# IRC Bot/Virus on my MAC?



## bmovie (Jan 18, 2003)

Ok this is the email I got from Rogers:

Rogers is concerned about your personal security. We're writing you
today to advise you that one or more of the computers in your home
connected to the Rogers Internet service appears to be infected with an "IRC
Bot/Virus" 

A computer infected with an "IRC Bot/Virus" poses a security threat for
both you and other customers connected to the Rogers Yahoo! Hi-Speed
Internet service. This type of virus can run behind the scenes on your
computer and send out large amounts of SPAM, attack Internet Websites,
infect other computers and even access personal files on your computer
which could lead to identity theft.

For both your security and others using our Internet service, it is
critical that you remove this virus within the next 48 hours. If you are
unable to do so, your Internet connection will be temporarily disabled
to protect your computer and others connected to the service. 

How can I resolve this issue?
Rogers provides you with a number of different options to help you
resolve this problem: 

1. Free Virus Protection/Removal Tools 
We're pleased to provide you with the Rogers Yahoo! Online Protection
Suite featuring Norton Anti-virus at no additional charge. To get more
information and install it, please visit www.rogers.com/onlineprotection


Some BOTs are very difficult to remove. If a full system scan fails to
find anything on your system please proceed with one of the following
as your system is likely still infected.

2. Chat online with a Rogers technical support representative
You start an online chat with a Rogers technical support representative
who can provide you with additional information to help you resolve
this issue by visiting:
http://rogershelp.com/yahoo/livesupport/?queueID=50 

3. Ask other customers for advice
You can talk to other customers on the Rogers community forums at
Rogershelp.com - Help and support for your Rogers products and services! 

4. Contact us by telephone
Call us at 1-888-ROGERS1 and one of our technical service
representatives will be happy to assist you.


Thank you for your immediate attention in this matter.

Rogers EUA Management Team

Sincerely,

EUA Management Team
Rogers Yahoo Hi-Speed Internet

they said that I have 48 hours to clear it or my modem will be shut off...what gives?


----------



## RISCHead (Jul 20, 2004)

Apple - Support - Discussions - IRC Bot/Virus- is this possible on a ...


----------



## screature (May 14, 2007)

bmovie said:


> Ok this is the email I got from Rogers:
> 
> Rogers is concerned about your personal security. We're writing you
> today to advise you that one or more of the computers in your home
> ...


bmovie checkout this thread. Rogers are SCUM, I hated them as a wireless phone provider, I thank god I don't have to deal with them as an internet provider.

How would they know if you have an e-mail with the virus? If they did, then why don't they contact you and tell you to trash it. They are full of S**T and this is BS. I would trash all your junk messages and anything you don't recognize just in case, and tell them what you have done and that you are on a Mac and tell them to go to hell, and if they still want to try and "coerce", "defraud" you into buying their antivirus package (I know they say it is free but there is probably a catch somewhere knowing them) tell them that you are going to report them to the CRTC and you will seek punative damages for their threats and attempts to defraud you into buying their product.

Notice they didn't provide any links to other alternatives for virus protection? Bast***s!!!!


----------



## bmovie (Jan 18, 2003)

they didnt give me any advice other than to scan my computer for the virus and remove it. I told them I was on a MAC and they said that I can still transmit it and if its not removed they will close my modem down.
This is total BS, 
I will scan to see if there is anything on my bootcamp partition  

but that is only used to play Call of Duty 4 and for my tax software.

we'll see how it goes.


----------



## Atroz (Aug 7, 2005)

It would help if we knew what exactly they are looking for to detect it, unfortunately we don't. Perhaps you are creating some network traffic that is getting confused with the Bot's traffic. 

Do you run any servers that are Internet accessible (perhaps looking like the backdoor used by the bot)? 

Do you use IRC? 

Do you have something that does a lot of outbound connections? Games, P2P or such?

Do you do any sort of VPN/SSH etc?


Interesting how it is not a Roger's security team that is contacting you, but the End User Agreement Management team.


----------



## bmovie (Jan 18, 2003)

Atroz said:


> It would help if we knew what exactly they are looking for to detect it, unfortunately we don't. Perhaps you are creating some network traffic that is getting confused with the Bot's traffic.
> 
> Do you run any servers that are Internet accessible (perhaps looking like the backdoor used by the bot)?
> 
> ...


well at work I download tv shows bring them home, I play Call of duty 4 on the pc bootcamp partition.

what do you mean the end user agreement and not the security team? When I called I had to talk to the security guy, he gave me the MAC address of my modem. 
Installing McAfee on bootcamp and going to scan to see if there is anything.


----------



## kloan (Feb 22, 2002)

Do you play online with XP? Could be infected if you do...


----------



## bmovie (Jan 18, 2003)

no I dont play online....any other Ideas?

McAfee hasn't finished installing + updates so when it's done I'll see what gives.

if it finds anything.


----------



## Adrian. (Nov 28, 2007)

This is a load of bull. I would get the advice of a certified computer tech who specializes in this. Confirm that it is indeed bull and go to the press. Keep all their letters. Crack er open!


----------



## bmovie (Jan 18, 2003)

Adrian. said:


> This is a load of bull. I would get the advice of a certified computer tech who specializes in this. Confirm that it is indeed bull and go to the press. Keep all their letters. Crack er open!


I was thinking the same thing!


----------



## bmovie (Jan 18, 2003)

I cannot be the only guy on Rogers with this virus!

this is bull ****


----------



## bgw (Jan 8, 2008)

*Anti-virus*

Best stay away from Norton Anti-virus. It is a virus. Others on this forum have mentioned ClamXav as an anti-virus checker. It is free. On the PC I use AVG's free products.

Do you have a hub or a modem that indicates traffic? Possibly with a flashing light? If your all connected and not doing anything on the web and no activity lights are active then nothing is moving through your network. If everything is flashing, and your not downloading or uploading, you may have a real problem. As I write this, my hub, sitting on my desk, indicates no activity.

In theory a Mac can act as a carrier of viruses and not get infected. Unlikely. Other forums on ehMac discuss this.

And, if you can, for a internet provider get TekSavvy. Way better than Sympatico or Rogers.


----------



## Atroz (Aug 7, 2005)

bmovie said:


> well at work I download tv shows bring them home, I play Call of duty 4 on the pc bootcamp partition.
> 
> what do you mean the end user agreement and not the security team?
> 
> Installing McAfee on bootcamp and going to scan to see if there is anything.


The signature on the bottom of the message they sent you says: 


> Rogers EUA Management Team
> 
> Sincerely,
> 
> EUA Management Team



BTW, do you have any wireless (WI-FI) behind that router?


----------



## bmovie (Jan 18, 2003)

Atroz said:


> The signature on the bottom of the message they sent you says:
> 
> 
> 
> BTW, do you have any wireless (WI-FI) behind that router?


what do you mean? I do have a Wii that has internet connection and I have two laptops...one macbook pro and a lombard.


----------



## bmovie (Jan 18, 2003)

bgw said:


> Best stay away from Norton Anti-virus. It is a virus. Others on this forum have mentioned ClamXav as an anti-virus checker. It is free. On the PC I use AVG's free products.



what is AVG's?

I just installed Norton on the pc


----------



## Atroz (Aug 7, 2005)

bmovie said:


> what do you mean? I do have a Wii that has internet connection and I have two laptops...one macbook pro and a lombard.


What do I mean?? Sorry, I thought the question was pretty clear. Do you have Wi-Fi connected to the Roger's internet connection? If you have a wireless access point (802.11x), or if any of your computers have wireless and may be acting as a router/gateway, you might have an unwanted guest using your Internet access. If you have a neighbour that is leeching off your Wi-FI for Internet access, they may have the worm/bot that is showing up.


----------



## bmovie (Jan 18, 2003)

Atroz said:


> What do I mean?? Sorry, I thought the question was pretty clear. Do you have Wi-Fi connected to the Roger's internet connection? If you have a wireless access point (802.11x), or if any of your computers have wireless and may be acting as a router/gateway, you might have an unwanted guest using your Internet access. If you have a neighbour that is leeching off your Wi-FI for Internet access, they may have the worm/bot that is showing up.


Oh sorry, yeah I have Wi-Fi but it's a secured connection. I thought about someone leaching.


----------



## Atroz (Aug 7, 2005)

bmovie said:


> Oh sorry, yeah I have Wi-Fi but it's a secured connection. I thought about someone leaching.



Perhaps it's not so secure. Turn it off and then ask Rogers if they are still seeing the problem.


----------



## bmovie (Jan 18, 2003)

well after installing norton, now I dont get a taskbar just the background window. So I think i'll just dump boot camp and re install windows in parallels and use it just for my Tax software only.

Now I know why I have always stuck with the mac and pissed on the windows!


----------



## krs (Mar 18, 2005)

Did anyone read the linked discussion in the second post?
Conclusion there was:


> I got through to my ISP. It seems that they saw that I had not downloaded the Windoze virus software they are pushing. This was their way of getting a hold of me to find out why. I explained that I don't do windoze and that since they don't have ANY Mac anti virus software I was not about to download it.


The ISP was Rogers as well.


----------



## mpuk (May 24, 2005)

I had this problem about a month ago...

Got an email from Rogers saying I have the IRC bot virus and need to resolve it or my account would be suspended.

I flipped and couldn't understand how this happened and called Rogers Tech Support and they had no answers for me but in the end to ensure I am virus-free and i'd be OK. I asked to speak with a supervisor about this threatening to suspend my account etc., and the next guy who came on the phone was able to tell me the specific time the bot executed this virus that day that Rogers detected it.

Interesting...

Meanwhile i'm thinking... from time to time I run XP through Parallels just to preview websites from a Windows perspective, and low and behold somehow that seems to have done it. I logged into XP through Parallels and found I had a critical update from MS and a definitions update from Bitdefender (my antivirus/antispyware software for XP). I ran the updates and did a full system scan to find a few threats that I deleted right away. 

Just to be safe, I ran MacScan as well on the OS X side, and got rid of a couple of tracking cookies...

So from my experience, Rogers isn't just messing with you... they obviously detected something from your IP. Odds are it is from a Windows Operating System though...doubt if its from your Mac.

If you don't have any Windows OS' running anywhere...could be that someone is hacking your internet connection...?


----------



## bgw (Jan 8, 2008)

*Avg*

AVG is a company that makes anti-virus, anti-spyware, and anti-root kit software. They have free packages, that are hard to find unless you look around their website. I recommend them for your boot camp or emulated Windows installs. You may have luck with this url:

AVG Free Advisor - Free antivirus and anti-spyware downloads

Remove Norton from your machine. It will slow it down greatly.


----------

