Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,612,303

members

24

online now

1,793,948

discussions

Back to Top

Mirai-botnet reported from Constant Guard

Posted by
Regular Contributor

Member Since: ‎10-09-2006
Posts: 114
Message 1 of 7 (283 Views)

Mirai-botnet reported from Constant Guard

Recently Constant Guard has been reporting XFINITY Internet Security detected bot activity from one or more computers connected to your home network - specifically Mirai-botnet.  I have a couple of desktops and laptops running on my home network - all with current anti-virus.  A little research tells me that the Mirai-botnet runs on Linux.  I don't have anything running Linux that I am aware of - although I recently added a smart TV (TCL-Roku) that might run on that platform.  I ran a few scans on my PCs and they are clean. I also ran BullGuard and Incapsula and they showed I was clean. Now what?  Any way to identify which device is causing this reading?  Thanks

6 REPLIES
Posted by
Regular Contributor

Member Since: ‎10-09-2006
Posts: 114
Message 2 of 7 (240 Views)

Re: Mirai-botnet reported from Constant Guard


sehale wrote:

Recently Constant Guard has been reporting XFINITY Internet Security detected bot activity from one or more computers connected to your home network - specifically Mirai-botnet.  I have a couple of desktops and laptops running on my home network - all with current anti-virus.  A little research tells me that the Mirai-botnet runs on Linux.  I don't have anything running Linux that I am aware of - although I recently added a smart TV (TCL-Roku) that might run on that platform.  I ran a few scans on my PCs and they are clean. I also ran BullGuard and Incapsula and they showed I was clean. Now what?  Any way to identify which device is causing this reading?  Thanks


Anyone?  Everyday I get an email with this notification but as far as I can tell, I still have no Linux machines running so I don't know what the offending device is.

Posted by
Edited on
‎03-18-2017 11:19 AM

Security Expert

Member Since: ‎10-28-2003
Posts: 6,377
Message 3 of 7 (231 Views)

Re: Mirai-botnet reported from Constant Guard

[ Edited ]

 

Hi Sehale,

 

Please see if the following info sheds any light on your situation:

 

https://constantguard.xfinity.com/products-and-services/bot-detection-and-removal/

 

It will ask you to be loggd into your Comcast Home page - for some reason being logged into the forums does not work - which makes no sense to me.

 

 

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Regular Contributor

Member Since: ‎10-09-2006
Posts: 114
Message 4 of 7 (203 Views)

Re: Mirai-botnet reported from Constant Guard

Thanks for the reply but as far as I know, the Mirai Botnet only affects Linux machines - possibly routers, CCTV systems, etc.  Not Windows based PCs - which is what I have.  I have up to date antivirus and anti-malware on my PCs.  There is no local reports from these programs.  They are up to date and constantly scanning.  I called Comcast yesterday for more information and they had no clue - I want to know if the MAC ID of the offending device can be identified.  I have run a few scans from other programs and came up clean - which is expected since they are scanning Windows devices that cannot have the Mirai.

Posted by
Security Expert

Member Since: ‎10-28-2003
Posts: 6,377
Message 5 of 7 (194 Views)

Re: Mirai-botnet reported from Constant Guard

I'm not the sharpest tool in the shed when it comes to botnets - so I have requested help from a much sharper tool!

 

Hopefully LoPhatPuud will post some addtional info.

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Security Expert

Member Since: ‎11-01-2005
Posts: 3,058
Message 6 of 7 (182 Views)

Re: Mirai-botnet reported from Constant Guard

At this point, I suggest you post the required logs at one of the Malware Removal boards listed here:
http://forums.xfinity.com/t5/Anti-Virus-Software-Internet/Where-to-Seek-Malware-Removal-Assistance/t...

My recommendation would be Bleeping Computer.

Be sure to link to this thread.


"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain


Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Regular Contributor

Member Since: ‎10-09-2006
Posts: 114
Message 7 of 7 (164 Views)

Re: Mirai-botnet reported from Constant Guard

So the plot thickens - I was very skeptical that one of my PCs would have this bot as they are fully protected and Windows based.  Then the more I thought about it, the more I realized that these alerts started right about the time I got a new (and first) "smart" TV.  A TCL-Roku 55US5800.  So last night I disconnected it from the internet and sure enough - for the first time, no alert message.  All other devices connected as normal.  Hmmm.  I will try and duplicate it again tonight (alert messages come around midnight) but I think I found the culprit.  Now what...?