Hello all.
Hopefully this is quick. I have Centurylink DSL and have received a redirect from them whenever I use the internet. The redirect page indicates that my account may be infected. I chatted with support, installed their version of Norton, ran full scans, internet restored.
I received another email this morning with the following;
Date IP Additional Info =================== =============== ======================================================= 2017-12-04 09:27:24 65.128.154.159 infection => 'flashback', subtype => 'flashback', port => '49189', cc_port => '80', agent => 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1; sv:4; id:CB8518BF-D9C1-580F-8840-71B57FD94915) Gecko/20100101 Firefox/9.0.1', url => '/index.html', public_source => 'SecurityScorecard', asn => '209', cc_ip => '208.100.26.251', cc_asn => '32748', sourceSummary => 'Drone Report'
Questions:
1. Flashback refers to a Mac virus. Can this be on a Windows machine?
2. It references Mozilla (Firefox browser?) but also Windows NT 6.1? I'm confused if this is a virus on the mac or the PC.
3. I just checked and all my computers have the same IP. This is different from cmd ipconfig. This leads me to understand that what Centurylink is capturing is my public IP address, but does not know where inside my network the virus is coming from correct? Ipconfig shows me my internal addresses of each device on the network?
The 3 desktops each have Centurylink's Norton suite. Scans don't show anything. This leads me to deduct that the virus is from the mac.
Appreciate thoughts from anyone.
~Eric
↧