MY ISP is nuts! or a joke! or a bunch of morons!

[Turkish]

Ok, this morning they sent a guy to my house, to talk to me. Here is our conversation:

Me: So what's the problem?
ISP: Well, it seems like you have a high network acitivity and we just realized that you were a seeder for the W32.Welchia.
Me: Me?!@#!
ISP: Yeah, we have been scanning the whole network since the beginning of school year, appearently your machine is it it.
Me: Since the beginning of school year? That's impossible, I have made at least 3 complete formats since the beginning of this year and I have Norton up and running 24/7.
ISP: Well it can happen, things are pretty amazing on the internet.
Me: Yeah... ummm it is *you morons*...
ISP: Well I need to verify your IP / MAC adress and see if they match our records....

**so we check it, and they are fine.

ISP: Well please download Norton and Windows XP Service Pack and all the other critical updates.
Me: They are already there *you moron*
ISP: When you scan your computer next time, please call us and we'll proceed from there.
Me: Proceed? I am telling you, this computer is virus free, so you are on the wrong trea looking for apples.
ISP: Well if we can't secure your computer, we'll have to cut your connection off.
Me: Interesting, well have a nice day.

And I remind you, this computer had 3 full formats + virus scan 24/7 with live update. Are they nuts? Or is this possible?

I am pissed, if they cut off my connection, I am fvcked because they are the only ISP here!!!

 

[waylman]

ISP=morons

 

[Demon-Xanth]

Ahh, the joy of a linux firewall. My dad's computer gets viruses, and mine doesn't.

 

[freegeeks]

Originally posted by: Xiety
Ok, this morning they sent a guy to my house, to talk to me. Here is our conversation:

Me: So what's the problem?
ISP: Well, it seems like you have a high network acitivity and we just realized that you were a seeder for the W32.Welchia.
Me: Me?!@#!
ISP: Yeah, we have been scanning the whole network since the beginning of school year, appearently your machine is it it.
Me: Since the beginning of school year? That's impossible, I have made at least 3 complete formats since the beginning of this year and I have Norton up and running 24/7.
ISP: Well it can happen, things are pretty amazing on the internet.
Me: Yeah... ummm it is *you morons*...
ISP: Well I need to verify your IP / MAC adress and see if they match our records....

**so we check it, and they are fine.

ISP: Well please download Norton and Windows XP Service Pack and all the other critical updates.
Me: They are already there *you moron*
ISP: When you scan your computer next time, please call us and we'll proceed from there.
Me: Proceed? I am telling you, this computer is virus free, so you are on the wrong trea looking for apples.
ISP: Well if we can't secure your computer, we'll have to cut your connection off.
Me: Interesting, well have a nice day.

And I remind you, this computer had 3 full formats + virus scan 24/7 with live update. Are they nuts? Or is this possible?

I am pissed, if they cut off my connection, I am fvcked because they are the only ISP here!!!

well you'll know soon

It can't be that hard to find out if it's really you (they have your mac / ip adress - and their own logs)

 

[hdeck]

it is possible. i got the welchia worm on my computer and windows update + updated norton couldn't get rid of it.

 

[djNickb]

I would ask to speak with someone who is actually responsible for performing the scans or at least someone who has a shred of technical knowledge -- Good Luck either way 😕

 

[alkemyst]

It's definitely possible, esp with pirated software sometimes having viruses in them or the CD burn being to blame.

If you have W32.Welchia on your machine then you know....norton is not a good tool after the fact. There are links to show you what to look for though usually.

 

[Chadder007]

Makes you wonder if they are sending all of those DCMA notifications to the right people too. LOL

Also do you have a firewall? Use a good one like ZoneAlarm if not....you can get the free one. It will ask you if a certain program can access the internet or not. Also I would look up on TrendMicros website to see if they have something that would scan and get rid of the Welchia virus just in case. Maybe its seeping through an open port on your system.

 

[Jeff7181]

The apple doesn't fall far from the ISP "trea"

 

[spidey07]

It is entirely possible that you did seed it.

Network logs don't lie and neither do mac addresses and port mappings.

-edit- <--- have tracked down many a hacker, worm spreader.

 

[Viper GTS]

Originally posted by: spidey07
It is entirely possible that you did seed it.

Network logs don't lie and neither do mac addresses and port mappings.

-edit- <--- have tracked down many a hacker, worm spreader.

Yup, & it's not exactly hard to identify those spreading W32 variants.

My roommate recently did a clean install of XP, IMMEDIATELY (as soon as he had an internet connection) installed all the necessary windows updates, & then rebooted.

During that time he was infected, & had to clean his system when he installed NAV.

Bottom line is they are probably right.

Viper GTS

 

[Chadder007]

Dude......see if a process called Dllhost.exe is running.

http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

A fix is near the bottom of the page.

 

[Glitchny]

Originally posted by: Xiety
Ok, this morning they sent a guy to my house, to talk to me. Here is our conversation:

Me: So what's the problem?
ISP: Well, it seems like you have a high network acitivity and we just realized that you were a seeder for the W32.Welchia.
Me: Me?!@#!
ISP: Yeah, we have been scanning the whole network since the beginning of school year, appearently your machine is it it.
Me: Since the beginning of school year? That's impossible, I have made at least 3 complete formats since the beginning of this year and I have Norton up and running 24/7.
ISP: Well it can happen, things are pretty amazing on the internet.
Me: Yeah... ummm it is *you morons*...
ISP: Well I need to verify your IP / MAC adress and see if they match our records....

**so we check it, and they are fine.

ISP: Well please download Norton and Windows XP Service Pack and all the other critical updates.
Me: They are already there *you moron*
ISP: When you scan your computer next time, please call us and we'll proceed from there.
Me: Proceed? I am telling you, this computer is virus free, so you are on the wrong trea looking for apples.
ISP: Well if we can't secure your computer, we'll have to cut your connection off.
Me: Interesting, well have a nice day.

And I remind you, this computer had 3 full formats + virus scan 24/7 with live update. Are they nuts? Or is this possible?

I am pissed, if they cut off my connection, I am fvcked because they are the only ISP here!!!

just download the welcha worm fix from nortons site and see if u have it.

 

[kranky]

They know you aren't distributing welchia, but they do know you have high network activity.

Since you confirmed that you know exactly what you're talking about with respect to anti-virus software, etc., they know that whatever they are tracking can't be explained away by "I didn't know anything." Confirming your MAC/IP eliminates any possibility of record-keeping errors.

So, if I were you, I'd ask myself if there was any network activity going on from my MAC/IP that shouldn't be going on.

[note: just a thought, not an accusation]

 

[Savij]

How quickly did you connect your computer to the internet? I've seen computers infected with this within 30 seconds of connecting to the internet if they hadn't had the proper patches or a firewall enabled. Second, Norton SHOULD be able to detect it, but it wont be able to clean it: http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html

I would side with the ISP in this case until you provide proof that you had the MS03-029 patch installed or a firewall enabled before you ever connected to the internet. Otherwise you had nothing to keep you from being infected.

 

[DaveJ]

Originally posted by: Viper GTS

Originally posted by: spidey07
It is entirely possible that you did seed it.

Network logs don't lie and neither do mac addresses and port mappings.

-edit- <--- have tracked down many a hacker, worm spreader.

Yup, & it's not exactly hard to identify those spreading W32 variants.

My roommate recently did a clean install of XP, IMMEDIATELY (as soon as he had an internet connection) installed all the necessary windows updates, & then rebooted.

During that time he was infected, & had to clean his system when he installed NAV.

Bottom line is they are probably right.

Viper GTS

Definitely... the ONLY way to make sure a machine is clean is to burn the patches to CD and make sure they're installed before you put the machine on the network... My machine here at work got infected less than 30 seconds after it had booted to XP for the first time.

Dave

 

[DaveJ]

edit: DP

 

[notfred]

You've formatted your machine 3 times this year? Is that some kind of a hobby, or do you just break it that often?

 

[Savij]

Originally posted by: DaveJ

Originally posted by: Viper GTS

Originally posted by: spidey07
It is entirely possible that you did seed it.

Network logs don't lie and neither do mac addresses and port mappings.

-edit- <--- have tracked down many a hacker, worm spreader.

Yup, & it's not exactly hard to identify those spreading W32 variants.

My roommate recently did a clean install of XP, IMMEDIATELY (as soon as he had an internet connection) installed all the necessary windows updates, & then rebooted.

During that time he was infected, & had to clean his system when he installed NAV.

Bottom line is they are probably right.

Viper GTS

Definitely... the ONLY way to make sure a machine is clean is to burn the patches to CD and make sure they're installed before you put the machine on the network... My machine here at work got infected less than 30 seconds after it had booted to XP for the first time.

Dave

You can also enable WinXP firewall. This closes off the port that the worm uses to spread itself so you can get on the internet to download patches and updates.

 

[DaveJ]

Originally posted by: Savij

Originally posted by: DaveJ

Originally posted by: Viper GTS

Originally posted by: spidey07
It is entirely possible that you did seed it.

Network logs don't lie and neither do mac addresses and port mappings.

-edit- <--- have tracked down many a hacker, worm spreader.

Yup, & it's not exactly hard to identify those spreading W32 variants.

My roommate recently did a clean install of XP, IMMEDIATELY (as soon as he had an internet connection) installed all the necessary windows updates, & then rebooted.

During that time he was infected, & had to clean his system when he installed NAV.

Bottom line is they are probably right.

Viper GTS

Definitely... the ONLY way to make sure a machine is clean is to burn the patches to CD and make sure they're installed before you put the machine on the network... My machine here at work got infected less than 30 seconds after it had booted to XP for the first time.

Dave

You can also enable WinXP firewall. This closes off the port that the worm uses to spread itself so you can get on the internet to download patches and updates.

Not if the machine gets infected within 30 seconds on its first boot into Windows... I didn't even get the chance to fire up Windows Update before the box rebooted by itself... 😱

Dave

 

[Viper GTS]

Originally posted by: DaveJ

Originally posted by: Savij

Originally posted by: DaveJ

Originally posted by: Viper GTS

Originally posted by: spidey07
It is entirely possible that you did seed it.

Network logs don't lie and neither do mac addresses and port mappings.

-edit- <--- have tracked down many a hacker, worm spreader.

Yup, & it's not exactly hard to identify those spreading W32 variants.

My roommate recently did a clean install of XP, IMMEDIATELY (as soon as he had an internet connection) installed all the necessary windows updates, & then rebooted.

During that time he was infected, & had to clean his system when he installed NAV.

Bottom line is they are probably right.

Viper GTS

Definitely... the ONLY way to make sure a machine is clean is to burn the patches to CD and make sure they're installed before you put the machine on the network... My machine here at work got infected less than 30 seconds after it had booted to XP for the first time.

Dave

You can also enable WinXP firewall. This closes off the port that the worm uses to spread itself so you can get on the internet to download patches and updates.

Not if the machine gets infected within 30 seconds on its first boot into Windows... I didn't even get the chance to fire up Windows Update before the box rebooted by itself... 😱

Dave

Enable the firewall before you connect the patch cable.

😉

Viper GTS

 

Call them up again, but make sure your computer is turned off and disconnected.
Then ask them to run the tests.

 

[Turkish]

Hi again people,

I just came back home... sorry I didn't give enough information, but I already used symantec's special tools to detech Welchia, and it didn't find it. I don't have DLLHost.exe in my processes either. Also, I have Zone Alarm Pro as well...

I think my ISP is just bullsh!tting me to not use as much bandwidth... *lol* at them if they don't know how to limit my bandwidth 😀

Oh well, I'll call up and ask to speak with a manager to resolve everything 🙂

Thanks again for the replies 🙂

 

[DaveJ]

Originally posted by: Viper GTS

Originally posted by: DaveJ

Originally posted by: Savij

Originally posted by: DaveJ

Originally posted by: Viper GTS

Originally posted by: spidey07
It is entirely possible that you did seed it.

Network logs don't lie and neither do mac addresses and port mappings.

-edit- <--- have tracked down many a hacker, worm spreader.

Yup, & it's not exactly hard to identify those spreading W32 variants.

My roommate recently did a clean install of XP, IMMEDIATELY (as soon as he had an internet connection) installed all the necessary windows updates, & then rebooted.

During that time he was infected, & had to clean his system when he installed NAV.

Bottom line is they are probably right.

Viper GTS

Definitely... the ONLY way to make sure a machine is clean is to burn the patches to CD and make sure they're installed before you put the machine on the network... My machine here at work got infected less than 30 seconds after it had booted to XP for the first time.

Dave

You can also enable WinXP firewall. This closes off the port that the worm uses to spread itself so you can get on the internet to download patches and updates.

Not if the machine gets infected within 30 seconds on its first boot into Windows... I didn't even get the chance to fire up Windows Update before the box rebooted by itself... 😱

Dave

Enable the firewall before you connect the patch cable.

😉

Viper GTS

Oh sure, take the easy way out! What about those of us who enjoy a challenge? 😀 Man, I gotta get more sleep...

Dave

 

[Turkish]

Originally posted by: notfred
You've formatted your machine 3 times this year? Is that some kind of a hobby, or do you just break it that often?

First time it was a regular format (every 6 months), then something fvcked up, constant crashes and everything, so another format... and the last one was 2 weeks ago, when I installed new hardware... it's good... keeps my PC quick all the time.