Forum Discussion

tigerrlady's avatar
New Contributor

What is going on with Cox and the Zeus Trojan/bot?

On two separate days we have received an email (looked like SPAM) that said one of our computers "likely" were infected. The first time we freaked and then ran a scan with our Eset (Nod32) anti-virus, which is much better than the McAfee & Norton that Cox likes. We also ran the removal tool from Microsoft and Malwarebytes. We spent $180 for our computer guys to check things out. Our system is clean! Besides, we have several layers of firewalls so that nothing can get into the systems in the first place.

Today we got another email from Cox saying it's "likely" that our computers are infected. WRONG! Plus, the computers weren't even turned on at 6:15am when Cox indicated they found something. We learned that they actually turn off the Internet when they get pinged that there's a problem.  When we contacted Cox today they gave us an IP address that is the problem. It's not one of our IPs!

So what is going on? We are being told we "likely" were infected when we haven't been. They are indicating a problem IP address that isn't us. And they send out multiple emails, that look like Spam, when there's no problem! Saying that they are doing it to "help customers" so that the problem "doesn't get worse" is ridiculous since there's no problem in the first place.

1 Reply

Replies have been turned off for this discussion
  • ChrisL's avatar
    Former Moderator

    I did check and it does appear we have 2 tickets open for your account for possible botnet activity. It appears on 2017-04-12 02:16:21 UTC and 2017-04-04 19:35:14 UTC the Internet connection was used to call home to a Zeus command and control server. It's possible that none of your devices did this but somebody could have access your Internet connection that was possibly infected. If it helps you can check your router logs for activity around those times indicated to see what may have happened.