---

@SC-Client wrote:

That leaves Team Viewer, which is installed on the majority of devices, but this highly professional software is beyond any suspicion for me.

---

However, serious security gaps have been identified several times in the past with this “highly professional software” which is “beyond suspicion”.

I would approach the matter with a little more suspicion… if you just trust everything, it will be difficult to find the possible infection vector.

The rest has already been said (and can be found numerous times in identical threads, some of which exist in this forum);

- No, Swisscom cannot tell you which device is affected, because Swisscom only analyzes the data stream between your router and the “headquarters”, but not within your network.

- Swisscom considers it extremely unlikely or even impossible that this could potentially be a “false alarm”. If there is a blocking, then it is justified (according to Swisscom). My personal experience with customers is that you can always find the cause, even if the customer hasn’t found anything themselves. (One or two exceptions confirm the rule. But these were cases in which the customers did not want to invest enough working time, i.e. if we could have continued to search, we would have found something.)

It’s best to explain what methods you used to try to find the infection. Then they can give you a few tips on what else you could try. (Although, as I said, this has all been explained in detail here in identical threads one time or another.)

no, actually not!

Hello @Pliettieffet37

Do you use Android tablets?

Or have you rooted your Android devices?

Do you also have Whatsup or other messengers installed there that are not from the official Playe Store.

Because not every app you install does what it says it does. She may be doing things in the background that you shouldn’t know about.

Do you share your WiFi with your neighbor etc…

Greetings Lorenz

Hello folks

So I’ve had the same problem since autumn 2020. My internet connection kept being blocked. I then took all possible measures. All devices in the network reset to factory settings and reinstalled. Even TV sets or WiFi boxes in the network reset and assign your own passwords instead of the default passwords. Even bought new PCs and put them on the network. And yet my internet connection kept getting blocked. It was also strange that after a lot of back and forth I received a new IP address, but as soon as I hung up the phone with Swisscom support I was already on the Smamhaus blacklist again. It can’t be 2 minutes after the change. I also described Teamviewer above. Use Internet Security from Kaspersky, which also includes VPN protection. And the more they block you, the more such crappy tools you install, even based on advice from Swisscom Supporters, and the worse it gets. They tell you that since February, the latest firmware has been used to mark devices that may contain malware. The next Swisscom fritze then says again that it’s not that far. Everyone says something different. I’m really close to changing all this shit.

---

@vormirdieSinflut wrote:

Hello guys

So I’ve had the same problem since autumn 2020. My internet connection kept being blocked. I then took all possible measures. All devices in the network reset to factory settings and reinstalled. Even TV sets or WiFi boxes in the network reset and assign your own passwords instead of the default passwords. Even bought new PCs and put them on the network. And yet my internet connection kept getting blocked. It was also strange that after a lot of back and forth I received a new IP address, but as soon as I hung up the phone with Swisscom support I was already on the Smamhaus blacklist again. It can’t be 2 minutes after the change. I also described Teamviewer above. Use Internet Security from Kaspersky, which also includes VPN protection. And the more they block you, the more such crappy tools you install, even based on advice from Swisscom Supporters, and the worse it gets. They tell you that since February, the latest firmware has been used to mark devices that may contain malware. The next Swisscom fritze then says again that it’s not that far. Everyone says something different. I’m really close to changing all this shit.

---

Have you already changed the WiFi password? The abuse could also occur outside your network. You won’t be able to get rid of certain malware with a factory reset. I already consider a virus protection from Russia from Kaspersky to be malware. With Windows 10 you no longer need any third-party security software such as virus protection, firewall, anti-malware, etc. Windows Defender is completely sufficient for private users! Save yourself the money and you’ll even gain more security. Since third-party endpoint protection solutions have to embed themselves very deeply in Windows and behave like malware itself, they are very vulnerable and usually full of security gaps. As a private user on Windows 10: Stay away from Avira, McAffee, Kaspersky, Norton and Co.

I recommend that you start with your Windows devices first: Everything that is not Windows 8 or 10 (Windows 7, Vista or XP) is no longer operated! Windows 10 devices always use the Windows 10 Media Creation Tool ([https://www.microsoft.com/de-de/software-download/windows10ISO](https://www.microsoft.com/de-de/software- download/windows10ISO)) from Microsoft from scratch. Delete all partitions and recreate them. And then: Stay away from all tools that you don’t need or think you do. Favorites are the stupid registry cleaners and tuning utilities. Stay away from the brut. You don’t let the mafia clean your house either. The computer should always be kept as clean as possible or as “stock” as possible.

@vormirdieSinflut

I can only agree with @millernet, less is simply more in these questions!

And that applies to both hardware and software.

So first get rid of all the completely unnecessary software helpers and tools, then reduce the devices to the necessary minimum and see for at least a week whether the problem has gone away.

Then put device after device back into operation and check again and again whether the problem occurs again.

If so, you know that the last device put into operation must be the culprit.

Removing the problematic software also includes any connection utilities to VPN providers or corresponding browser extensions.

And when it comes to devices, you shouldn’t see the circle of possible sinner devices too narrowly, because once your Windows PC is installed with Microsoft Native, they actually fall out of the circle of suspects.

Incidentally, IoT devices are particularly vulnerable on the hardware side.

So if you have web cams, weather stations, kitchen appliances or whatever else on your network, the first thing I would do is remove them from your network.

P.S.:

Incidentally, Swisscom will not be able to help you with identifying infected devices in the local network, at least for the next few months.

Yes, I changed all passwords. Do you really mean that I no longer need additional virus protection with Windows 10? Isn’t that a bit negligent? What additional virus protection do you use?

The more they blocked me and I relied on the different opinions of Swisscom employees, the more shitty tools I installed. That was probably the mistake. I had this VPN monitoring from Kaspersky as well as CCleaner. I’ve now uninstalled it. I have a NAS from Synology and I also had it checked by an IT company. The surveillance cameras were also completely reset. Hard reset.

@vormirdieSinflut

Microsoft Defender is no worse or better virus scanner than any other. It serves the purpose, and does it just as well as any other. It is important that you keep Windows 10 up to date, and even more important, or actually the best virus protection is not installed on the PC, but sits in front of the PC. A healthy distrust and thinking twice about “do I really have to click on it now” is important!

As you describe your long-standing problem, uninstalling software probably won’t be of much use, because malware usually can’t simply be uninstalled at the push of a button once it’s on it. And I think neither uninstalling Kaspersky nor CCleaner will solve your problem.

How did they say before? format c:?

@millernet and @Werner have written to you about how to proceed with such problems.

Changing your password is certainly the first step and is also the right thing to do. But what if the PC on which you change the password in Kundencenter is already infected and intercepts and passes on this password change?

This usually provides 99% protection:

https://www.brain.yubb.de

Windows Defender is responsible for the remaining percent…

@SC-Client

It caught me once too. At that time I received an email that explained exactly what the problem was and how to fix it.

Is that no longer the case today?

You can think what you want about Swisscom, but in all cases that I know of, the suspensions due to suspicious activity were, without exception, completely justified. Swisscom was also always very helpful and willingly passed on all available information to help find the cause. If you get infected with viruses on the Internet, you may have to pay a professional to get it sorted out.

Of course, you can also try it yourself and, for example, in this case if you have a Mirai infection, you can reinstall all your Windows computers. You’ll definitely learn a lot. But you could have saved yourself if you had [informed yourself] beforehand (https://de.wikipedia.org/wiki/Mirai_(Computerwurm)).

It cannot be Swisscom’s job to explain every step to solving the problems they have created to laypeople. It is not without reason that there are professionals with many years of training and experience in this field who earn their living doing this. There are now cyber insurance policies for private individuals specifically for such events.

Hello everyone

The culprit could easily be an Android phone or Taplet.

If you had installed a program there from a dubious source.

(Watsup as a Taplet version. That doesn’t exist officially, but certain clever people have written such an app, so it makes more sense just by sending messages.

Or you got a VPN software that is free, but it sends spam in the background, and that’s why it’s free for the customer, because the provider gets paid for sending spam.

I just want to ask for help, you may be using such a device and haven’t thought of it yet.

And by law every ISP has to block Anschluss if it is misused. If they don’t do it, the ISP’s RNking will be downgraded and the ISP wants to avoid that at all costs.

Greetings Lorenz

@SC-Client

Swisscom is just playing the role of reseller of F-Secure for a product that is now actually superfluous anyway.

I would save these costs immediately, because the security from Microsoft itself has proven itself very well in the meantime and as soon as you install a third-party product, the manufacturer’s security provided by Windows 10 itself is largely switched off and you are also messing with the operating system’s core competencies, which can then result in further collateral damage that is difficult to understand.

I still have a few lifetime licenses for virus scanners that I have long since taken out of circulation, including several test winners in the scanner business.

PowerMac

Anyone who can read has a clear advantage. Firstly, after the second shutdown of the internet connection, I immediately commissioned my IT specialist, who has owned an IT company for 25 years, to check the devices and set them up again. Except these Smart TV devices and WiFi Bose boxes were not made because Swisscom was also convinced that these devices could not be the ones. However, I then reset these devices myself. As a loan, I dared to stick a paper clip in the hole and perform a reset and then get it working again with the latest firmware. Swisscom is my contractual partner and it cannot be the case that I, as a customer, contact Melani about the problem and get more detailed information on how and why. It is unlikely that you will have a direct contact person at Swisscom. Every employee has to read up on the case and in the home office they don’t have any other options than I have in the customer center with expert mode. It also annoys me when cooking pots clink and children’s screams can be heard in the background. This does not speak at all for serious customer service. Regardless of whether I got myself into something or not. Google spits out a few such cases, which ultimately turned out to be error messages.

As mentioned, I don’t connect my iPad or iPhone to the home network. This means that these devices have their own IP and these connections have never been blocked.

Just always have an internet connection via PC. And that too with a brand new system that was freshly purchased in January. Specifically, the internet connection was blocked before the new device and also with the new device. Whenever I entered the address directly without https in the browser, whether Firefox or Internet Explorer. So example sbb.ch. 50 times went well then I was blocked again. However, when I entered sbb in Google despite being blocked and then clicked on the link that just generated a https://www.sbb.ch/de/ I came despite being blocked by Swisscom.

Since I tried everything to get to the bottom of the error, I of course also bought paid VPNs from Kaspersky and CCleaner. However, I have since uninstalled it following your advice. Regardless of whether I had these tools or not, I was blocked by Swisscom.

I received a report from Swisscom. However, no concrete information. For me, probably doesn’t mean certain. A technician sent me the following message while we were on the phone. So no fake email

************************* ****************

          Email

************************* *****************

************************* *****************

 Attachment Reason for Barring

************************* *****************

You are receiving this email because you are registered in our system as a contact for AS3303 or because your email address is registered with RIPE as an abuse contact for AS3303.

The National Center for Cyber ​​Security (NCSC) has been notified by a partner of one or more Internet of Things (IoT) devices on your network that have most likely been compromised by hackers and are now being used for malicious purposes . Attached you will find a list of affected IP addresses that have been reported to us in the past 24 hours.

The affected devices were most likely infected with a malware called Mirai through the use of a default password.

We recommend that you identify the affected devices or customers and secure and clean them up (e.g. by resetting the device to the factory settings). You can find an overview of NSCS recommendations regarding IoT devices on our website.

Security in the “Internet of Things” (IoT):

https://www.melani.admin.ch/iotsicherheit

01/29/2021 10:50:59 +0000,111.11.111.11 (IP was changed)*********************** *******************

 Attachment Lookup Information

************************* *****************

Lookup with 111.11.111.11 (IP has been changed) and date Fri Jan 29 10:50:59 GMT+00:00 2021

************************* *****************

          Info mail

************************* *****************

And I took all of these measures. And as mentioned, have it checked by an IT company.