I went to get online just now and instead of my home page this comes up:
I googled it first but all I could find was a bunch of speculation. The link in it doesn’t work. What exactly does this mean?
The IP address that Time Warner has supplied to you has been identified as the source of either a ton of spam email or a ton of web requests somewhere. Ever wonder where spam or denial of service attacks come from? They sure don’t come from the spammers’ or hackers’ computers! They come from malicious software that makes it on to the machines of unsuspecting folks, and the software allows for spam to be sent or web requests to be sent without any help from or knowledge of the computer owner.
Someone who received this spam or web requests noted the IP address and saw it was owned by TWC and TWC looked up who is using the IP address and it’s you.
They are acknowledging that you are probably not running a spam service or trying to run denial of service on a network, and have instead probably been infected with a virus that is making your computer do this stuff.
They’re asking you to clean up your computer and stop it from doing whatever bot-like thing it is doing. Sometimes this shit can be really hard to deal with and the most sure way to get rid of it is to do a re-install (instead of trying to identify and clean the virus). But that’s just their suggestion and easier than trying to go into specifics with you.
They’ll turn your internet back on (probably need to give them a call) but if the problem persists they will turn you back off again and maybe will turn off your service for good, because technically whatever your computer is doing is against their AUP and you gotta take care of it.
It means you should check all your computers for virus/malware infection. The likely reason you cannot get to the link is that the malware is preventing it. Of course, this may make it hard to obtain and execute antimalware software. You may need to use a bootable CD (like this bootable Linux CD with antivirus or similar) to be able to scan your PC safely. My suggestion for Anti-malware for Windows is Microsoft Security Essentials - it is free, lightweight and pretty good.
Major ISPs are being more proactive regarding customer infection. Their network monitoring can identify traffic patterns indicative of malware infection, and respond accordingly (usually by redirecting your first DNS lookup to the warning page). I would take it seriously, but stop truting your computer till you are very sure it is clean.
Well anyway the ideas is that Time Warner can know that your connection has sent a million requests in an hour, when an ordinary user sends 100.
For most users, this can be seen in outgoing traffic.
if your ISP can provide a graph of this per hour, then you might see that its only on 4pm to 8pm , and think “hey thats when the kids turn on their computer”
or if it is 8pm to 1am, then its your computer. for example.
The outgoing traffic may not reveal it very obviously, clearly, if there is a lot of game playing, or you run file downloaders (which are also peer to peer SHARERS And tend to share out more than they download.) , or you do send lots of emails (or big emails.) . So if you can leave your computer on and turn off all those, then check for outgoing traffic … ?
Windows 8 task manager can show network traffic per program
You can view packet counters in the “network connection” window. (eg from the icon at the task bar, near the volume control , or from the network part of the control panel.
Your ISP or your modem may tell you inward and outward trafffic
You could run spybot search and destroy, superantispyware, trendmicro housecall… or others of step 3 as the sticky thread in here at SDMB general.
See http://boards.straightdope.com/sdmb/showthread.php?t=538187
I ran Malwarebytes and found one infected item. I’m going to try some of the other ones today. Fortunately, I’ve been working on backing up my content for the last few days. I’m already burning discs and moving to other drives but it’s going to take some time. How quickly will they cut me off?
infections could hide in your backups. scan them before trusting them.
Do you have a home network? Are you running a wireless network? Is that wireless network secure? Your TOS with Time-Warner may hold you responsible for all network traffic, regardless of how it’s generated. If you have a wireless system and you haven’t properly secured it, you may be held responsible for someone else using your wireless network, whether you know about the other access or not.
At the very least, change your wireless password.
If you logon to your wireless router, there is an option to see what is attached (DHCP address table, usually).
Try several AV scan programs, since sometimes one will pick up something another might not. be sure to do a FULL scan, not a quick one.
Are you sure this came from TW, not from spammers hoping to get you to download their latest virus because you think it is a cure? The “fake Antivirus program” is a classic dodge. Why would TW direct you to anywhere except a timewarner.com page?
(I see several, for example - questionable web pages direct you to “download latest flash player” but the link is not to Adobe.com)
The link is to RoadRunner - owned by TimeWarner. Research indicates that the warning is probably legit.
The fact that the link does not work is probably the malware hijacking DNS to prevent access to anti malware tools.
rr.com is a Time Warner property; their Internet service is/was called “RoadRunner.”
Edit: Too slow!
Ignorant questions:
How did TW force the page to display? Having changed a number of Internet settings (e.g. switching to Google DNS servers), is there any way a user could configure things so that such warnings would be missed?
I’m full of ignorant questions myself. I didn’t grow up with computers. I know more than any of the older people I know so they think I’m some kind of computer genius. They don’t know anything other than how to turn it on and go to websites. My boss doesn’t even know how to double click. She right clicks and then clicks “open” for everything. I tried to show her but she just can’t do it. Truth is, I’m barely computer literate myself. I’m a visual learner. I need to see what’s being done to understand it. Most of my younger friends feel the need to do everything at Mach 1 and they get pissy if I ask them to slow down a second. It’s hard as hell to learn anything from them.
Please know that I’m doing the best I can to understand your advice but you may need to kind of hold my hand a bit.
It could be done a number of ways - DNS redirection is one. If you use an external DNS (like Google or OpenDNS) you could miss it, but the ISP might just network redirect all your port 53 DNS lookups to their own servers till they have your attention. They could also just use a proxy redirection, so that all your port 80 http traffic runs through their proxy (which they almost certainly do anyhow). Then they redirect the first request of a session to the warning page. They may even VLAN out all the suspected customers into an isolated subnetwork so they cannot see noninfected system, and any traffic redirection/filtering can be done on specific proxies. Lots of options. If they don’t see you hit the warning page, they will probably start emailing/calling.
OK. Funny thing. The link in the warning would not work directly from the message as it appeared on my screen this morning. When I clicked on it from inside this thread it opened. I ran their full scan and no malware was detected.
You did say you ran malwarebytes, so you may have removed the source of the problem, including the reason the link would not open. Finish your backups, choose a good antimalware tool (as I say, Microsoft Security Essentials is both good and free), uninstall old products. Upgrade your browsers, install OS patches, and enable UAC if not already on (I know people hate it, but it serves a purpose). If a website asks you to allow changes to your system, think very carefully about WHY it may want to do so - the default, instinctive answer should be Hell, NO.