6 Replies Latest reply: Feb 23, 2012 12:21 AM by MadMacs0
lsolson Level 1 Level 1 (0 points)

Please forgive me if I don't use correct terminology, but here is my problem.

 

Three days ago my internet speed started getting sluggish. At first I didn't think much of it, but when it persisted I ran speedtest.net. Instead of getting my usual 24+ down and 3+ up, I was getting 5 down and .something up. I noticed here that my IP was not the normal address. I called my ISP about my speeds, they said they didn't know and would send a tech out. I mentioned the new IP and they said it wasn't an issue. I looked up this IP that I was now reporting and the info I got was that it was 400 miles away from me and was a proxy server.

 

The next day my normal IP was back along with my usual speeds, so I didn't have the tech come out. Now today, I get an e-mail from my ISP saying I have been infected with Alureon malware which is changing my DNS settings and to go to their site and download Nortorn to fix it. I just scanned my system with Sophos and didn't come up with anything. Also, my IP right now is back to this new one with horrible speeds. If I shut down my modem and router for several minutes then turn them on, I first have my normal IP, but it is switched after only a few minutes.

 

Any advice on what might be going on?

 

Thank you for your time.


MacBook, Mac OS X (10.6.8)
  • 1. Re: External IP Address Issues
    fane_j Level 4 Level 4 (3,660 points)

    lsolson wrote:

     

    I get an e-mail from my ISP saying I have been infected with Alureon malware

    Unless you're running Windows on your Mac, that's impossible. Alureon does not (cannot) infect Mac OS X. See

     

    <http://www.symantec.com/security_response/writeup.jsp?docid=2008-091809-0911-99& tabid=2>

     

    I don't know about the other issue. I think your ISP holds the key to that problem.

  • 2. Re: External IP Address Issues
    boink boink Level 2 Level 2 (280 points)

    can you tell us about your network setup?

     

    are you using a cable or dsl connection? how do you share your internet connection, using a router or a windows computer connecting via pppoe then sharing it via a router(i hope this is not the case)?

  • 3. Re: External IP Address Issues
    lsolson Level 1 Level 1 (0 points)

    Since yesterday...

     

    Not only did I scan with Sopohos, I also ran ClamX, and MacScan. I called my ISP, which is Comcast, to inform them that I have no such malware. They told me my scans weren't good enough and I needed to run Intego Virus Barrier. So I did. Again, nothing. The guy at comcast told me if I don't get rid of this "bot" they are going to shut my internet off after March 6th. He originally denied (Comcast) being responsible for the forwarding to a proxy server, then later told me it was because I was showing "bot" activity and that it was coming from my modem. ???

     

    Ok, my network setup.

     

    I have a Comcast cable modem and a Netgear router. The network is password protected, WPA2. 3 MacBook Pro's and an HP printer connect to the network. I don't have any windows things. A few Android phones that use the wireless occassionally if that matters.

  • 4. Re: External IP Address Issues
    fane_j Level 4 Level 4 (3,660 points)

    lsolson wrote:

     

    The guy at comcast told me if I don't get rid of this "bot" they are going to shut my internet off after March 6th.

    It doesn't matter what utility you scan with. If you don't run Win, you cannot have this malware. It's as simple as that. You need to escalate the matter with Comcast.

  • 5. Re: External IP Address Issues
    boink boink Level 2 Level 2 (280 points)

    can you check the dhcp client list on your router? then cross check it with the devices you have.

     

    there is a possibility that someone nearby might have hacked into your network. you can also try changing your WPA password and network name.

  • 6. Re: External IP Address Issues
    MadMacs0 Level 4 Level 4 (3,725 points)

    If you are Unix savy, there's always bothunter.

     

    I know there's a web site that purports to test for bots, but I can't seem to find it at the moment.