Suspended Account

Connection issues, drop outs or speed related faults for ADSL and ADSL2+ services
Post Reply
seifermd
Posts: 13
Joined: Mon Feb 08, 2010 12:54 pm
Location: Melbourne

Suspended Account

Post by seifermd » Fri May 14, 2010 6:06 pm

Hi there,

My account appears to be suspended with the listed reason as 'VIRUS'. The suspension began at 3am this morning. Following this I have run a full system scan with my updated anti-virus software (Kaspersky Internet Security 2010) with no threats detected. I'm quite confused at this stage and looking for help. How do I go about getting my account reactivated? Many thanks.

ForumAdmin
Posts: 3663
Joined: Sun Jan 04, 2004 2:31 pm
Location: Sydney

Re: Suspended Account

Post by ForumAdmin » Fri May 14, 2010 6:17 pm

I've asked a sysadmin to help you.

seifermd
Posts: 13
Joined: Mon Feb 08, 2010 12:54 pm
Location: Melbourne

Re: Suspended Account

Post by seifermd » Fri May 14, 2010 8:17 pm

Thanks a lot. Being a Friday night I can only hope to get this resolved over the weekend.

ForumAdmin
Posts: 3663
Joined: Sun Jan 04, 2004 2:31 pm
Location: Sydney

Re: Suspended Account

Post by ForumAdmin » Fri May 14, 2010 9:27 pm

I assume you have followed the instructions on the block page?

Martin V
Exetel Staff
Posts: 464
Joined: Wed Nov 08, 2006 12:38 pm
Location: Sydney where else :P

Re: Suspended Account

Post by Martin V » Fri May 14, 2010 10:33 pm

Hello seifermd,

I have unblocked your connection, please keep in mind that if you become blocked again for the same reason then there might be a problem with your system.
Martin
eXeTeL Support

bjcox
Posts: 5
Joined: Mon May 17, 2010 4:14 pm
Location: Wollongong

Re: Suspended Account

Post by bjcox » Mon May 17, 2010 4:33 pm

I have had exactly the same thing happen to me this morning. I'm pretty sure there are no viruses on my system (no new installs or anything like that) and my system is regularly running 24x7. Is there some change made to the EXETEL virus checking software returning false positives?

BTW I logged a support ticket and was told an engineer would look at the problem some time in the next 48 hours. Since there is potentially no problem and EXETEL has just chosen to turn off my connect this sort of delay is not acceptable. A mechanism to deal with issues where EXETEL has turned off service needs to be provided in a timely manner. If there was a real technical problem I can tolerate some turn around delay but just because EXETEL thinks I may have a virus on my system 48 hours of dead-time is really not good enough.

bjcox
Posts: 5
Joined: Mon May 17, 2010 4:14 pm
Location: Wollongong

Re: Suspended Account

Post by bjcox » Mon May 17, 2010 4:56 pm

Also can someone point me to the info on what status "VIRUS" actually means? Could it be a mail server attack because I did update my mail server software a month or so ago and so perhaps there is a vulnerability there which has recently been exploited. But would that be listed as "VIRUS"?

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Suspended Account

Post by Dazzled » Mon May 17, 2010 4:58 pm

bjcox, if you put Windows online, you are vulnerable. You don't have to install anything. If you are sure you are clean, you can say so and get reinstated. If you get cut off again, a serious clean up is called for, and some things, like root kits, are exceedingly hard to find. They are designed to be indetectable by almost all means. Genuine positives are much more likely than false ones.

If you don't own a second computer it isn't a bad idea to keep a live Linux CD or USB stick on hand (such as the trial version of a major distro like Ubuntu or Mint, or a mini-utility like Puppy) These are not vulnerable to online attack and can get you out of a hole if needed before your system is cleaned or reinstalled.


Edit, re the definition of the block:
Certain types of computer viri have unique and easily identifiable signatures that can be readily detected by network management systems. Typically, the virus will attempt to open many hundreds of thousands of connections to other computers to damage them or spread the virus.

This is the activity we have detected, or has been reported, on your computer.
(BTW Exetel, the Latin word virus has no plural form)

bjcox
Posts: 5
Joined: Mon May 17, 2010 4:14 pm
Location: Wollongong

Re: Suspended Account

Post by bjcox » Mon May 17, 2010 5:12 pm

Thanks for the reply. My windows system have very limited visibility from the net and I have not had a problem running this set up in many years. I suspect the problem may be my mail server (now on Ubuntu as it happens previously was running under Debian) but will need to investigate further.

BTW My ticket was opened and closed inside of 30 minutes but they did do anything except log a "service is visible online" and close the ticket. The service is still suspended!

bjcox
Posts: 5
Joined: Mon May 17, 2010 4:14 pm
Location: Wollongong

Re: Suspended Account

Post by bjcox » Mon May 17, 2010 5:18 pm

PS Virus scan of my entire Windows system just finished. I think the Windows machine is off the hook.

bjcox
Posts: 5
Joined: Mon May 17, 2010 4:14 pm
Location: Wollongong

Re: Suspended Account

Post by bjcox » Mon May 17, 2010 5:59 pm

OK so I rang the helpdesk again and answered limited connectivity instead of no connectivity. I found out that there is a site to unblock these sorts of problems blocked.exetel.com.au

I also found out that the virus activity is not necessarily occurring at the time of the block. So while the block was placed at 03:46am the virus activity could have been hours earlier. So I have scanned all my windows machines and found a few possible trojans which have been cleaned. Then used the website above to unblock.

Fingers crossed I stay unblocked.

austdata
Posts: 629
Joined: Wed Apr 25, 2007 12:38 am
Location: Melbourne

Re: Suspended Account

Post by austdata » Fri May 28, 2010 9:12 pm

bjcox wrote:PS Virus scan of my entire Windows system just finished. I think the Windows machine is off the hook.
Only if you have DSD grade anti-virus software.
The views I present here are not necessarily those from my brain.
Exetel's support number outside Sydney: 1300 788 141 NOTE: I do not work for Exetel.

jokiin
Volunteer Site Admin
Posts: 2970
Joined: Mon Feb 02, 2004 10:23 pm
Location: Sydney

Re: Suspended Account

Post by jokiin » Fri May 28, 2010 10:59 pm

bjcox wrote:I suspect the problem may be my mail server (now on Ubuntu as it happens previously was running under Debian) but will need to investigate further.
if you are running your own mail server then you should certainly take a closer look here as many viruses are related to mail activity, you could have an open relay or some other vulnerability that you're not aware of

take your mail server offline and do the unblock and see if you get blocked again, should be a good indicator of whether or not your mail server has issues

Post Reply