Welcome to Xfinity Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,874,141

members

1,322

online

29,103

topics

Top

This is the VPN filter malware threat "MEGA-THREAD".

ANSWERED
Frequent Visitor

Re: FBI Router Warning

What is the difference in rebooting by physically disconnecting the cable line and the power cord and initiating a restart with https://www.xfinity.com/support/    I have a battery in my Arris TG1682G.  Do I need to remove the battery if the physically rebooting is the complete way of doing it ? What about pushing the reset button resessed in the back of the modem?

New Poster

Re: WiFi router factory reset followup settings

Hey, thanks, good to know.

 

I was saving screenshots of each control panel setting just in case, then found one for backup / restore option in the Advanced section. Also see how the name ID and password are modifiable.

 

I went through the factory reset step and it automatically reconnected OK with the default configuation settings. Although it took about a minute or so longer to reboot then just the reboot option.

 

I now see that Netgear has some "VPN hot-fix" item posted on their support site so will look into that next.. 

Problem Solver

Re: FBI Router Warning


@sgtjdc wrote:

What is the difference in rebooting by physically disconnecting the cable line and the power cord and initiating a restart with https://www.xfinity.com/support/    I have a battery in my Arris TG1682G.  Do I need to remove the battery if the physically rebooting is the complete way of doing it ? What about pushing the reset button resessed in the back of the modem?


For all intents and purposes, a hardware restart by physically disconnecting the power supply or a quick press of the reset button, and initiating a software restart at the gateway's admin panel /your My Account page/ XFinity xFi, accomplish the same thing. It's like restarting your computer after a crash. 

 

If you press the Reset button in the back for more than 15 seconds, or if you initiate a Factory reset from the gateway's admin panel, then the gateway is wiped clean and restored to its original settings from when you first installed it, like a reinstall of your operating system, (or a PowerWash for Chromebooks.).

 

The battery keeps your phone connection alive even during a power failure, so it's a good idea to remove the battery prior to a reboot. 



<<<< "Sometimes the best way to learn something is by doing it wrong and looking at what you did." - Neil Gaiman >>>>
New Poster

xfinity and the VPNFilter malware

  1. has Xfinity taken any steps to protect customers from The VPNFilter malware that was recently in the news?
New Poster

Home network router - Russian malware

Is Comcast sending a fix to protect customer home network routers from the Russian malware?  Or are we on our own?

New Poster

Re: This is the VPN filter malware threat "MEGA-THREAD".

What has Xfinity done to clear the VPN Filter malware from its routers and protect the routers from future hacks of this type?  

 

Note, I am asking about the Russian hack, NOT the vulnerability discovered by some US researchers and fixed by Xfinity on Monday.  

 

For more in the Russian hack see this article: http://amp.timeinc.net/fortune/2018/05/26/fbi-warning-russian-malware-routers.

New Poster

Checking current Firmware (if necessary)

Regarding the Xfinity Arris TG1682 and the FBI router warning: is the router firmware updated by Xfinity automatically or should users check the current version (how?) and update?

 

Thanks.

New Poster

Re: This is the VPN filter malware threat "MEGA-THREAD".

I would like an answer to this question also. Do Xfinity/Comcast IT staff monitor this site?
Cable Expert

Re: Checking current Firmware (if necessary)

It's updated automatically. You can powercycle the device (unplug it for 30 seconds, then plug it back in) to make sure it has the most recent updates. 




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark an Answer!solution Icon

New Poster

Re: Comcast Xfinity Router Easy Hack

I was warned by the guy who installed my modem NOT to change the default login to the router. I believe this might prevent Comcast updates and remote maintenance. It does make me uneasy, though.

Connection Expert

Re: Comcast Xfinity Router Easy Hack


@AaronShep wrote:

I was warned by the guy who installed my modem NOT to change the default login to the router. I believe this might prevent Comcast updates and remote maintenance. It does make me uneasy, though.


No it doesn't. The firmware is updated through the backend no matter what you choose on the LAN end.




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark an Answer!solution Icon

New Poster

Russian Malware

With the FBI warning about restarting our modems this past week, are there any firmware updates from Xfinity?

Contributor

FBI call for reset routers....do we need to reset to factory defauls

Do we need to do anything about the call by FBI to reset routers when we rent comcast modums with their built in routers? Should we change our passwords too? If yes why haven't I been contacted and told what to do? Will this and can this be done automaticly by comcast?

Service Expert

Re: Russian Malware

Comcast is prepairing a public release.




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark an Answer!solution Icon

Service Expert

Re: FBI call for reset routers....do we need to reset to factory defauls

There is nothing you need to do; Comcast is working on a response.




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark an Answer!solution Icon

New Poster

Russian malware

Arr we in any danger from this and if so what are the steps that we need to take.
Service Expert

Re: Russian malware

Comcast is preparing a response.

Please don't post in multiple forums.

https://forums.xfinity.com/t5/Forum-Community/Forums-Policy-and-Guidelines/td-p/2618379




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark an Answer!solution Icon

Security Expert

Re: Comcast Xfinity Router Easy Hack

Additional info from Bleeping Computer that may be helpful:

 

https://www.bleepingcomputer.com/news/security/reboot-your-router-to-remove-vpnfilter-why-its-not-en...

 

 

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark an Answer!solution Icon

New Poster

Re: Technicolor TC8305C gateway firmware updates

Great question since its all over the news to upgrade your router due to a flaw for hackers to penetrate.  Does Comcast ever read and respond to these here?

Problem Solver

Re: Comcast Xfinity Router Easy Hack


@AaronShep wrote:

I was warned by the guy who installed my modem NOT to change the default login to the router. I believe this might prevent Comcast updates and remote maintenance. It does make me uneasy, though.


I'm not sure why you were told that. By all means, you SHOULD change the default password (and username if possible) on the gateway, if anything to prevent anyone connecting to your network from messing around with your gateway settings. 

In fact, the reason a lot of such malware spreads is due to people not changing their default logins, which the malware uses as a backdoor into the device. 



<<<< "Sometimes the best way to learn something is by doing it wrong and looking at what you did." - Neil Gaiman >>>>
New Poster

reboot modem

Should I reboot my modem as the FBI is recommending?

Contributor

Re: reboot modem

The modems are not routers with default login/passwords which make them susceptible.  If you'd feel safer, you can always powercycle your modem.  Maybe someone from Xfinity/Comcast will chime in here.

Joe V
(not a Comcast employee, just another paying customer)
New Poster

Re: This is the VPN filter malware threat "MEGA-THREAD".

Which Xfinity owned routers may be infected or potentially infected by VPNFilter malware?

Should we just turn off and reboot anyway?

Do we need to reset Xfinity router passward?

Regular Visitor

Re: Bug in Xfinity Leaking Personal Customer Information

Hi Can you confirm that the comcast supplied router is not a mdel that can behacked by the FBI-sourced report?

thank you!

New Poster

Is my Xfinity modem/router protect from VNPFilter malware?

Is my Xfinity modem/router protect from VNPFilter malware?

New Poster

Router firmware and VPN Malware

Hi. I just read the FBI security bulletin regarding the VPN Filter Malware. I restarted my router, does my router automatically update the firmware or do I have to manually download?

Thanks
New Poster

Protection against VPN malware for Xfinity home customers

Are Xfinity home customers using Xfinity equipment affected by VPN filter malware and if so, what protective steps need to be taken?

New Poster

VPN Filter

From COnsulers Reports: "A new kind of malware is hitting WiFi routers around the world, and security researchers say consumers should tighten the security on their own home networks." Their experts recommend updating router software and reseting the router. Do you agree? If so, how does one update the router software?

New Poster

VPNfilter

I have the Xfinity home router.  Is my home network susceptible to the Russian malware botnet called VPNfilter?

New Poster

Re: Comcast Xfinity Router Easy Hack

Thanks EG and DarkAngelic. As you advised, I've changed the password and made sure remote control was turned off. I didn't see any way to change the username. That's the last time I take advice like that from an installer without checking it.

 


@darkangelic

In fact, the reason a lot of such malware spreads is due to people not changing their default logins, which the malware uses as a backdoor into the device. 


I'm not sure why you were told that. By all means, you SHOULD change the default password (and username if possible) on the gateway, if anything to prevent anyone connecting to your network from messing around with your gateway settings. 

 

New Poster

Re: VPNfilter malware

Does anoyone know if Comcast customers need to do anything re the malware dubbed VPN Filter?  I am not convinced that the customer service reps I have spoken with really know.

Regular Visitor

rouoter reset

The FBI is suggesting that the router not only be rebooted, but reset. Since it is your equipment are you doing this? I cannot reset the modem.

Thanks

Problem Solver

Re: rouoter reset


@azbutch wrote:

The FBI is suggesting that the router not only be rebooted, but reset. Since it is your equipment are you doing this? I cannot reset the modem.

Thanks


There's a tiny, recessed Reset button on the back of the gateway that you can press with a bent paperclip for 30 seconds and it will reset the gateway back to factory defaults. 



<<<< "Sometimes the best way to learn something is by doing it wrong and looking at what you did." - Neil Gaiman >>>>
Problem Solver

Russian Hackers Targeting WiFi Networks

Does Comcast have something in place to fight this?

 

http://www.fox21news.com/news/local/russian-hackers-targeting-americans/1209570517

Regular Visitor

Re: rouoter reset

I'm sorry, but it requires the address to the router control panel and the password. Your job, not mine.

Problem Solver

Re: rouoter reset


@azbutch wrote:

I'm sorry, but it requires the address to the router control panel and the password. Your job, not mine.


No it doesn't. What you're referring to is an alternate method to reset the gateway to factory settings, which will require a login to the gateway's admin control panel. If you haven't changed anything, the default logon is username admin, and password password.

Choose one, or the other. 

 

BTW, that's not "my job" any more than it's Apple's job to reformat my Mac's hard drive and restore OSX from Time Machine if I suffer a catastrophic system crash, or Ford's job to fill up my F-150 with gas when I  run low on fuel.

 

 

 



<<<< "Sometimes the best way to learn something is by doing it wrong and looking at what you did." - Neil Gaiman >>>>
New Poster

Comcast Router

For those of us with a Comcast router, what if anything do we need to do regarding the FBI warning?  

New Poster

Re: Comcast Router

Thanks, see it now.  Some useful information for semi-illiterates like me but still lots of questions.  If Comcast really is putting out a statement that should provide some clarity.  Thanks for your many responses.  

Contributor

Re: VPNfilter malware

Is remote management actually disabled?  Xfinity has created a web page to manage your modem's settings.  Isn't that remote management?

Problem Solver

Re: VPNfilter malware


@littlepeaks wrote:

Is remote management actually disabled?  Xfinity has created a web page to manage your modem's settings.  Isn't that remote management?



Yes, but you can’t just log directly into your gateway remotely from any location like you can with a lot of the affected routers. Even my ASUS RT-AC88U has that ability, but since it's not enabled by default, it's secure from VPNFilter intrusion.
You'd have to go through Comcast's xFi web portal to manage your network, and even then you'd have to validate your account before you're granted access. This isn't something botnet malware can do on its own.



<<<< "Sometimes the best way to learn something is by doing it wrong and looking at what you did." - Neil Gaiman >>>>
Most Valued Poster

Re: FBI Router Warning


@billflyer wrote:

Is there any advice and/or help from Comcast about "resetting" or "rebooting" their router, as per the recent FBI recommendation?  I have their Arris TG1682G.  I'm semi-literate in these things, but I don't know much about routers and modems and I hesitate to dig in without assistance.

 

We don't have 'traditional routers'  with Comcast that they are talking about unless we buy and install them ourselves  which is usually to have a network of computers in our home or office. The gateway modems we get from Comcast are not what they are talking about as far as I can tell by researching and there has been zero mention of Comcast/FIOS, etc.   This article lists the routers that could be vulnerable. I am not the slightest bit concerned about my ARRIS modem.

 

https://www.cnet.com/how-to/the-fbi-says-you-should-reboot-your-router-should-you-explainer/

 

New Poster

FBI alert re: hacking router

Do i need to change password on my Comcast-supplied router based on recent FBI warning about hacking? (https://goo.gl/PwcbQm)

Service Expert

Re: FBI alert re: hacking router

No.  But it is best practices to change the default password to a different one.  If your password is password you should change it.




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark an Answer!solution Icon

New Poster

VPN Filter Malware

Do we need to reboot an Xfinity router due to this malware?

Contributor

Re: VPN Filter Malware

After reading most of the posts/replies in this thread, I have a thought.  The problem IMHO, is that the FBI and other government agencies do not try to go after the hackers involved -- these agencies have just become a bunch of record takers and statistics takers.  And they feel their job is to warn us -- then they're done.  If this is done by Russian hackers, has anyone from our government tried to contact the Rusiian government, and ask for their help in shutting these people down?  I know we're not on the best of terms with Russia, but it wouldn't hurt to ask, would it?

Problem Solver

Re: VPN Filter Malware


@littlepeaks wrote:

After reading most of the posts/replies in this thread, I have a thought.  The problem IMHO, is that the FBI and other government agencies do not try to go after the hackers involved -- these agencies have just become a bunch of record takers and statistics takers.  And they feel their job is to warn us -- then they're done.  If this is done by Russian hackers, has anyone from our government tried to contact the Rusiian government, and ask for their help in shutting these people down?  I know we're not on the best of terms with Russia, but it wouldn't hurt to ask, would it?


The problem with malware of this type is that once it's out, anyone can use it. It may have been developed by a known Russian hacker group, but the people responsible might not actually be them. Heck, you can now rent a botnet and DDoS anyone. Even the NSA has developed hacking tools that some genius in their organization allowed to be leaked to the world at large, and now anyone can use them. 

 



<<<< "Sometimes the best way to learn something is by doing it wrong and looking at what you did." - Neil Gaiman >>>>
New Poster

FBI warning for malware on routers

Does the recent FBI warning about malware on routers (home or business) affect the Xfinity modems?  If so, what should we be doing about it?  Thanks.

New Poster

VPNFilter Malware

Does xfinity automatically update the security software on our wifi modems to stop the new VPNfilter malware?

New Poster

Re: VPNFilter Malware

Does anyone have a definitive answer on whether or not we need to do a factory reset on the xfinity gateway to eliminate VPNFilter?

 

I connected with 3 Comcast support agents -- one by chat and two by phone -- and the answers i received ranged from "your router is protected, you dont' have to do anything" to "you need to change your firewall settings" to transferring me to Norton antivirus ?!? 

 

Needless to say, i don't have a lot of confidence in what I was told.

 

I asked for an official Comcast statement from the guy who said i didn't have to do anything but he couldn't provide one.  Has anybody seen one?

 

 

New Poster

Re: Checking current Firmware (if necessary)

 


@RobertWy wrote:

Comcast will make a public announcement.


Have they made a public announcement? I haven't seen anything.

Special Events
FIFA World Cup 2018 on Xfinity See More