[olug] Fwd: [10.17.2016 34620193] Compromised Computer Notification from Cox Communications

Justin Reiners justin at hotlinesinc.com
Mon Oct 17 16:10:19 CDT 2016


Joesph,


FYI, when I was hacked years ago, they created a hidden user, make sure you
check /etc/passwd, and do a netstat -tulpn to see if there are any
unrecognized services running. What services does your infected box run?
are they running OK?

feel free to contact me directly if you need any help with it.

On Mon, Oct 17, 2016 at 4:05 PM, Joseph Gulizia <joseph.gulizia at gmail.com>
wrote:

> Thanks.  I'll give it a shot.
>
> Joe
>
> On Mon, Oct 17, 2016 at 4:04 PM, Justin Reiners <justin at hotlinesinc.com>
> wrote:
>
> > Joseph,
> >
> > rkhunter works well. its in the ubuntu repo
> >
> >
> > On Mon, Oct 17, 2016 at 4:02 PM, Joseph Gulizia <
> joseph.gulizia at gmail.com>
> > wrote:
> >
> > > Lou,
> > >
> > > These all appear to be Windows only fixes.  I AM not running Windows.
> I
> > > have heard that rootkits can get on Linux systems, I want to know how
> to
> > > remove from them if need be.
> > >
> > > On Mon, Oct 17, 2016 at 1:34 PM, Lou Duchez <lou at paprikash.com> wrote:
> > >
> > > > The good news about malware these days is, their goal isn't to break
> > your
> > > > computer, just to hijack it. That means it may be fixable.
> > > >
> > > > I recommend:
> > > >
> > > > 1) Disconnect the offending (Windows, presumably) computer from the
> > > > Internet.
> > > >
> > > > 2) Download VIPRE Rescue onto a flash drive on another computer:
> > > >
> > > > https://www.vipreantivirus.com/support.aspx#vp-Rescue
> > > >
> > > > 3) Take the flash drive to the compromised computer and try to
> > disinfect
> > > > it.
> > > >
> > > > I haven't done battle with rootkits in a few years, but let VIPRE
> > Rescue
> > > > take a crack at it.  If it can do its thing, and then a second scan
> > comes
> > > > back clean, you may well be fixed.
> > > >
> > > >
> > > > Also, a good utility to have is HiJackThis, a utility to let you see
> > what
> > > > Windows is loading up, and more importantly you can tell Windows what
> > to
> > > > stop loading:
> > > >
> > > > https://sourceforge.net/projects/hjt/
> > > >
> > > >
> > > >
> > > > Got one of these emails today.  First one ever.
> > > >>
> > > >> Called Cox they said it's not spam.
> > > >>
> > > >> Interesting.
> > > >>
> > > >> Joe
> > > >>
> > > >> ---------- Forwarded message ----------
> > > >> From: Cox Customer Safety <abuse at cox.net>
> > > >> Date: Mon, Oct 17, 2016 at 8:52 AM
> > > >> Subject: [10.17.2016 34620193] Compromised Computer Notification
> from
> > > Cox
> > > >> Communications
> > > >> To: Me
> > > >>
> > > >>
> > > >> Dear Subscriber,
> > > >>
> > > >> Cox has identified that one or more of the computers in your home
> may
> > be
> > > >> infected with the Alureon / TDSS Virus.
> > > >>
> > > >> Viruses can take control of your PC and gather your personal
> > information
> > > >> such as passwords and credit card numbers, putting your data at risk
> > > >>
> > > >> The following FREE security tools could help you detect and remove
> > > >> infections from your systems:
> > > >> The Microsoft Safety Scanner
> > > >> http://www.microsoft.com/security/scanner/
> > > >>
> > > >> Norton Power Eraser
> > > >> http://security.symantec.com/nbrt/npe.aspx
> > > >>
> > > >> Cox Security Suite Plus powered by McAfee is included FREE with your
> > Cox
> > > >> High Speed Internet service.  This software can be used to help
> > protect
> > > >> up-to 5  devices in your home, including Windows and Mac OS
> computers,
> > > and
> > > >> Android and Apple tablets and smartphones.
> > > >> To get started, simply browse to www.cox.com/securitysuite and
> login
> > > with
> > > >> your Cox primary User ID and Password.
> > > >> If you already have an Anti-virus solution installed, you should
> refer
> > > to
> > > >> your software manual before installing the Cox Security Suite.
> > > >>
> > > >> If you need additional support, Cox offers premium technical support
> > at
> > > >> reasonable rates.
> > > >> Visit Cox Tech Solutions at https://secure.coxtechsolutions.com/ or
> > > call
> > > >> 877.TEC.SOLV (832.7658) to get started.
> > > >>
> > > >> If you would like additional information on the Alureon / TDSS
> Virus:
> > > >> http://www.microsoft.com/security/portal/threat/
> > > >> encyclopedia/Entry.aspx?Name=Virus%3aWin32%2fAlureon.H
> > > >>
> > > >> If you have any questions regarding this matter, you may call Cox
> > > Customer
> > > >> Safety at 800-753-6085.
> > > >>
> > > >> Regards,
> > > >>
> > > >> Cox Customer Safety
> > > >> _______________________________________________
> > > >> OLUG mailing list
> > > >> OLUG at olug.org
> > > >> https://lists.olug.org/mailman/listinfo/olug
> > > >>
> > > >
> > > >
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > https://lists.olug.org/mailman/listinfo/olug
> > > >
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > https://lists.olug.org/mailman/listinfo/olug
> > >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>


More information about the OLUG mailing list