Homepage › Forums › RetroPie Project › Everything else related to the RetroPie Project › Virus on Pi2? › Reply To: Virus on Pi2?
i’m facing the SAME PROBLEM !!
received 2 emails from AT&T and the ONLY device powered in my home is PI2 running retropie 3 beta 2
and using wireshark is possible see the device is infected !
PLEASE ANYBODY FROM THE PROJECT CAN SAY SOMETHING ABOUT ?
Malware infection advisory from AT&T Internet Services Security Center
AT&T U-verse Site ID:  XXXXXXX
Dear AT&T U-verse customer,
AT&T has received information indicating that one or more devices using your Internet connection may be infected with malicious software. Internet traffic consistent with a malware infection (“ddos-participant-ssdp-amplifier”) was observed on Apr 14, 2015 at 1:12 AM EDT from the IP address 23.11x.xxx.xxx. Our records indicate that this IP address was assigned to you at this time.
Infected computers are often used as part of a zombie computer network (“botnet”). Botnets are networks of computers which have been infected with malware and placed under the control of a hacker or group of hackers. They are often used for attacks on websites, spamming, fraud, and distribution of additional malware.
Because malware is designed to run in secret, an infected computer may display no obvious symptoms.
To address this matter we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.
If you use a wireless network, an infected computer may be using your Internet connection without your knowledge. Ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). Check the connections to the router and ensure that you recognize all connected devices.
Ensure your firewall settings and anti-virus software are up-to-date, and install any necessary service packs or patches. Scan all systems for viruses and other malware.
Additional tools and information:
Tools for removing rootkits, bots, and other crimeware:
Norton Power Eraser: https://security.symantec.com/nbrt/npe.aspx (Windows)
McAfee Rootkit Remover: http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx (Windows)
Tools for general virus and malware removal:
Microsoft Safety & Security Center: http://www.microsoft.com/security/ (Windows)
Malwarebytes Anti-Malware: http://malwarebytes.org/ (Windows, Android)
Spybot +AV: http://www.safer-networking.org/ (Windows)
OS X Gatekeeper: http://support.apple.com/kb/HT5290 (OS X)
AT&T Malware and Network Security analysts gather weekly to give you the information that you need to know about the latest security news and trends. Visit AT&T ThreatTraq at http://techchannel.att.com/showpage.cfm?ThreatTraq 
Regards,
AT&T Internet Services Security Center
Incident details for 23.1xx.xxx.xxx
Type: ddos-participant-ssdp-amplifier
Source port: 1900
Destination IP: 99.xx.xx.66
Hostname: CPE84948cced691-CM84948cced690.cpe.net.cable.rogers.com
Destination port: 80
For security reasons, the destination IP is partially obscured. 
DISCLAIMER: The information above contains links to software by third-party vendors (hereafter, “the Software”). AT&T is not responsible for support or assistance for any of the Software. If you need support or assistance with any of the Software, please contact the Software’s vendor directly. AT&T is unable to provide a warranty or guarantee, either expressed or implied, for any of the Software. You will be responsible for your own system software and system security and not hold AT&T, its partners, agents or affiliates liable for any costs or damages whatsoever (including, without limitation, damages to access system, hardware and/or software) to your computer as a result of installing or using any of the Software. You also understand that use of all hardware and/or software must comply with the AT&T Acceptable Use Policy.
Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link.