@Tux0ne wrote:
In your case it may be that you use a VPN solution, for example. To circumvent Geo IP blockades.
No, I don’t use it. However, I have a small Windows server running media center software, but I couldn’t detect any malware there either. That leaves Team Viewer, which is installed on the majority of devices, but this highly professional software is beyond suspicion for me.
No, this is the normal process. My IDS/IPS also works like this. Who cares about the exact details? Strange occurrence, IP blocking done.
Speaking of Team Viewer. This is also blocked on the networks where I have a security job. The tendency is that many devices have maintenance access. Teamviewer is a brutal solution that can also be used improperly. I rarely experience the moment of wtf Teamviewer not working live. But I imagine it would be funny.
The question I ask myself is, should an ISP analyze data and block SPAM? To date, I do not find this trend to be welcome. One reason why everything should be encrypted these days.
@SC-Client wrote:
That leaves Team Viewer, which is installed on the majority of devices, but this highly professional software is beyond any suspicion for me.
However, serious security gaps have been identified several times in the past with this “highly professional software” which is “beyond suspicion”.
I would approach the matter with a little more suspicion… if you just trust everything, it will be difficult to find the possible infection vector.
The rest has already been said (and can be found numerous times in identical threads, some of which exist in this forum);
- No, Swisscom cannot tell you which device is affected, because Swisscom only analyzes the data stream between your router and the “headquarters”, but not within your network.
- Swisscom considers it extremely unlikely or even impossible that this could potentially be a “false alarm”. If there is a blocking, then it is justified (according to Swisscom). My personal experience with customers is that you can always find the cause, even if the customer hasn’t found anything themselves. (One or two exceptions confirm the rule. But these were cases in which the customers did not want to invest enough working time, i.e. if we could have continued to search, we would have found something.)
It’s best to explain what methods you used to try to find the infection. Then they can give you a few tips on what else you could try. (Although, as I said, this has all been explained in detail here in identical threads one time or another.)
21 days later
Hello @Pliettieffet37
Do you use Android tablets?
Or have you rooted your Android devices?
Do you also have Whatsup or other messengers installed there that are not from the official Playe Store.
Because not every app you install does what it says it does. She may be doing things in the background that you shouldn’t know about.
Do you share your WiFi with your neighbor etc…
Greetings Lorenz
2 years later
Hello folks
So I’ve had the same problem since autumn 2020. My internet connection kept being blocked. I then took all possible measures. All devices in the network reset to factory settings and reinstalled. Even TV sets or WiFi boxes in the network reset and assign your own passwords instead of the default passwords. Even bought new PCs and put them on the network. And yet my internet connection kept getting blocked. It was also strange that after a lot of back and forth I received a new IP address, but as soon as I hung up the phone with Swisscom support I was already on the Smamhaus blacklist again. It can’t be 2 minutes after the change. I also described Teamviewer above. Use Internet Security from Kaspersky, which also includes VPN protection. And the more they block you, the more such crappy tools you install, even based on advice from Swisscom Supporters, and the worse it gets. They tell you that since February, the latest firmware has been used to mark devices that may contain malware. The next Swisscom fritze then says again that it’s not that far. Everyone says something different. I’m really close to changing all this shit.
@vormirdieSinflut wrote:
Hello guys
So I’ve had the same problem since autumn 2020. My internet connection kept being blocked. I then took all possible measures. All devices in the network reset to factory settings and reinstalled. Even TV sets or WiFi boxes in the network reset and assign your own passwords instead of the default passwords. Even bought new PCs and put them on the network. And yet my internet connection kept getting blocked. It was also strange that after a lot of back and forth I received a new IP address, but as soon as I hung up the phone with Swisscom support I was already on the Smamhaus blacklist again. It can’t be 2 minutes after the change. I also described Teamviewer above. Use Internet Security from Kaspersky, which also includes VPN protection. And the more they block you, the more such crappy tools you install, even based on advice from Swisscom Supporters, and the worse it gets. They tell you that since February, the latest firmware has been used to mark devices that may contain malware. The next Swisscom fritze then says again that it’s not that far. Everyone says something different. I’m really close to changing all this shit.
Have you already changed the WiFi password? The abuse could also occur outside your network. You won’t be able to get rid of certain malware with a factory reset. I already consider a virus protection from Russia from Kaspersky to be malware. With Windows 10 you no longer need any third-party security software such as virus protection, firewall, anti-malware, etc. Windows Defender is completely sufficient for private users! Save yourself the money and you’ll even gain more security. Since third-party endpoint protection solutions have to embed themselves very deeply in Windows and behave like malware itself, they are very vulnerable and usually full of security gaps. As a private user on Windows 10: Stay away from Avira, McAffee, Kaspersky, Norton and Co.
I recommend that you start with your Windows devices first: Everything that is not Windows 8 or 10 (Windows 7, Vista or XP) is no longer operated! Windows 10 devices always use the Windows 10 Media Creation Tool ([https://www.microsoft.com/de-de/software-download/windows10ISO](https://www.microsoft.com/de-de/software- download/windows10ISO)) from Microsoft from scratch. Delete all partitions and recreate them. And then: Stay away from all tools that you don’t need or think you do. Favorites are the stupid registry cleaners and tuning utilities. Stay away from the brut. You don’t let the mafia clean your house either. The computer should always be kept as clean as possible or as “stock” as possible.
I can only agree with @millernet, less is simply more in these questions!
And that applies to both hardware and software.
So first get rid of all the completely unnecessary software helpers and tools, then reduce the devices to the necessary minimum and see for at least a week whether the problem has gone away.
Then put device after device back into operation and check again and again whether the problem occurs again.
If so, you know that the last device put into operation must be the culprit.
Removing the problematic software also includes any connection utilities to VPN providers or corresponding browser extensions.
And when it comes to devices, you shouldn’t see the circle of possible sinner devices too narrowly, because once your Windows PC is installed with Microsoft Native, they actually fall out of the circle of suspects.
Incidentally, IoT devices are particularly vulnerable on the hardware side.
So if you have web cams, weather stations, kitchen appliances or whatever else on your network, the first thing I would do is remove them from your network.
P.S.:
Incidentally, Swisscom will not be able to help you with identifying infected devices in the local network, at least for the next few months.
Hobby-Nerd ohne wirtschaftliche Abhängigkeiten zur Swisscom
Yes, I changed all passwords. Do you really mean that I no longer need additional virus protection with Windows 10? Isn’t that a bit negligent? What additional virus protection do you use?
The more they blocked me and I relied on the different opinions of Swisscom employees, the more shitty tools I installed. That was probably the mistake. I had this VPN monitoring from Kaspersky as well as CCleaner. I’ve now uninstalled it. I have a NAS from Synology and I also had it checked by an IT company. The surveillance cameras were also completely reset. Hard reset.
Microsoft Defender is no worse or better virus scanner than any other. It serves the purpose, and does it just as well as any other. It is important that you keep Windows 10 up to date, and even more important, or actually the best virus protection is not installed on the PC, but sits in front of the PC. A healthy distrust and thinking twice about “do I really have to click on it now” is important!
As you describe your long-standing problem, uninstalling software probably won’t be of much use, because malware usually can’t simply be uninstalled at the push of a button once it’s on it. And I think neither uninstalling Kaspersky nor CCleaner will solve your problem.
How did they say before? format c:?
@millernet and @Werner have written to you about how to proceed with such problems.
Changing your password is certainly the first step and is also the right thing to do. But what if the PC on which you change the password in Kundencenter is already infected and intercepts and passes on this password change?
- Solutionselected by SamuelD
The question, of course, is what kind of abuse ban you received:
- Compromised account (don’t think so, you would have to change SC Login PW and Mail PW)
- Outbound spam (a messaging service in the home network shoots spam out into the world)
- Malware (malicious software)
I’m leaning more toward malware or spam distribution (caused by malware).
The IP change is of no use in this case, as soon as the malware communicates externally or does something else, the Anschluss is blocked immediately (this also happens in 30 seconds). You end up at Spamhaus because other international ISPs report the IP address, not just Swisscom. Swisscom will be contacted by these ISPs so that we can stop this. There are various legal articles for this:
For spam:
When attacked:
Have you not received any information about what malware it is? As a rule, the customer history contains an attachment with the information about what caused the block.
Otherwise, please contact the hotline again and ask for information about the reason for the blocking.
Greeting
Chris
I was banned allegedly due to malware on one of my devices. Probably Mirai. But not 100% sure either. I was registered in the blacklist with Spamhaus and SORB. Although the SORBS entries were from 2009. When Swisscom gave me a new IP the week before last, there was another entry from Spamhaus in it just 2 minutes after changing the new IP. I suspect that I took that over from the predecessor.
Basically, I really don’t click on any links that I don’t know. They are all work tools. I even got into the habit of looking at the emails on my iPhone to see whether they are spam or other unwanted emails and then deleting them. So they don’t even come to my PC. I generally don’t try to connect my iPhone to the network.
As mentioned, after the information that a device in my network was infected with Mirai, it was reset and reinstalled. Only when I was blocked again did I reset and reinstall TVs and presenters that had a default password. All in all, around 1500.00 was transferred to the IT company and it took around a week to set everything up again. Does anyone know of a tool that monitors the network, which devices are sending what and how much? I can view network activity in Kaspersky. However, I don’t see any irregularities. I also switched off V6IP in the Swisscom Internetbox and set the firewall settings to strict.
My Latin has now come to an end. I think I’ve done everything possible. In addition, these Swisscom employees tell me something different every time. And with some Swisscom employees you can tell that they are in the home office and, in addition to giving advice, are still stirring things up instead of trying to provide help.
No provider can afford to block internet access to a customer who pays on time, often for a long time, without specific information about the exact reason for the disruptions caused, otherwise they would lose a significant proportion of their customers in a very short space of time. Swisscom obviously sees things differently; they are, after all, a state-owned company. If Swisscom were to actively and in consultation with the customer at least name the device that was causing the problem (media access control address), it would be easy for the customer to determine the problem. My internet connection was only activated again after I had reinstalled all Windows systems (!). The “culprit” was obviously my constantly running Windows home server, which was not equipped with comprehensive virus protection. Since I replaced it with a normal Windows 10 system, I have never had this type of problem with Swisscom.
You can think what you want about Swisscom, but in all cases that I know of, the suspensions due to suspicious activity were, without exception, completely justified. Swisscom was also always very helpful and willingly passed on all available information to help find the cause. If you get infected with viruses on the Internet, you may have to pay a professional to get it sorted out.
Of course, you can also try it yourself and, for example, in this case if you have a Mirai infection, you can reinstall all your Windows computers. You’ll definitely learn a lot. But you could have saved yourself if you had [informed yourself] beforehand (https://de.wikipedia.org/wiki/Mirai_(Computerwurm)).
It cannot be Swisscom’s job to explain every step to solving the problems they have created to laypeople. It is not without reason that there are professionals with many years of training and experience in this field who earn their living doing this. There are now cyber insurance policies for private individuals specifically for such events.
Have you tried turning it off and on again?
Hello everyone
The culprit could easily be an Android phone or Taplet.
If you had installed a program there from a dubious source.
(Watsup as a Taplet version. That doesn’t exist officially, but certain clever people have written such an app, so it makes more sense just by sending messages.
Or you got a VPN software that is free, but it sends spam in the background, and that’s why it’s free for the customer, because the provider gets paid for sending spam.
I just want to ask for help, you may be using such a device and haven’t thought of it yet.
And by law every ISP has to block Anschluss if it is misused. If they don’t do it, the ISP’s RNking will be downgraded and the ISP wants to avoid that at all costs.
Greetings Lorenz