ISP warned me they detected virus from my PC, I am quite concerned..

[mach]

...about my privacy. Don't really care about the virus tbh.

Does that mean my traffic was still being monitored and policed, despite I had VPN on at the time of detection of this "Trojan_ZeroAccess"?

I am under the impression that a VPN tunnels and also masks my traffic from the ISP? 

This scum ISP uses mandatory router/wireless AP, can my VPN still protects me? I can throw in my own router (not a bad one) but only in bridge mode which hinder the speed a bit.

 

Please kindly tell me if I'm mistaken. Would greatly appreciate any tips to retain my privacy!

 

edit: I can confirm it's not a phishing. I logged into the customer portal of the ISP and they opened a ticket for the same issue.

[Levisallanon]

It probably means someone is phising you.

[Master Disaster]

4 minutes ago, mach said:

...about my privacy. Don't really care about the virus tbh.

Does that mean my traffic was still being monitored and policed, despite I had VPN on at the time of detection of this "Trojan_ZeroAccess"?

I am under the impression that a VPN tunnels and also masks my traffic from the ISP? 

This scum ISP uses mandatory router/wireless AP, can my VPN still protects me? I can throw in my own router (not a bad one) but only in bridge mode which hinder the speed a bit.

 

Please kindly tell me if I'm mistaken. Would greatly appreciate any tips to retain my privacy!

It's entirely 100% fake, your ISP CANNOT tell if you have a virus and even if they could they wouldn't email you to tell you.

 

It's a scam, delete it and forgot about it.

[NTDaws]

You should know that this is a 100% scam. Delete the E-Mail ASAP. 

[lavablade02]

This is a scam. Your ISP doesn't care if you have a virus. The only thing they care about is if you are on the dark web buying children or torrenting.

[mach]

I'm sorry if I sound dumb and stubborn, but the auto generated email was sent from the legit ISP address, didn't ask for anything at all, and listed my local IP, machine name and MAC address. (My ISP knows these because of that stupid mandatory router they have tight control on)

It tells me some traffic is coming from the exact device I'm using. It does not seem like a phishing mail to me at all.

[MarbleHornets]

With former work experience in a large ISP, we can't see that far into your system nor would we care if one person has a virus. If that was the case, then we'd be sending out emails constantly telling millions of people that hourly. Don't worry about it too much, like everyone else has said, its phishing so just delete the email and move on.

 

Edit: Yes, we can see mac addresses, local ips, stuff that tells us what and who is connected to the network, but we can't see into system files and sweep them to figure out if their viruses. And those things aren't impossible to figure out from an outside source. If you really are that concerned about it, then call your ISP (please don't use the email or phone number in that email, look them up on their site or something similar) and as to speak to a technician about it so you can get more solid confirmation about this.

[AnonymousGuy]

They may be seeing traffic on some port that's common to worms and shit, which is plausible.  Alternatively they're seeing a lot of traffic and assuming it's malware.  I've gotten one of those notices because of that (I was uploading multiple terabytes per month).

[mach]

OK I can confirm now it's not a phishing. I logged into the customer portal of the ISP and they opened a ticket for the same issue.

[star_weaver]

get any sort of anti virus and run a scan, i know some isp's do offer some sort of anti virus but they do charge more than others for pretty crappy protection

[Sauron]

It's a scam, if anyone claims to know anything about your pc's health without you running a local program is either full of it or the author of the virus.

[mach]

6 minutes ago, MarbleHornets said:

With former work experience in a large ISP, we can't see that far into your system nor would we care if one person has a virus. If that was the case, then we'd be sending out emails constantly telling millions of people that hourly. Don't worry about it too much, like everyone else has said, its phishing so just delete the email and move on.

 

Edit: Yes, we can see mac addresses, local ips, stuff that tells us what and who is connected to the network, but we can't see into system files and sweep them to figure out if their viruses. And those things aren't impossible to figure out from an outside source. If you really are that concerned about it, then call your ISP (please don't use the email or phone number in that email, look them up on their site or something similar) and as to speak to a technician about it so you can get more solid confirmation about this.

They claimed some virus traffic was coming out from my device. I know they cannot know what's in my PC.

But anyway the virus was not my concern. 

I'm much more worried about my traffic being monitored. As I'm using VPN most of the time I thought all the traffic is encrypted between my PC and the VPN server? How come the ISP get to detect some "virus"? let's say it's not a false detection.

[tscanausa]

Typically DNS requests or ip block access for known bot masters is a way isp / service providers can detect this.

Depending on your network (which I will assume nothing about), this traffic could be coming from another program that skips the vpn, you could have another computer, smart device on your network that was hacked, you have an open access point that someone is war driving with  or a number or other likely things.

[Razor Blade]

Unless it is botnet traffic I agree with the above... ISPs couldn't care less if you have a virus.

 

If you have a virus that is using your PC for DDOS or something I guess it's possible. Just make sure you're contacting your legit ISP by calling them or going through your online account and not through email or them calling you.

[Ace McPlane]

23 minutes ago, mach said:

I'm sorry if I sound dumb and stubborn, but the auto generated email was sent from the legit ISP address, didn't ask for anything at all, and listed my local IP, machine name and MAC address. (My ISP knows these because of that stupid mandatory router they have tight control on)

It tells me some traffic is coming from the exact device I'm using. It does not seem like a phishing mail to me at all.

They're right to tell you this is a scam.

They would never send you a message like that over a virus.

 

Hover your mouse over the email without opening it.

You'll see the REAL email address.

The one that's immediately visible can be easily faked.

 

Clicking on emails like this is how they DO get you.

It's called scareware.

[MarbleHornets]

14 minutes ago, mach said:

They claimed some virus traffic was coming out from my device. I know they cannot know what's in my PC.

But anyway the virus was not my concern. 

I'm much more worried about my traffic being monitored. As I'm using VPN most of the time I thought all the traffic is encrypted between my PC and the VPN server? How come the ISP get to detect some "virus"? let's say it's not a false detection.

 

Depending on what VPN you use, it might not tunnel all traffic through your VPN, only internet traffic. Or if you use a virus scanner from your ISP, it could also send traffic data back to them even if you use a VPN. It could also be like what @tscanausa said as well.

 

Edit: Some malware can open specific ports or "back doors" to use to send data, which could also circumvent your VPN as well. 

[Ace McPlane]

53 minutes ago, mach said:

...about my privacy. Don't really care about the virus tbh.

Does that mean my traffic was still being monitored and policed, despite I had VPN on at the time of detection of this "Trojan_ZeroAccess"?

I am under the impression that a VPN tunnels and also masks my traffic from the ISP? 

This scum ISP uses mandatory router/wireless AP, can my VPN still protects me? I can throw in my own router (not a bad one) but only in bridge mode which hinder the speed a bit.

 

Please kindly tell me if I'm mistaken. Would greatly appreciate any tips to retain my privacy!

Just don't do anything the email tells you.

 

If you really want to be secure, just reinstall windows.

Whatever you do, just don't click on anything in that email.

[Catsrules]

32 minutes ago, mach said:

OK I can confirm now it's not a phishing. I logged into the customer portal of the ISP and they opened a ticket for the same issue.

First off figure out if you actually have a virus or not. Ignore the email and ISP for a moment. 

 

Run an antivirus scan on your computer. See if you can verify there is a virus on your computer. 

https://www.reddit.com/r/TronScript/

Tron has a few portable virus scanners under their Disinfect folder if you want to try those. Or you can just install a free av some and uninstall it when done.

 

If it is a virus, the virus is probably circumventing you VPN or the Virus is trying to scan local network traffic. Most VPNs don't block local traffic. (at least by default)

 

If you want better privacy I would get a router that supports VPN so you can tunnel all of your traffic over the VPN.  Basically you would have ISP Router --> Your router -->(VPN setup on router) ---> Local LAN

[MikeSK]

1) Your IP should not be able to access your files on your device unless:

• You are lacking a firewall or have an open port.
• You send your files unencrypted over the internet that eventually leaves your VPN.

2) Is your VPN software legit?

3) I would be concerned about a possible virus or malware harvesting your files, resources and bandwidth.

4) Some ISPs do care about their customers. 

[mach]

12 minutes ago, MarbleHornets said:

 

Depending on what VPN you use, it might not tunnel all traffic through your VPN, only internet traffic. Or if you use a virus scanner from your ISP, it could also send traffic data back to them even if you use a VPN. It could also be like what @tscanausa said as well.

 

Edit: Some malware can open specific ports or "back doors" to use to send data, which could also circumvent your VPN as well. 

 

4 minutes ago, Catsrules said:

If it is a virus, the virus is probably circumventing you VPN or the Virus is trying to scan local network traffic. Most VPNs don't block local traffic. (at least by default)

 

If you want better privacy I would get a router that supports VPN so you can tunnel all of your traffic over the VPN.  Basically you would have ISP Router --> Your router -->(VPN setup on router) ---> Local LAN

I use PIA. I did a scan with NOD32 but found nothing. A malwarebyte scan spotted a trojan file but it's way too old to be the one they claimed. 

But using my own VPN router seems to be a great idea!

Since I'm not knowledgeable enough to find out what slips through I guess it's better to be sure!

 

Thank you all for the help!

[imreloadin]

Call your ISP at the phone number listed on your bill and confirm with them, if they say this is the case still then tell them to send a tech out to your house.

 

This is something that can happen with your router, however normally your ISP won't care. They'll just bill you for the additional data usage, which can be quite a bit per the below article from good o'l Ars Technica:

 

https://arstechnica.com/staff/2017/02/router-assimilated-into-the-borg-sends-3tb-in-24-hours/

 

Like I said though, just call your ISP from their LEGIT channels (such as the customer service # on your bill) and they should be able to get it sorted out for you.

[Bladehawk]

Do they know what port it's coming from/to?  they may be calling the VPN a "virus" if you're tormenting from it or the like to get you to stop and cut down on your usage.  I'd call the ISP and ask what information they're collecting and how you can opt out as well. If you have port forwarding turned on (and a pc listening on that port they may see that as "virus -like behavior.

 

Thank God my ISP sent us a net neutrality pledge after the repeal, will not share even aggragate data about me, doesn't have data caps and bent over backwards when I found bugs in their routers new firmware that caused real issues for me (nobody else had the issue because they don't have a lot of power users).  I love Wave Broadband (no, I don't work for or represent them).

[aezakmi]

That's FAKE, they're trying to sell you some crap like a $60/mo antivirus or "remote IT support", it's just a shady marketing strategy to make unaware or newb users pay for something they can get for free like an av, firewall or whatever

 

About the router, they can't block you from using your own, if you match the configs it should work, the router my ISP gave me was total junk, single LAN port even when I told them I have several computers, overload and overheating problems when downloading stuff larger than 1GB and more... I just put my own Cisco there and disabled the 069 protocol (sends router data to the ISP so they can change the admin passwd or reset it to defaults) and limited remote access (only my MAC address is allowed to modify settings)

 

If u unsure just scan your pc for viruses to be sure.

remember the data has to go through the ISP servers (DNS is located there) before reaching the VPN server and be redirected to another X server

[Ckdota]

Lot of misinformation in this thread but I want to start off by asking what ISP are you with?

 

Here in canada I once got a call from my cable ISP (Rogers) about a vulnerability in my network caused by UPNP. Your ISP could be detecting that some device on your network (most likely a wireless router) has UPNP enabled which flags them about a potential SSDP vulnerability (Simple Service Discovery Protocol). I would suggest calling the number on your bill and having a new service agent clarify the message followed by a potential dispatch of a technician. 

[JoostinOnline]

12 hours ago, Sauron said:

*snip*

 

12 hours ago, stateofpsychosis said:

*snip*

 

9 hours ago, aezakmi said:

*snip*

You all seem to have missed this:

12 hours ago, mach said:

OK I can confirm now it's not a phishing. I logged into the customer portal of the ISP and they opened a ticket for the same issue.