I'm part of a BotNet? I doubt it.

It’s your printer, it’s always the printer. Joking aside, reading through this thread it sounds like a false positive. Other than putting a sniffer/firewall between your router and modem it seems there is nothing else you can do but to see if you get flagged again. If you do and it’s on a different dynamic IP then something is either wrong on your end, and or their detection signatures need some work.

 

Or, some other person who used to have that dynamic IP assigned to him/her also has an infected system.

 

Two different assigned IPs giving the same result shouldn't happen unless the ISPs customer base is entirely made up of botnets... The more likely scenario is if this occurs again its either the end user or the site’s means of detection.

 

Why not? Is it so unrealistic to think that, from many hundreds of potential customers, many of them may actually be part of a botnet? Considering that most are probably using Windows (the most used system in home environments), and that 99% of these users probably got no skills to secure their system, why would it be crazy to consider that there's a high change of it happening again? Not to mention what's the % of those users (regardless of what ISP we're talking about) running legal Windows versions and not some pirated version.

It actually happens to me from time to time, which forces me to disconnect and reconnect my device.

 

Reading some of this makes me thankful that my IP never changes. It's been the same for at least 5 years. According to my ISP, it is a dynamic IP. I had considered paying for a static IP, but since I seem to already have one there's no point in doing so. Anymore, I'm not sure that there's any advantage to having a dynamic IP, and as this thread shows, there are disadvantages.

 

The advantage of having a dynamic IP is that in case of DDOS or similar disrupting actvities aiming (intentionally or not) at jamming your connection you can easily escape by forcing a releasing of a new IP. This is normally rare but happens...

 

@Hungry Man- so you haven't run any kind of network monitor to sniff the traffic? I'd be so curious I wouldn't be able to NOT sniff the traffic.

Anyway did you reset the router (and change the user & password)? That's an easy enough fix to clean out any potential router infections.

And because I'm paranoid, I've gotta throw this out there... You said the modem isn't wireless, but do you have a wireless network? Could someone outside of your house be freeloading off your wifi? I suppose a network monitor would find that quick enough.

 

I doubt anyone has broken into my router. It's running DD-WRT, I only connect to it over HTTPS or direct connection, it's got a strong WPA2 password. None of the logs on the router suggest an intruder.

The website no longer blocks me so I think I'm fine.

 

This is an intriguing thread. Here are a couple extra things to keep in mind while investigating.

First, I wouldnt put too much confidence in the botnet identification given to you by the site. While it may be easy to determine if botnet attacks are coming from an IP address, identifying the specific type of botnet malware responsible is just a best guess. It may say its a Windows botnet, but it really could be anything.

Second, don't forget mobile devices you allow onto your wifi. Especially androids and iphones.

 

True - and I figured as much. Linux rootkits aren't that common though and considering my in-depth setup I'd be surprised if I were exploited.

I don't use my Wifi with my Android device and the IP matched my computers.

I'm fairly certain it was a false positive and/or leftovers from the last person with this IP.