device may have a virus email. Need to verify that I have solved the problem

It's likely that the initial report came from Shadowserver (https://www.shadowserver.org/wiki/) and was passed to VM. VM then informed you of a potential vulnerability, requesting you to take mitigating action.

You can contact Shadowserver directly and request further information. Unfortunately VM have a bad habit of not providing all relevant information in their communications, it's better if you go directly to the Organ Grinder and bypass the Monkey!




It's What I Do.
I Drink and I
Remember Things.
  • 5
  • 0
  • 0
thatguy1982
Joining in
437 Views
Message 6 of 7
Flag for a moderator

Re: Your device may have a virus email. Need to verify that I have solved the problem

I was reading something about shadowserver doing this and sending reports to the ISP not long ago.
I will contact them now, but without even having the same IP I had when this was happning and not knowing what that IP was, i doubt they can answer me just from my VM details..
Unless that reference is a unique one.

That begs the question, why did phone support tell me to disregard it when there was clearly a threat ? And why did I supply all the details as requested to the forum team and get no answer ? Why did the forum team not just say, yes there is a virus , no it was not is that found it we are just telling you, contact shadowserver.

Frustrating Smiley Sad
0 Kudos
Reply
  • 5
  • 0
  • 0
thatguy1982
Joining in
403 Views
Message 7 of 7
Flag for a moderator

Re: Your device may have a virus email. Need to verify that I have solved the problem

So here is what happened. Short version is that I will have to assume it has been resolved.

I contacted shadowserver, as advised by the other member here, and he is 100% correct they have confirmed that they are the ones making the reports to virgin media.
An hour ago I have just been told that if I have followed the steps in the email there will be no problem. that is all well and good,. but there is a pc, 2 laptops and about 4 android devices 2 of them rooted that use the connection and it was obviously a network attack, hence why I wanted confirmation that it has gone because I have other devices in that network...and so do you virgin, other customers.

If your 'security team' detected the attack why could your security team not confirm that all is good now ?.
Shadowserver are not anyone's security team, they do what they do to keep the internet safe, and I think that it is awesome. Never even knew they existed before this.
Shadowservers response from a guy in a IRC Channel was something like, yeah we do security related scans, and compile a report to send to the ISP, Your ISP Would be the right pont of contact to find out what was wrong, and asked what kind of traffic it was. I never logged what kind of traffic as I was too busy trying to stop it happning as it was 2AM.
If the ISP was the right point of contact, and I know for a fact my pc had some sort of virus (possibly a botnet at a guess with all the traffic, and the fact eBay was access denied until I took steps to fix it)
Than why when I phoned 150 was I told disregard it , it's auto generated your connection is fine when clearly it was not.

Come on VM security team, that is not good for customers that are not technical. They would of listened to phone support and carried on as normal, while compromised
0 Kudos
Reply