cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Suspicious activity on my network

Gintas
Dabbler
Posts: 10
Registered: ‎19-05-2019

Suspicious activity on my network

‎17-08-2023 9:31 AM

I get email "We've opened a Question on your account" almost moth ago

We have received reports that a PC using your IP address has been scanning other networks looking for vulnerable ports.

 The most likely explanation for this is that you are infected with a virus. Please disinfect your system, and then inform us using the Help Assistant in the customer portal (http://portal.plus.net/wizard/index.html, click on Customer Services & Billing) that you have done so.

 We do not recommend a specific anti-virus product, but one freely available virus checker is AVG AntiVirus, available from http://www.grisoft.com/ . Other free and commercially offered products are also available.

Please do not hesitate to get back in touch online at http://contactus.plus.net or by phone on 0800 432 0200 if we can be of further assistance.

Kind regards,

Dudley Ricks

I ignore it because it not looked serious. Yesterday I found message in voicemail that my account will be restricted until it by sorted. Restricted no sound fun.. Problem is that my computer for me is clean. I think is because utorrent app running 24/7. So can't do with my internet what I want? utorrent malicious software?

And I don't use provided "router", because I have Vigor 130 modem and EdgeRouter ER-6P if that makes any different.

Message 1 of 8
(1,194 Views)
0 Thanks
7 REPLIES 7
jab1
Legend
Posts: 19,693
Thanks: 6,492
Fixes: 293
Registered: ‎24-02-2012

Re: Suspicious activity on my network

‎17-08-2023 9:43 AM

@Gintas Have you confirmed your machine is 'clean' by running your antivirus suites checking facility - that is, if you have an AV program?

John
Message 2 of 8
(1,185 Views)
0 Thanks
pvmb
Pro
Posts: 768
Thanks: 113
Fixes: 3
Registered: ‎12-02-2014

Re: Suspicious activity on my network

‎17-08-2023 10:43 AM

μTorrent

https://en.wikipedia.org/wiki/%CE%9CTorrent

"μTorrent, or uTorrent (see pronunciation) is a proprietary adware BitTorrent client owned and developed by Rainberry, Inc. The "μ" (Greek letter "mu") in its name comes from the SI prefix "micro-", referring to the program's small memory footprint: the program was designed to use minimal computer resources while offering functionality comparable to larger BitTorrent clients such as Vuze or BitComet. μTorrent became controversial in 2015 when many users unknowingly accepted a default option during installation which also installed a cryptocurrency miner."

Message 3 of 8
(1,146 Views)
0 Thanks
Baldrick1
Moderator
Moderator
Posts: 12,577
Thanks: 5,753
Fixes: 430
Registered: ‎30-06-2016

Re: Suspicious activity on my network

‎17-08-2023 11:08 AM

@Gintas wrote:

So can't do with my internet what I want?

Not if your ISP's monitoring system raises a red flag as the result of your activities..

From a quick Google search I read that this software is identified as either malicious or a PUP by many AV companies. Have you considered, or do you run it, through a VPN?

Moderator and Customer
If this helped - select the Thumb
If it fixed it,  help others - select 'This Fixed My Problem'

Message 4 of 8
(1,128 Views)
dvorak
Moderator
Moderator
Posts: 29,838
Thanks: 6,662
Fixes: 1,486
Registered: ‎11-01-2008

Re: Suspicious activity on my network

‎17-08-2023 12:13 PM

You either need to downgrade to an older version of utorrent or migrate to qbittorrent.

Personally I would remove utorrent asap, it’s a nasty bit of software these days.
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Message 5 of 8
(1,096 Views)
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,935
Thanks: 5,026
Fixes: 317
Registered: ‎04-04-2007

Re: Suspicious activity on my network

‎17-08-2023 12:43 PM

I second @dvorak's recommendation. uTorrent is poison these days.

However, @Gintas - I've a suspicion you may be jumping to conclusions.

@Gintas wrote:

And I don't use provided "router", because I have Vigor 130 modem and EdgeRouter ER-6P if that makes any different.

And you are exposing the EdgeRouter interface to everybody on the Internet from what I can tell.

You also have a bunch of other ports open to the Internet, including default SSH and DNS ports. Are you doing this intentionally? I'm hoping you haven't genuinely got a DNS service running on your network that can be queried from the Internet?

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Message 6 of 8
(1,079 Views)
Anonymous
Not applicable

Re: Suspicious activity on my network

‎17-08-2023 12:58 PM

@Gintas 

 

It's probably worth running GRC's ShieldsUP! to see which ports are exposed

 

Go to the GRC website  -  ShieldsUP!

Click on <Proceed>

Click on the button <All Service Ports>  in the centre of that page

Then wait and see what the results are,  hopefully every port should be green (Stealth).

 

While you are on the GRC website, you might as well run their UPnP test to see if your router has UPnP vulnerabilities -

 

Again go to the GRC website  -  ShieldsUP!

Click on <Proceed>

This time click on the orange button <GRC's Instant UPnP Exposure Test>

Then wait and see what the results are.

.

 

Message 7 of 8
(1,064 Views)
RobPN
Seasoned Hero
Posts: 5,280
Thanks: 2,789
Fixes: 13
Registered: ‎17-05-2013

Re: Suspicious activity on my network

‎17-08-2023 1:16 PM

@Gintas 

I'll 'third' the recommendation above regarding newer versions of uTorrent.

I haven't bothered to look what version it's up to now, but my really old uTorrent version 1.8.2 (apparently from 2009) is running 24/7 with no problems.

Message 8 of 8
(1,052 Views)
0 Thanks