Enhanced Privacy Virus 208.91.196.4

OK… for some reason Avast Free just started going crazy on two computers…

Windows 7 64 bit
IE11

URL:Mal = IP is blocked, most likely because the IP is blacklisted, malicious website(s) are hosted on that IP.

If you want us to check your system for malware, please follow these instructions:
http://forum.avast.com/index.php?topic=53253.0

That IP address (in your image) is in the British Virgin Islands, Confluence Networks, so it is a bit strange given the domain name enhancedprivacy.eu. This check on the domain returns a different IP address, http://www.urlvoid.com/scan/enhancedprivacy.eu/#report.

Do you have any privacy add-ons in IE11 ?

I have all the privacy lists enabled of which enhanced privacy is one of them. I disabled it but it still flags.

Zulu says it is a parked domain.

whats a parked domain? Ahhh… means its just like a placeholder website.

Interesting thing about this though is it started on both computers at the same time. I’m thinking an update to either the list or avast may be triggering this.

Please follow the instructions in the link I gave you.

Just FYI… I completed a system image earlier and allowed avast to update as normal. Once it updated the pop ups started again.

I just completed another system image and prevented avast from updating and the pop ups are non existent. Looks to be a false positive from avast.

Im currently deep scanning with emsisoft, malwarebytes and avast… we’ll see if anything alerts, I’ll then update avast and see if it triggers again.

Additional info… that IP address is normal.

The IP address in my screenshot is:
http://208.91.196.4/?dn=enhancedprivacy.eu&pid=7PO84Q7C6

If you go into the Privacy list addons in IE > Get more tracking lists > click on Enhanced Privacy List, this particular privacy list’s URL is:
http://www.searchremagnified.com/?dn=enhancedprivacy.eu&pid=7PO84Q7C6

Per http://netiplist.com/domain/searchremagnified.com
searchremagnified = 208.91.196.4 in the British Virgin Islands

Still haven’t had a single pop up…

Still scanning

So deep scans produced nothing.

The moment I updated Avast on one computer the pop ups started again. Surfing on the other computer that hasn’t been updated I get no pop ups… So if indeed that is focused solely on an URL, then the URL is the same on both computers. The only difference between them is the Avast update yesterday afternoon.

I reported as False Positive.

To me it doesn’t seem a false positive.
It is only logical that avast blocks it after the update.
Latest version is offering better protection.
And as David and I pointed out, there is something fishy with that website.

Well… it offers different protection… not necessarily better (may be flawed).

We’ll see. Theres another thread started as well where the OP posted his logs. Either way I dont feel it’s anything on my computer. It has to do with that website and avast.

Hi,

Why would your computer be contacting random sites? Moreso fishy ones? That isn’t normal and I suspect you do have malware active. Please post the logs for review.

Its not a random site. There’s another thread on this where the person posted logs. Might as well close this one out as all the info is over there.

forum.avast.com/index.php?topic=147383.0

I am getting enhanced privacy virus since the new ie11 got installed on March 8.

Richard, just go into manage add ons > tracking protection > remove the enhanced eu tracking list (remove, don’t just disable). There is some kind of discrepancy between avast and that site since the march 8 update. Who knows when avast will address it.

dprout69 thanks that fix the problem