ISP warned me they detected virus from my PC, I am quite concerned..

[jde3]

ISP's might do that if that's in their policy, they usually don't though so... everyone is right, prob a phish. An ISP is more likely just to terminate your connection and make you call them.

 

You can find out and it might be in your interest to follow this lead if you aren't sure, read the email header. If you can't or don't know how then send it to someone who can. (privately, not publicly here) If none of that's an option send the header to the ISP and ask them directly. (don't reply but open a new ticket with then and paste them the email source, and keep in mind a tier 1 customer service rep probably dosen't know how, so it will have to be escalated to someone who does.)

 

VPN has nothing to do with an infected machine, specially on windows if it's at the application layer. Firewall may not either. if your system is part of a botnet or sending spam your firewall is moot.

 

In a chain of security always make sure you initiate contact with someone before you give them any details. If someone calls you asking for your details tell them you want to call them back and ask for their extension. That way you can verify who your talking to actually works for the company they say they do. (or they hacked their PBX like Kevin Mitnick)

[DogKnight]

While emails like this are a common scamming method used to pray on the less knowledgeable, sometimes these messages are legitimate. 

 

It's most likely that there is traffic originating from your network that is linked to some sort of malware or botnet. This could be from your primary device, or even a neighbor using your WIFI. 

 

ISP's will often subscribe to a number of different threat feeds from security companies that will provide them with IOC's (Indicators of Compromise). The IOC could be as simple as an IP or DNS address linked to a malicious actor. It may not even currently be active, it may have just been registered using the same details as another site that hosts malware. 

If your ISP is seeing traffic to one of these addresses, it could be reason enough to prompt a user alert. 

 

Regarding your VPN, it is likely that it only tunnels specific types of traffic. E.g. HTTP, HTTPS, POP3, SMTP, FTP, etc. And even within those protocols, it may only tunnel traffic over the default ports (e.g. Port 80 for HTTP). 

So if any traffic is being sent outside of these confines, it may not be getting tunneled through your VPN. 

 

Regarding your privacy, it's best to find out exactly what traffic types your VPN tunnels. Then you can make a judgement as to whether you need to change to one that may offer a broader coverage. 

 

For the suspect activity. Most security vendors offer free solutions that you can run on demand. Grab a couple and run them over your devices. Best to go for well known companies (Malwarebytes, Kaspersky Lab, Symantec, etc). 

Check your router also and see if any unknown devices are connected. Funnily enough, some free tools advertised online to help people crack WIFI security can often contain malicious payloads themselves. 

 

Hope this is helpful. 

[Ace McPlane]

6 hours ago, Ckdota said:

Lot of misinformation in this thread but I want to start off by asking what ISP are you with?

 

Here in canada I once got a call from my cable ISP (Rogers) about a vulnerability in my network caused by UPNP. Your ISP could be detecting that some device on your network (most likely a wireless router) has UPNP enabled which flags them about a potential SSDP vulnerability (Simple Service Discovery Protocol). I would suggest calling the number on your bill and having a new service agent clarify the message followed by a potential dispatch of a technician. 

You may be right about your case there, but they're talking about getting this in an email and no one would be wrong to tell someone to be suspicious about clicking on stuff in emails that claims you have a virus or whatever. I wouldn't call that misinformation. I'd call that telling people to be careful.

We were saying to not click on anything in that no matter what they do.

I suggested to reinstall windows which would most likely take care of the issue without taking any risks.

[Ckdota]

6 hours ago, stateofpsychosis said:

You may be right about your case there, but they're talking about getting this in an email and no one would be wrong to tell someone to be suspicious about clicking on stuff in emails that claims you have a virus or whatever. I wouldn't call that misinformation. I'd call that telling people to be careful.

We were saying to not click on anything in that no matter what they do.

I suggested to reinstall windows which would most likely take care of the issue without taking any risks.

Reinstalling windows wouldnt do anything in the case that I described. The issue is the wireless router having UPNP enabled. The best thing to do is to call the ISP with the phone number on your bill (not the one from an email) and open a ticket.

[Ace McPlane]

3 minutes ago, Ckdota said:

Reinstalling windows wouldnt do anything in the case that I described. The issue is the wireless router having UPNP enabled. The best thing to do is to call the ISP with the phone number on your bill (not the one from an email) and open a ticket.

Replace the wireless router then.

It's not like they're expensive, but yea if they must try to deal with it through the ISP the main thing it to reiterate to never click on anything in an email that says something like this or give any personal information over the phone to anyone who calls you making such a claim. To look up the number yourself and call them.

That, I agree with you on 100%