Author Topic: RK_Pihar_Group  (Read 3107 times)

0 Members and 1 Guest are viewing this topic.

gajazz

  • Guest
RK_Pihar_Group
« on: September 05, 2012, 04:30:20 AM »
Hello, I have been using avast for along time.
I recently recieved this email from comcast
Dear XFINITY Customer,
XFINITY identified one or more of your computers may be infected with a bot. You might have already seen an Alert from XFINITY informing you about bot activity.
We strongly recommend you take action to remove malicious software from your computers.
We appreciate your prompt attention to this important security notice.
Sincerely,
Constant Guard from XFINITY


I went to this site which told me

Constant Guard™ from XFINITY has identified that one or more of your computers may be infected with a bot.

It told me I was infected with RK_Pihar_Group

A google search shows only other comcast users asking about this .

Could this be a scam so you PAY comcast to fix your computer? (LOL)


Professional Virus Removal
Fix It For Me
 Get virus removal and security support from trained tech experts.
■24/7 Virus Removal Support
■North America-Based Tech Experts
■Live Remote or On-Site Support
■Fast, Convenient Expert Help
Call for a FREE Quote855-550-3678

Thanks in advance!!


Theo Peterbroers

  • Guest
Re: RK_Pihar_Group
« Reply #1 on: September 05, 2012, 06:31:18 AM »
Hi gajazz,

RK_Pihar_Group doesn't ring a bell. There is however,  a Pihar family of rootkits.

Are you a Comcast XFINITY customer? As I understand from their forum http://forums.comcast.com/t5/Security-and-Anti-Virus/Suspected-quot-bot-quot-Activity-email-from-Comcast/td-p/1397701, they have two Constant Guard™ services on offer.

If you have Constant Guard Protection Suite on your pc, you may be running Norton Security Suite. Since you're saying to be an avast user, that would mean two antivirus products on the same pc. This is advised against, since each antivirus gets in the way of the other. Please uninstall either one or the other; NSS of course, as this is an avast forum. Singular labs links to instructions and a tool for this http://singularlabs.com/uninstallers/security-software/. And do read the instructions.

Next step would be to see if your pc is infected and remove the infection. Our volunteer malware removal specialists require you to gather some info on your pc, and attach the resulting logfiles to your next post in this thread. Here are instructions http://forum.avast.com/index.php?topic=53253.0

The other Constant Guard service runs on Comcast servers and seems to monitor your Internet traffic pattern. Hence they could determine your pc might be part of a botnet. I don't think a free cleanup of your pc is part of the XFINITY offering. So yes, Comcast would like you to pay for this http://xfinity.comcast.net/constantguard/botassistance/dnsbot.

Comcast/XFINITY wouldn't scam their customers, so please do take steps to cleanup your computer. On this forum, advice is free; but due to different time zones it will take a little longer.

Best regards,


« Last Edit: September 05, 2012, 08:58:47 AM by Kwartet! »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: RK_Pihar_Group
« Reply #2 on: September 05, 2012, 05:06:22 PM »
Hi gajazz,

A qualified removal expert has been alerted to your posting and will soon look into the matter.
Follow his instructions to the dot. With him you are in the best of hands,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

argus

  • Guest
Re: RK_Pihar_Group
« Reply #3 on: September 05, 2012, 06:27:27 PM »

gajazz

  • Guest
Re: RK_Pihar_Group
« Reply #4 on: September 07, 2012, 06:05:00 AM »
I have malwarebytes pro installed .
Havent used norton or symantec products in years
I use avast and recomend it and malwarebytes  to all my friends

I did end up calling comcast security assurance desk.
They checked and said not to worry they could find nothing
(actually not very helpfull in why I got the email)
 So, I do recomend for anyone that get one of these emails
 to call comcast security assurance and ask them to check BEFORE getting their " professional " help.
I have copied the post I found with contact info for comcast

You can contact the Comcast Customer Security Assurance Department: and they will be able to verify what was detected and if anything has been detected since that time.  This is a free service and they are usually pretty helpful.
Business Hours:6:00 am – 2:00 am EST
 7 days a week

Contact:(888) 565-4329