cancel
Showing results for 
Search instead for 
Did you mean: 

Virus message on login - cause?

N/A

Virus message on login - cause?

Hi,

A customer of mine uses plusnet ADSL for their office connection. Their microfilter stopped working (I presume by the lightening over the weekend) so they had no internet connection until about 5:30 Monday evening.

When I got them logged on again, my first attempt to view a web page was redirected to a page from PlusNet warning me of virus like activitity.

Over the last couple of weeks they have had a virus problem, but last week they put up to date Norton on all machines, and have removed their infection.

When I reconnected this morning - no message.

Could the redirection relate to the previous problems? Or could it relate to the fact that as soon as it was connected their server would have tried to send out the umpteen waiting messages?

I'd appreciate an answer from someone who knows what is being checked on this (e.g. someone from PlusNet) as this has caused some consternation (and cost) to our customer, who are very confident they are now clean.

Thanks,
Ben
3 REPLIES
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Virus message on login - cause?

The redirect occurs when PlusNets main routers detect activity on port 135 from any PC. This is a common port used by viruses to propogate or scan other PCs which is why it is blocked.

So yes, the virus problem was probably to blame for this redirect page being seen.

PlusNet do this as a warning to the user that they may be infected so they can take the necessary steps (as they have done) to remove or check for virus infections. It also stops that PC from infecting other PlusNet customers or anyone else on the internet.
N/A

Current or past

So does this detect activity at the time of the redirect, or could it be reporting on previously detected activity?

Thanks for the VERY quick reply, btw! I'm impressed.

Regards,
Ben
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Virus message on login - cause?

Activity on port 135 is being checked all the time, so as soon as activity was detected on port 135, the redirect would have occured the next time they tried to visit a web page.

If you disconnect your ADSL connection then reconnect, it usually clears the redirect until the next port 135 activity is detected.

I also believe the block lasts for about 30 mins but I can't be sure about that one.

If their system remains clean and no port 135 activity is detected, they should not see the redirect page again.