Community Forum

Comcast is spreading a malware worm!

New Poster

Comcast is spreading a malware worm!

I got a replacement Comcast modem this past Thursday from Comcast, and the installer mentioned the utopia.net malware worm possibly coming into my Mac's DNS via the Comcast modem. After he left, I saw my DNS read "utopia.net" instead of "comcast.net". Two calls to Comcast Security = two replies that they never heard of it. But they "kicked it upstairs, and a few hours later my DNS returned to "comcast.net". That evening my bandwidth faded, and after I did a robo telephone refresh of the modem, "utopia.com" reappeared. I then called Comcast Security, and again was told they never heard of it. ...and this has wreaked havoc on my system!!! Yet I see a thread on "utopia.net" on Xfinity Help and Support Forums dating back to early 2016. Perhaps I should alert the media?
Problem Solver

Re: Comcast is spreading a malware worm!

Admin1

Re: Comcast is spreading a malware worm!

Hi NotanotherATT -- utopia.net is not something within our control. utopia.net is part of a DNS hijacking attack.  You should check all of your systems for malware, and then make sure your devices are getting their DNS servers from us automatically or set them manually:

 

IPv4:

 

75.75.75.75

75.75.76.76

 

IPv6:

 

2001:558:feed::1

2001:558:feed::2

New Poster

Re: Comcast is spreading a malware worm!

I have the same issues. The modem begins behaving strangely, I look at the settings through my network utility, and it shows the DNS name as being "utopia.net" instead of "comcast.net". Mind you, this is only on the modem and not on my wireless router or any of the household devices. It's as though it's getting hijacked from the outside. Eventually, the password on the modem gets changed, so you can no longer log into the modem's admin page at 10.0.0.1. Every time I call Comcast about this, none of their techs act like they have ever heard of it — yet there are hundreds of formum entries on this subject — even on the Xfinity site's forums! It's as though Comcast knows something, but won't admit it, or else is incapable of stopping it. I have all my LAN device settings set statically to Comcast's true 75.75.75.75, 75.75.76.76, hoping this will keep it from getting through to my LAN. Also I keep changing the modem's password. I don't know what else to do, and there is very little legitimate information about this on the Web. Most of the sites talking about utopia.net are just phishing so you will download more malware—so beware. 

The comcast Techs seem clueless — talking about my wireless router when this has absolutely nothing to do with wireless. 

New Poster

Re: Comcast is spreading a malware worm!

I have done this on all my devices. The utopia.net is getting into the modem from the outside. I know this because once I apply the static settings to my wireless router and other devices, the issue does not extend into the LAN. These modems are not secure, and Comcast is not doing enough to educate their techs about this, nor doing enough to keep its customers secure. The scripted response about installing Norton is nonsense. I have three anti-malware and antivirus apps installed, including Sophos, Malwarebytes, and Little Snitch. There is no infection on my computer. Your entire network is being hacked and you seem powerless to do anything about it. In any case, it is absolutely unacceptable that none of your helpdesk employees know anything about utopia.net. 

New Poster

Re: Comcast is spreading a malware worm!

Same thing happened to me....we were having downstream/upstream issues and Comcast came out and gave us a new modem. For the first few weeks, no problems (it could have been there and I just didn't notice it). Then, our internet became intermittent on a daily basis. On and off, on and off. Or, the internet would be extremely slow. I decided to logon to the Gateway to see if maybe someone else was hijacking our wifi. This is where I first noticed the issue. We had several devices connected (via MoCa) that were unknown and I had no idea who they were or what MoCa was. So, I began googling this issue and read about the utopia.net hijack. I ran cmd.exe as administrator and ran ipconfig/all and sure enough, the hsd1.comcast.net was not there and utopia.net was. Here's how I fixed it: Simply log on to the xfinity mobile app, click on 'internet' and then your device (gateway), then tap 'Advanced Settings' to log on to the gateway via 'admin tool'. Once there, you can reset your SSID and password. This will also reset the gateway to factory default. That seemed to fix the issue. Also, I logged on to each computer in our house connected to the internet and cleared 'Utopia.net' from the Windows Registry. Haven't had any problems since and it hasn't came back!

New Poster

Re: Comcast is spreading a malware worm!

I had the same problem and simply logged onto the gateway via the xfinity mobile app, reset the SSID and password and then log on to your desktop or laptop computer, open the Windows Registry, search/find "utopia.net", right click on it and delete. Then, make sure you 'edit' and 'find next' to be sure and get rid of all traces.

You can actually delete it from the registry first if you want and then reset the gateway SSID and password. This worked like a charm for me and haven't had any problems since. Calling comcast is a waste of time as they will do nothing nor admit that this is an issue with their modems. Their techs are generally trained to troubleshoot connection problems, and not malware problems. Also, I highly doubt there are any anti-malware programs out there that will fix it because it's not your normal malware/hijack.

Hope this helps.