Computer Security & Viruses/Can't Connect to the Internet

Advertisement


Question
QUESTION: I have Windows 7. I can't connect to the Internet, even though I reboot the modem and the computer. The message I get is "It won't connect to Proxy Server" I don't have a Prosy Server, but when I disconnect the check for the Proxi Server (thinking that would help), it automatically connect back.

The computer that I am having problems with uses a Ethernet cable. My other 2 computers are working fine with the wireless adapters.

I had received this fraudently email, that did have an account number, my name, type, source port, destination ip, hostname, destination ip. information (I just deleted it.

I was a little supicious, and I wish I had called AT&T first, but I did go to the http://malwarebytes.org. website and downloaded it and it deleted 6 so call infections.

Now about 2 days later, I can't connect to the Internet.
Do you think it is because of this email.
I ran the virus scan (MicroSoft Essential) and it said everything was ok. I also have TinyWall firewall.


Any tips to be able to connect to the Internet, would be greatly appreciate.

@att.net
Malware infection advisory from AT&T Internet Services Security Center
SBC Account Number:

Dear

AT&T has received information indicating that one or more devices using your Internet connection may be infected with malicious software. Internet traffic consistent with a malware infection (“tinba”) was observed on Apr 17, 2015 at 9:10 AM EDT from the IP address 99.172.145.81. Our records indicate that this IP address was assigned to you at this time.

Infected computers are often used as part of a zombie computer network (“botnet”). Botnets are networks of computers which have been infected with malware and placed under the control of a hacker or group of hackers. They are often used for attacks on websites, spamming, fraud, and distribution of additional malware.

Because malware is designed to run in secret, an infected computer may display no obvious symptoms.

To address this matter we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.

If you use a wireless network, an infected computer may be using your Internet connection without your knowledge. Ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). Check the connections to the router and ensure that you recognize all connected devices.
Ensure your firewall settings and anti-virus software are up-to-date, and install any necessary service packs or patches. Scan all systems for viruses and other malware.

Additional tools and information:

Tools for removing rootkits, bots, and other crimeware:
Norton Power Eraser: https://security.symantec.com/nbrt/npe.aspx (Windows)
McAfee Rootkit Remover: http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx (Windows)
Tools for general virus and malware removal:
Microsoft Safety & Security Center: http://www.microsoft.com/security/ (Windows)
Malwarebytes Anti-Malware: http://malwarebytes.org/ (Windows, Android)
Spybot +AV: http://www.safer-networking.org/ (Windows)
OS X Gatekeeper: http://support.apple.com/kb/HT5290 (OS X)
AT&T Malware and Network Security analysts gather weekly to give you the information that you need to know about the latest security news and trends. Visit AT&T ThreatTraq at http://techchannel.att.com/showpage.cfm?ThreatTraq

Regards,
AT&T Internet Services Security Center
Incident details for 1

Type:
Source port:
Destination IP:
Hostname:
Destination port:
For security reasons, the destination IP is partially obscured.

DISCLAIMER: The information above contains links to software by third-party vendors (hereafter, “the Software”). AT&T is not responsible for support or assistance for any of the Software. If you need support or assistance with any of the Software, please contact the Software's vendor directly. AT&T is unable to provide a warranty or guarantee, either expressed or implied, for any of the Software. You will be responsible for your own system software and system security and not hold AT&T, its partners, agents or affiliates liable for any costs or damages whatsoever (including, without limitation, damages to access system, hardware and/or software) to your computer as a result of installing or using any of the Software. You also understand that use of all hardware and/or software must comply with the AT&T Acceptable Use Policy.
Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link.

©2005 - 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
Privacy Policy (Updated September 16, 2013)

ANSWER: If you did not click on any of those links, the email should not have caused your problem.

Do you receive Internet connectivity via AT&T?  If so, please give tech support a call about your Internet connectivity problem . They probably will ask you to send them a copy of this email. They also might be able to solve your problem.

If you don't use AT&T, then call whomever does provide your connectivity. Hopefully this will work.

If your Internet provider can't solve your problem, you probably can regain connectivity by installing a high quality Internet Security program, one you pay for.  I recommend either Norton or McAfee. Trying to solve a serious malware problem with a patchwork of free programs is often not enough, judging from the fact that almost everyone who asks me for help is running a Windows operating system and is relying upon free security software.

Indeed, major corporations never try to get away with using only free security software.

That said, I only use free security software on my Ubuntu Linux computer. That's because there is a huge community of talented volunteers who make this work, and because the source code for Linux is available for them to study and improve. By contrast, Microsoft keeps the workings of its Windows operating systems a closely guarded secret. For this reason, unpaid volunteers have a horribly difficult task trying to keep their free security software able to defeat the bad guys.

If you ever get fed up with trying to make Windows work for you without spending money on software, and if you are comfortable with trying something new to you, you can get this operating system and free software to replace almost everything Windows can run at http://ubuntu.com.

---------- FOLLOW-UP ----------

QUESTION: I was a little supicious, and I wish I had called AT&T first, but I did go to the http://malwarebytes.org. website from the email and downloaded it and it deleted 6 so call infections.

I thought that was malware original website especially since it said org at the end.

So, in your opinion, was I mistaken and that wasn't Malware original website?

In your opinion, is that how my pc got infested by me clicking on the website link in the email.

Answer
You are certainly correct. It is easy to fake a web site address.

I suggest that you back up all your data, wipe your hard drive and reinstall. That's what a computer repair shop would do.

The problem with buying a quality computer security program and getting it to fix your computer without wipe and reinstall (some repair shops call this "nuking")is that it will need to update its threat database before you can be certain that it has cleaned out all the malware on your computer. If your infected computer can't access the Internet, this might make it impossible for your new security software to eradicate this infection.

However, if you don't use your computer for anything important like using your credit cards or bank accounts, it might be OK to try a new computer security program -- not free stuff -- to fix your computer without nuking it first.

My concern is that this might be a sophisticated attack. On the other hand, by making it so you can't connect to the Internet, this suggests it was an attack from someone who is just plain malicious and not meaning to steal from you. If this was a serious criminal attack, they wouldn't have cut off your Internet access.

However, there is one more possibility. Your computer might harbor a botnet zombie that was launching spam or other attacks on other computers. In this case, your Internet provider might have cut off your access. I think this is unlikely because they should have let you know about this problem. But then again, perhaps someone wasn't doing his or her job. So be sure to call tech support at your provider to see if they can restore access for you.

Computer Security & Viruses

All Answers


Answers by Expert:


Ask Experts

Volunteer


Carolyn Meinel

Expertise

I cover Windows, Linux, TCP/IP and Ethernet security questions. I do not cover Mac, smart phones, or other networking issues.

Experience

Books by Carolyn Meinel: wrote a chapter for The Hacking of America book (see http://www.amazon.com/exec/obidos/ASIN/1567204600/happyhacker) My article Code Red for the Web for Scientific American was reprinted in the book Best American Science Writing 2002 (see http://www.amazon.com/exec/obidos/ASIN/0060936509/happyhacker). My book The Happy Hacker: A Guide to Mostly Harmless Hacking is now in 4th edition with a Japanese edition (see http://happyhacker.org/hhbook/).

Organizations
IEEE, AAAS

Publications
See a list with some online links at http://cmeinel.com

Education/Credentials
MS, Industrial Engineering, The University of Arizona Took a course in computer forensics at the University of Texas at Austin/

Past/Present Clients
DARPA, SAIC, Palmer Labs

©2016 About.com. All rights reserved.