Reply
Thread Tools Display Modes
#1
Old 07-11-2013, 03:42 AM
Guest
Join Date: Feb 2009
Location: next to Charlotte, NC
Posts: 450
Warning From Time Warner?

I went to get online just now and instead of my home page this comes up:


Quote:
Dear Time Warner Cable Customer,

Please be aware that Time Warner Cable has received a report of unwanted Internet activity being transmitted from a machine connected to the cable modem on your Time warner Cable Internet connection. This violates the Time Warner Cable AUP (Acceptable Use Policy) for your residential account.

We are aware that the majority of such activity is caused by an infected or compromised computer. To avoid further interruptions of your service, you must take steps to clean and secure both your computer(s) and your wireless device(s) if you have any. Please visit our self-help Web site rr.com/security/bothelp once you have read this notice for a suggested course of action. You will be automatically re-directed to this web site when you click the blue link at the bottom of this message. We do recommend that a total system format (all data erased) is the best way to ensure that the computer is safe for use on the Internet again.

We ask that you read the Time Warner Cable Acceptable Use Policy found at help.twcable.com, and bear in mind that violations of the Time Warner Cable AUP can result in actions taken against your account up to and including account suspension and or termination of high speed data service. Please be aware that these steps are taken to protect the quality of service we provide to you and the rest of our customers.

Once your normal Internet service is resumed, please note that you must take steps to resolve the abuse issue or we may disable your service should further reports of unwanted activity be received. We may also require proof that the computer(s) have been cleaned or returned to factory settings.
I googled it first but all I could find was a bunch of speculation. The link in it doesn't work. What exactly does this mean?
#2
Old 07-11-2013, 04:15 AM
Just Lovely and Delicious
Charter Member
Join Date: Aug 2001
Location: Northeast Ohio
Posts: 23,669
The IP address that Time Warner has supplied to you has been identified as the source of either a ton of spam email or a ton of web requests somewhere. Ever wonder where spam or denial of service attacks come from? They sure don't come from the spammers' or hackers' computers! They come from malicious software that makes it on to the machines of unsuspecting folks, and the software allows for spam to be sent or web requests to be sent without any help from or knowledge of the computer owner.

Someone who received this spam or web requests noted the IP address and saw it was owned by TWC and TWC looked up who is using the IP address and it's you.

They are acknowledging that you are probably not running a spam service or trying to run denial of service on a network, and have instead probably been infected with a virus that is making your computer do this stuff.

They're asking you to clean up your computer and stop it from doing whatever bot-like thing it is doing. Sometimes this shit can be really hard to deal with and the most sure way to get rid of it is to do a re-install (instead of trying to identify and clean the virus). But that's just their suggestion and easier than trying to go into specifics with you.

They'll turn your internet back on (probably need to give them a call) but if the problem persists they will turn you back off again and maybe will turn off your service for good, because technically whatever your computer is doing is against their AUP and you gotta take care of it.
#3
Old 07-11-2013, 04:15 AM
Guest
Join Date: Jul 2002
Location: UK
Posts: 4,887
It means you should check all your computers for virus/malware infection. The likely reason you cannot get to the link is that the malware is preventing it. Of course, this may make it hard to obtain and execute antimalware software. You may need to use a bootable CD (like this bootable Linux CD with antivirus or similar) to be able to scan your PC safely. My suggestion for Anti-malware for Windows is Microsoft Security Essentials - it is free, lightweight and pretty good.

Major ISPs are being more proactive regarding customer infection. Their network monitoring can identify traffic patterns indicative of malware infection, and respond accordingly (usually by redirecting your first DNS lookup to the warning page). I would take it seriously, but stop truting your computer till you are very sure it is clean.
#4
Old 07-11-2013, 04:44 AM
Guest
Join Date: Mar 2013
Posts: 4,194
Well anyway the ideas is that Time Warner can know that your connection has sent a million requests in an hour, when an ordinary user sends 100.







For most users, this can be seen in outgoing traffic.
if your ISP can provide a graph of this per hour, then you might see that its only on 4pm to 8pm, and think "hey thats when the kids turn on their computer"
or if it is 8pm to 1am, then its your computer. for example.



The outgoing traffic may not reveal it very obviously, clearly, if there is a lot of game playing, or you run file downloaders (which are also peer to peer SHARERS And tend to share out more than they download.), or you do send lots of emails (or big emails.) . So if you can leave your computer on and turn off all those, then check for outgoing traffic ... ?




Windows 8 task manager can show network traffic per program
You can view packet counters in the "network connection" window. (eg from the icon at the task bar, near the volume control, or from the network part of the control panel.

Your ISP or your modem may tell you inward and outward trafffic


You could run spybot search and destroy, superantispyware, trendmicro housecall.. or others of step 3 as the sticky thread in here at SDMB general.


See http://boards.academicpursuits.us/sdmb/...d.php?t=538187
#5
Old 07-11-2013, 10:09 AM
Guest
Join Date: Feb 2009
Location: next to Charlotte, NC
Posts: 450
I ran Malwarebytes and found one infected item. I'm going to try some of the other ones today. Fortunately, I've been working on backing up my content for the last few days. I'm already burning discs and moving to other drives but it's going to take some time. How quickly will they cut me off?
#6
Old 07-11-2013, 11:25 AM
Guest
Join Date: Jul 2009
Posts: 12,056
infections could hide in your backups. scan them before trusting them.
#7
Old 07-11-2013, 11:35 AM
Charter Member
Join Date: Aug 2001
Posts: 14,421
Do you have a home network? Are you running a wireless network? Is that wireless network secure? Your TOS with Time-Warner may hold you responsible for all network traffic, regardless of how it's generated. If you have a wireless system and you haven't properly secured it, you may be held responsible for someone else using your wireless network, whether you know about the other access or not.
#8
Old 07-11-2013, 01:55 PM
Guest
Join Date: Feb 2009
Posts: 13,168
Quote:
Originally Posted by Duckster View Post
Do you have a home network? Are you running a wireless network? Is that wireless network secure? Your TOS with Time-Warner may hold you responsible for all network traffic, regardless of how it's generated. If you have a wireless system and you haven't properly secured it, you may be held responsible for someone else using your wireless network, whether you know about the other access or not.
At the very least, change your wireless password.
If you logon to your wireless router, there is an option to see what is attached (DHCP address table, usually).

Try several AV scan programs, since sometimes one will pick up something another might not. be sure to do a FULL scan, not a quick one.

Are you sure this came from TW, not from spammers hoping to get you to download their latest virus because you think it is a cure? The "fake Antivirus program" is a classic dodge. Why would TW direct you to anywhere except a timewarner.com page?

(I see several, for example - questionable web pages direct you to "download latest flash player" but the link is not to Adobe.com)
#9
Old 07-11-2013, 02:02 PM
Guest
Join Date: Jul 2002
Location: UK
Posts: 4,887
Quote:
Originally Posted by md2000 View Post
Are you sure this came from TW, not from spammers hoping to get you to download their latest virus because you think it is a cure? The "fake Antivirus program" is a classic dodge. Why would TW direct you to anywhere except a timewarner.com page?

(I see several, for example - questionable web pages direct you to "download latest flash player" but the link is not to Adobe.com)
The link is to RoadRunner - owned by TimeWarner. Research indicates that the warning is probably legit.

The fact that the link does not work is probably the malware hijacking DNS to prevent access to anti malware tools.
__________________
Simon
#10
Old 07-11-2013, 02:06 PM
Guest
Join Date: Mar 2002
Location: Suburbs of Chicagoland
Posts: 22,337
rr.com is a Time Warner property; their Internet service is/was called "RoadRunner."

Edit: Too slow!

Last edited by Ferret Herder; 07-11-2013 at 02:07 PM.
#11
Old 07-11-2013, 03:30 PM
Charter Member
Join Date: Oct 1999
Location: Shakedown Street
Posts: 12,948
Ignorant questions:

How did TW force the page to display? Having changed a number of Internet settings (e.g. switching to Google DNS servers), is there any way a user could configure things so that such warnings would be missed?
#12
Old 07-11-2013, 04:58 PM
Guest
Join Date: Feb 2009
Location: next to Charlotte, NC
Posts: 450
I'm full of ignorant questions myself. I didn't grow up with computers. I know more than any of the older people I know so they think I'm some kind of computer genius. They don't know anything other than how to turn it on and go to websites. My boss doesn't even know how to double click. She right clicks and then clicks "open" for everything. I tried to show her but she just can't do it. Truth is, I'm barely computer literate myself. I'm a visual learner. I need to see what's being done to understand it. Most of my younger friends feel the need to do everything at Mach 1 and they get pissy if I ask them to slow down a second. It's hard as hell to learn anything from them.

Please know that I'm doing the best I can to understand your advice but you may need to kind of hold my hand a bit.
#13
Old 07-11-2013, 06:24 PM
Guest
Join Date: Jul 2002
Location: UK
Posts: 4,887
Quote:
Originally Posted by Rhythmdvl View Post
Ignorant questions:

How did TW force the page to display? Having changed a number of Internet settings (e.g. switching to Google DNS servers), is there any way a user could configure things so that such warnings would be missed?
It could be done a number of ways - DNS redirection is one. If you use an external DNS (like Google or OpenDNS) you could miss it, but the ISP might just network redirect all your port 53 DNS lookups to their own servers till they have your attention. They could also just use a proxy redirection, so that all your port 80 http traffic runs through their proxy (which they almost certainly do anyhow). Then they redirect the first request of a session to the warning page. They may even VLAN out all the suspected customers into an isolated subnetwork so they cannot see noninfected system, and any traffic redirection/filtering can be done on specific proxies. Lots of options. If they don't see you hit the warning page, they will probably start emailing/calling.
__________________
Simon
#14
Old 07-11-2013, 06:49 PM
Guest
Join Date: Feb 2009
Location: next to Charlotte, NC
Posts: 450
OK. Funny thing. The link in the warning would not work directly from the message as it appeared on my screen this morning. When I clicked on it from inside this thread it opened. I ran their full scan and no malware was detected.
#15
Old 07-12-2013, 12:25 AM
Guest
Join Date: Jul 2002
Location: UK
Posts: 4,887
You did say you ran malwarebytes, so you may have removed the source of the problem, including the reason the link would not open. Finish your backups, choose a good antimalware tool (as I say, Microsoft Security Essentials is both good and free), uninstall old products. Upgrade your browsers, install OS patches, and enable UAC if not already on (I know people hate it, but it serves a purpose). If a website asks you to allow changes to your system, think very carefully about WHY it may want to do so - the default, instinctive answer should be Hell, NO.
__________________
Simon
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 10:44 PM.

Copyright © 2017
Best Topics: primatene abuse named partner jumping your bones c4 detonators oh johnny boy royal doulton periwinkle hard drive symbol meaningless quotes wife beaters duralube transmission treatment purpose of washers snts message board listerine alchohol holiday vs vacation bachelorette party blowjobs captain typho madeline rhue gatling guns launder and press froggy feeling mcgee movies how's trix stop sign sticker the strode family bleach urine stacked mattresses lowes cut wood bookcase pegs scrubs message boards eye pun peo international org century vs millenium pirate with parrot on shoulder can i use fandango gift card for popcorn how to set up 8 ball how to make voice less nasally time warner cable pop up how to cut toenails with fungus robert burns parks and rec chevy colorado 5 cylinder problems what time does the mail come on weekdays longest word typed with left hand how much claritin d can you buy in a month how often do gay men have sex speed limit in parking lots reheat wings in oven kayaks with high weight capacity best stephen king book to start with blood in stool only once why can't you eat tarpon how to clean slides room to room intercom wireless do i need to play baldur's gate 1 window ac drain hose s morgenstern the princess bride does afghanistan have nuclear weapons trim eyebrows with clippers 5w-20 or 5w-30 how to cut granite rock gfci breaker or outlet what is ups ground mean usps return sender rules how much potassium chloride is fatal how much heat does a candle give off cost to remove moles how to make the r with a circle around it bad allergies at night