Today checking over my Visa statement I noticed a charge made at the end of July to a company that I don’t recognise. The company name is THG Enterprises INC. I googled the company name and the following came up:–
I clicked on it and instantly something was activated with the following URL address:–
http : //scan.av2008check.com/11006/3/ (NB I have inserted spaces either side of the colon so that there is no hyperlink)
The window that this scan opened up is now awaiting instructions as clicking the cancel button and the close button causes nothing to happen. I don’t wish to procede as I don’t know how or why this was activated without my conscious consent ie there was no option to refuse or cancel the scan action.
As a result of this unsolicited action a report was formed advising me that “harmful and malicious software detected” and the following high alert file names listed:–
ipexewin.exe
audiopitusr.exe
exeiptransfer.exe
Finally there is another window saying that “serious security and privacy threats found on computer. It may damage files or steal personal and financial information. Click OK to start downloading CRITICAL security software update.” NB the “cancel” button doesn’t accept any clicking NOR does the window close.
I still don’t know what the company is and I don’t recall subscribing to additonal security services. The only way that I can see to close the window is boot the machine.
I suppose that this is not associated with avast! but I am hoping that forum members well versed in matters of security, malware, spyware etc can tell me what is going on and why. And more importantly what is and where is the real security threat.
I am now 99.9% convinced that what ever I am talking about in the previous post IS BAD.
I repeated my actions (through google etc) and this time pressed several cancels/ignore before the scan action finished. When I clicked ignore it actually activated something which sent avast! into major warning mode. I clicked the correct button generated by avast and the window closed.
So now what do I do? How did this happen? Who are THG? And how can I stop them? What do I need to stop a repeat.
Antivirus 2008 is a rogue program, scum/scamware that is associated with fake alerts to trick people into purchasing the product.
However, I can’t see how they could make a charge against your Visa inless you visited the site and entered your details. You should however contact Visa and the police if you didn’t do this.
It isn’t a virus as such but rogueware but these programs should hopefully be able to deal with it.
Yeah, you’re right. From what I’ve read in the past 4 or 5 days the 2009 version is a newer or later version of the 2008 crapware. From his mentioning of ‘pop-ups’, I was just wanting to share that other thread to see if he was seeing the same thing.
[i] BTW David,
I’m no longer getting email alerts when a post I’m subscribed to in the forum gets a followup post. I’ve check my personal preferences and all seems in order. Is there a problem with that feature? Thanks. [/i]
sorry to pop a question in here but is Avast going to cover these rogue anti-malware programs via definitions or has Alwil team mentioned anything about them?
the reason being these can be just as dangerous as other malware if people stumble upon them
Thanks everyone for the information and instructions.
There is no way that I purchased this product or filled in my details for something other than what I normally buy – namely books and the odd DVD for my kids. Because of my location (remote Panama) I have to rely on internet shopping to acquire items that keep my kids happy.
Things are a bit distracting now that school is finished for the day so I am better off looking at the “how to eliminate guides” later at a quieter time.
I no longer use that function so I don’t know if there is a problem with it, the only emails I get are notification of PMs.
I much prefer to use the ‘Show new replies to your posts’ function, from your profile. So when I use firefox I have two tabs that are started, The main index.php page showing all Forums and my Profile.
I use the Babylon theme as I like the layout of the header which is at the top of every page, giving easy access to the ‘Show new replies to your posts,’ which displays a list of all topics that I have either started or contributed to that have new posts since my last visit, very handy.
Then you need to beef up your security as somehow they have obtained your card details, most commonly it can be phishing tricking you into giving your details at what you think is a known site, bank, store, when in fact it is a fake site designed to collect your details. There could also be a possibility that a keylogger could capture this type of input. Rapidly use those other tools suggested so as to be sure there isn’t a key logger at work.
Now change your passwords as if one is compromised more could be, ensure they are a little more difficult to guess at least 8 characters, mixed upper and lower case and numbers.
If you don’t already use it, I would suggest firefox as it has an anti-phishing function and also blocking known attack sites. You could also use www.OpenDNS.com as your DNS server as this too will be able to alert you to the fact that the site you are visiting isn’t the one you expected.
I don’t know if this is related but Firefox is not working. It was working fine up until 3 hours ago but now every new link clicked produces nothing. Actually I have just checked with my husband and Firefox on his computer is operating normally.
I am currently on explorer (a facility for emergencies only)
Rick F - I have looked at the link you provided. What I have looks like it comes from the same stable but it is not identical. It is not the 2009 version. What I have also differs in that there is another window on top of the Warning window which says the following…
The page at http : //scan etc etc etc says:
Serious security and privacy threats found on your computer. It may damage your files or steal
your personal and financial information.
Click “OK” to start downloading CRITICAL security software update.
OK Cancel
I am not clicking on the OK button and clicking on Cancel one produces no result. Repeatedly no results regardless of number of times it is consecutively clicked.
My question here is how can I close the window that is jammed open and if there is a way to close it before I do implement all the suggestions made in this thread do I jeopardise my vital information?
Should I disconnect my computer now and pick this up on my husband’s computer when he gets home? Have I already risked everything by not disconnecting instantly?
I am quite scared now.
UPDATE : The uncloseable window is gone. I went to options in the Firefox tools drop down box to look at security options there but before I could do anything further Firefox went into not responding mode and I closed it. and opened it anew.
You can close any active window by holding down the ‘Alt’ key and then press ‘F4’. The 2008 and 2009 version are similar, but both should be able to be handled by running “MalwareBytes” that David recommended.
You can block your computer from trying to access any of those addresses by using avast’s ‘Webshield’.
Click avast blue ball near your clock, click ‘webshield’, then ‘customize’. When that window opens, click the ‘URL Blocking Tab’. Click ‘enable URL blocking’ and then click the ‘add’ button and type in the URL that application is trying to go to… For me it was
http: //power-antivirus (added a space to break hot link)
http: //scan.power* (added space to break hot link)
UPDATE : The uncloseable window is gone. I went to options in the Firefox tools drop down box to look at security options there but before I could do anything further Firefox went into not responding mode and I closed it. and opened it anew.
UPDATE : The uncloseable window is gone. I went to options in the Firefox tools drop down box to look at security options there but before I could do anything further Firefox went into not responding mode and I closed it. and opened it anew.
UPDATE NUMBER 2. I have also just verified the charge on my credit card. It is legitimate.
So now that the window is closed and “IT” is not active (really don’t know what I am saying here) am I to understand that I can proceed with the remedies without problem (though of course I am sure that I will be resorting to the wonderful assistance found here again if I am not clear about something).
I would suggest you download and run the “MalwareBytes” for sure. There are a number of folks that report that it does in fact remove it all. Depends on whether or not this ‘scumware’ has morphed (changed).
Here’s a link to a video on how Antivirus 2008 infects a user’s PC. This is by Enigma Software - so they’re trying to sell their product SpyHunter. But you can see some of the screens and how they lure people into purchasing that scumware.
Report the findings, they should product a log file, etc.
[/quote]
It is great that you have all given me so much information. However downloading is the easy part it is what to do next and how to manage these programmes and make them work for you. I am not even remotely computer lit or savvy
David, You provided 2 different malware downloads. I have only chosen one but let me know if I am wrong and need them both. I chose RogueRemover which I downloaded --and got it to perform a scan - result ALL CLEAR. Tell me is it normal for the bar at the bottom of the window to fill up with green and stay like that?
spyware pro version offers more than the home version and I am deciding between pro and home. Am I right in assuming that the price is a one off cost and that there are no annual charges?
the Open DNS has stalled during the installation process. I get an “error opening file for writing message”. I then press abort. I have activated my account.
I should tackle this again in the cold hard light of day.