This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Alureon virus on a Mac?

My daughter has an iMac running OSX 10.6.8 and has been notified by Comcast that she has the "Alureon" virus.  I don't think that is possible as I understand that it is a Windows virus, but Comcast insists that it is her problem and she should contact her anti-virus software support.  Whenever she tries to use the internet a Comcast popup appears with the notice.. it can't be closed and she is unable to use any web pages.  She has no Windows software on her machine at all.  Could the issue be with the modem?  I'm grasping straws here.  Advice???? 

:1005389


This thread was automatically locked due to age.
Parents
  • There's a lot of history behind this one...

    Usually, when ISPs put up an alert saying that someone is infected with the Alureon Virus, they are in fact responding to the fact that the customer's computer is using a DNS server that, prior to a takedown by the FBI and Microsoft, belonged to the malware authors that created Alureon, DNSChanger, RSPlug (which is what infected Macs), and a number of other pieces of Mac and Windows malware.

    This link should shed some more light on the situation: http://nakedsecurity.sophos.com/tag/rsplug/

    This one may also help: http://www.dcwg.org/

    While Comcast's message was decidedly Windows-centric and unhelpful in this situation, a fix is definitely necessary.  The first step is to verify that the iMac is not infected with malware, specifically OSX/DNSChanger, OSX/RSPlug, or OSX/Jahlav variants.

    The second step is to go into System preferences->Network and verify that the DNS Servers listed belong to your network router (192.168.x.x or 10.x.x.x), your ISP (the IP address should be similar to your outbound IP address) or some trusted DNS server (Such as, for example, 8.8.8.8 for Google DNS).

    Once the DNS information has been fixed, Comcast's alert should go away.  All they are doing is intercepting DNS requests headed for known-bad DNS servers and returning an error instead.  Since the FBI is going to be taking those servers offline shortly (they've been running them with the help of Microsoft themselves for the past six months), this informative message is definitely an improvement on the sudden unexplained loss of service that your daughter would otherwise experience when the servers go offline.

    As an addendum, if her iMac's DNS settings are pointed to get their information from your modem, it is possible that the modem has been modified to use the previously malicious DNS servers.  You'll need to use the web interface for administering your modem to verify that it is using trusted DNS servers from your ISP or some other source.

    :1005451
Reply
  • There's a lot of history behind this one...

    Usually, when ISPs put up an alert saying that someone is infected with the Alureon Virus, they are in fact responding to the fact that the customer's computer is using a DNS server that, prior to a takedown by the FBI and Microsoft, belonged to the malware authors that created Alureon, DNSChanger, RSPlug (which is what infected Macs), and a number of other pieces of Mac and Windows malware.

    This link should shed some more light on the situation: http://nakedsecurity.sophos.com/tag/rsplug/

    This one may also help: http://www.dcwg.org/

    While Comcast's message was decidedly Windows-centric and unhelpful in this situation, a fix is definitely necessary.  The first step is to verify that the iMac is not infected with malware, specifically OSX/DNSChanger, OSX/RSPlug, or OSX/Jahlav variants.

    The second step is to go into System preferences->Network and verify that the DNS Servers listed belong to your network router (192.168.x.x or 10.x.x.x), your ISP (the IP address should be similar to your outbound IP address) or some trusted DNS server (Such as, for example, 8.8.8.8 for Google DNS).

    Once the DNS information has been fixed, Comcast's alert should go away.  All they are doing is intercepting DNS requests headed for known-bad DNS servers and returning an error instead.  Since the FBI is going to be taking those servers offline shortly (they've been running them with the help of Microsoft themselves for the past six months), this informative message is definitely an improvement on the sudden unexplained loss of service that your daughter would otherwise experience when the servers go offline.

    As an addendum, if her iMac's DNS settings are pointed to get their information from your modem, it is possible that the modem has been modified to use the previously malicious DNS servers.  You'll need to use the web interface for administering your modem to verify that it is using trusted DNS servers from your ISP or some other source.

    :1005451
Children
No Data