[SOLVED] Really worried after “Unusual Traffic” Captcha on Google. No viruses or VPN.

[Cassie2011]

After a couple of Google searches relating to the “Total War” franchise I was greeted to a Captcha from Google. It said it needed to check if I was really the one sending unusual traffic requests. It stated that this happens when requests are detected which seem to violate the terms of service. This was definitely Google.com and not a virus site. I did not complete the captcha. I restarted the PC & cleared browser data which solved the issue, but I’m still extremely worried as to why this came up to begin with. Praying my computer, personal info or worse isn’t compromised.

Norton, MalwareBytes and Super Anti Spyware show no infections. No VPN installed. I am so hoping that it was an extension that I had just installed a matter of minutes before this occurred- Norton Safe Web. It’s supposed to list each search result as safe or untrustworthy. After inspection it appeared that the extension wasn’t working at all so perhaps there was some sort of conflict there that caused this? I see no reports online of this extension causing such a frightening issue. Now I’m kinda panicking about why Google thinks I’m being nefarious. Afraid I could get in trouble for something that’s taken over my PC and causing bad behavior. Really appreciate any insights.

 

[Ralston18]

As a "one-time" occurence I would not worry about it.

My thought is that your search criteria (requests) simply created some sort of flag and Google's servers/software simply responded accordingly.

Or there was some other website that managed to get itself inserted into the traffic and thus the Captcha appeared. Good choice to not respond....

And Norton Safe Web may have triggered it all.....

Just keep an eye on things. Do some extra AV scans over the next few days.

Ensure that all important data is backed up at least 2 x in different locations. Verify that backups are recoverable and readable.

For the most part all you now need is Windows Security for AV, etc.. Having multiple AV apps running can create problems.

I use Windows Security for my AV. Malwarebytes free is installed but only run/used on an ad hoc basis. Generally after some similar Captcha or "Website Warning" pops up....

Just my thoughts on the matter.

 

[Cassie2011]

Thank you very much for the detailed reply. A little relieved.

I’m still super paranoid about the possibility of the PC having been hacked/used for nefarious purposes by others and me getting in trouble/arrested. Do you or anyone happen to know how often does that sort of thing happen?

Also it appears the Norton Safe Web actually isn’t supposed to show a safety rating next to each site, but rates the sites safety overall at the top toolbar. So it was working properly. I’m not sure if this inclines us to believe more or less that’s what caused it.

 

[Ralston18]

I would put having my PC hacked for nefarious reasons at the bottom of the list. Then wrongly going to jail, etc..

Anyway, keep your system protected with AV, use non-personal user/login names, strong passwords. Do not make your wireless network name something that can be used to identify you or your residence.

Your router probably can be configured to limit the number of allowed connected devices. Set the limit to the number of devices you have with maybe 2 or 3 extras for guests.

All access should require the use of a password. Get in the habit of checking the router's admin pages and logs. Watch for devices you do not recognize.

If you share a computer, each user should have their own account along with permissions applicable to their age and usage.

Use parental controls not only for kids but for general network management. For example, your router most likely will allow you to set and control access times. E.g., no traffic from midnight to 6:00 a.m. or what ever hours and days when you or anyone would not normally be online.

Not sure that I understand "Norton Safe Web actually isn’t supposed to show a safety rating next to each site, but rates the sites safety overall at the top toolbar ".

If Norton is doing something that it should not be then what you are seeing could be a bogus safety rating.... I will need to defer on that to someone who uses Norton and can explain the discrepancy there - if there is one.

 

[Cassie2011]

Thanks for the detailed info again Ralston. Is it possible that malfunctioning networking equipment could cause issues of “unusual traffic” like this? A few hrs after this happened and the day after I had of instances of my internet not working even though the modem and router both showed connected to the net. Restarting the router weirdly seemed to to wake everything up even though plugging directly into the modem wasn’t working either.

 

[Ralston18]

Malfunctioning network equipment - yes.

Loose connections in the network cabling - yes.

Intermittent power losses to modem, router, or modem/router - yes.

ISP issues - yes.

Buggy software: apps, drivers, OS - yes.

In any troubleshooting process it is necessary is to narrow down the problem and the source of the problem. And there certainly can be "one-off" occurrences. AKA "Gremlins".

Turning off your modem and router can sometimes result in your ISP providing your devices with a new public IP address. I have Xfinity (Comcast) and my public IP stays very much the same even if I have cycled off modem and router. To get a new public IP (sometimes) or to just get things working again, I have to turn off modem and router. After waiting "awhile" turn on the modem. Then after "awhile" longer turn on the router. Then start turning on network devices one by one so each device (barring devices given Static IP addresses) can be provided a new DHCP IP address by the router. That new DHCP IP address may or may not stay the same.

I used "awhile" because the time(s) can vary and I use the status LEDs to monitor and determine when any given device is back online and operational.

FYI:

https://www.lifewire.com/what-is-a-private-ip-address-2625970

Many routers have logs. In some cases the logs must be administratively enabled by the router's admin person.

Overall, the scope of the problem suggests the source problem. Every device affected: ISP or modem or router. If a device is connected directly to the modem and works then the router may be the problem. Or if wired works and wireless does not that could be router, wiring, or wireless interference.

There are four basic commands that can be used via the Command Prompt to help troubleshoot such issues:

ipconfig/all, ping, tracert, pathping. There are other commands but those four are a good start.

ping for example:

https://www.lifewire.com/ping-command-2618099

It can be easy to misinterpret the results of any of the commands but some additional use and experience using the commands will help with that.

And there are participants in this Forum who are very expert in using, interpreting, and understanding such test results.

Experiment with ping via your network devices.

Google the other commands and learn how to use them.

Once you have results that you understand and are comfortable with then save or print the results for future reference. If problems occur later just compare the command results with the earlier saved results - a baseline of sorts if you will. Determine what, if anything changed.

Very likely you will be able to quickly narrow down some problem. If within your network then you may be able to resolve the problem. If between you and your ISP then they may be able to fix something. A loose connection from the street to your residence.

Beyond your ISP - very little can be done there.

And it is well worth a few minutes time to trace out (follow the wires) coming into your residence and their respective paths therein. Do so safely (no climbing on roofs etc..) but you may discover damaged wires or corroded connections somewhere. Splitters often go bad and are normally very easy to replace. Rodents gnaw on cables, rubbing and abrasion occur.

All in all, very easy to do and makes it all the more likely that the next problem will be quickly found and hopefully quickly fixable.

 

[digitalgriffin]

After a couple of Google searches relating to the “Total War” franchise I was greeted to a Captcha from Google. It said it needed to check if I was really the one sending unusual traffic requests. It stated that this happens when requests are detected which seem to violate the terms of service. This was definitely Google.com and not a virus site. I did not complete the captcha. I restarted the PC & cleared browser data which solved the issue, but I’m still extremely worried as to why this came up to begin with. Praying my computer, personal info or worse isn’t compromised.

Norton, MalwareBytes and Super Anti Spyware show no infections. No VPN installed. I am so hoping that it was an extension that I had just installed a matter of minutes before this occurred- Norton Safe Web. It’s supposed to list each search result as safe or untrustworthy. After inspection it appeared that the extension wasn’t working at all so perhaps there was some sort of conflict there that caused this? I see no reports online of this extension causing such a frightening issue. Now I’m kinda panicking about why Google thinks I’m being nefarious. Afraid I could get in trouble for something that’s taken over my PC and causing bad behavior. Really appreciate any insights.

I guess you guys never used a search on a VPN. This is a common occurance.

Happens all the time when using a VPN. Part of the anonymity of the vpn is hundred or even thousands of users are using the same exit node. If a server sees 1000's of different request from same node they might think it's an automated hacker attack. So they verify you are human.

Another thing that trips you up is cookies and previous logon tokens. One second the token appears in Florida ( non VPN) then you start the von and it shows up in Cali 2 seconds later. Since no one can travel that far that fast it raises a red flag for servers.