Author Topic: Unauthorised SCAN activated.  (Read 33447 times)

0 Members and 1 Guest are viewing this topic.

Offline nicla

  • Jr. Member
  • **
  • Posts: 52
Unauthorised SCAN activated.
« on: August 11, 2008, 06:00:44 PM »
I am hoping someone can help me with this one.

Today checking over my Visa statement I noticed a charge made at the end of July to a company that I don't recognise.  The company name is THG Enterprises INC.  I googled the company name and the following came up:--

Thg enterprises inc
Software may wholly compile permitted in an thg enterprises inc language, ... One thg enterprises inc for which annual inventors suffer is the msx. ..
bellipolitica.altervista.org/free/db/_images/thermal-snap-switch/thg-enterprises-inc.html

I clicked on it and instantly something was activated with the following URL address:--
http : //scan.av2008check.com/11006/3/   (NB I have inserted spaces either side of the colon so that there is no hyperlink)

The window that this scan opened up is now awaiting instructions as clicking the cancel button and the close button causes nothing to happen.  I don't wish to procede as I don't know how or why this was activated without my conscious consent ie there was no option to refuse or cancel the scan action.

As a result of this unsolicited action a report was formed advising me that "harmful and malicious software detected" and the following high alert file names listed:--

ipexewin.exe
audiopitusr.exe
exeiptransfer.exe

Finally there is another window saying that "serious security and privacy threats found on computer.  It may damage files or steal personal and financial information.  Click OK to start downloading CRITICAL security software update."  NB the "cancel" button doesn't accept any clicking NOR does the window close.

I still don't know what the company is and I don't recall subscribing to additonal security services.  The only way that I can see to close the window is boot the machine.

I suppose that this is not associated with avast! but I am hoping that forum members well versed in matters of security, malware, spyware etc can tell me what is going on and why.  And more importantly what is and where is the real security threat.


« Last Edit: August 11, 2008, 06:13:59 PM by nicla »

Offline nicla

  • Jr. Member
  • **
  • Posts: 52
Re: Unauthorised SCAN activated.
« Reply #1 on: August 11, 2008, 06:10:45 PM »
UPDATE

I am now 99.9% convinced that what ever I am talking about in the previous post IS BAD.

I repeated my actions (through google etc) and this time pressed several cancels/ignore before the scan action finished.  When I clicked ignore it actually activated something which sent avast! into major warning mode.  I clicked the correct button generated by avast and the window closed. 

So now what do I do?  How did this happen?  Who are THG?  And how can I stop them?  What do I need to stop a repeat.

Please help.




Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Unauthorised SCAN activated.
« Reply #2 on: August 11, 2008, 07:28:13 PM »
Antivirus 2008 is a rogue program, scum/scamware that is associated with fake alerts to trick people into purchasing the product.

However, I can't see how they could make a charge against your Visa inless you visited the site and entered your details. You should however contact Visa and the police if you didn't do this.

It isn't a virus as such but rogueware but these programs should hopefully be able to deal with it.

Start with the programs in order:
Try this tool first, RogueRemover, available here http://www.malwarebytes.org/rogueremover.php

If you haven't already got this software (freeware), download, install, update

MalwareBytes Anti-Malware freeware version http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml.

SUPERantispyware On-Demand only in free version.

Report the findings, they should product a log file, etc.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: Unauthorised SCAN activated.
« Reply #3 on: August 11, 2008, 07:58:39 PM »
nicla,

Look in this thread for the images attached to see if they look like what you were seeing.  If so, it is a rogue AV like David said.

Can Avast stop this virus or adware?
http://forum.avast.com/index.php?topic=37714.0

The link that I used for Antivirus 2009 (might be the exact same utility that David linked you to) was this one:

http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009

Hope this helps.
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Unauthorised SCAN activated.
« Reply #4 on: August 11, 2008, 08:13:51 PM »
I think we may be dealing with anti-virus 2008 "scan.av2008check.com" and hopefully not the 2009 variant which is more of a pig to remove.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: Unauthorised SCAN activated.
« Reply #5 on: August 11, 2008, 08:26:33 PM »
Yeah, you're right.  From what I've read in the past 4 or 5 days the 2009 version is a newer or later version of the 2008 crapware.  From his mentioning of 'pop-ups', I was just wanting to share that other thread to see if he was seeing the same thing.

BTW David,

I'm no longer getting email alerts when a post I'm subscribed to in the forum gets a followup post.  I've check my personal preferences and all seems in order.  Is there a problem with that feature?  Thanks.
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline sanctuaryforever

  • Sr. Member
  • ****
  • Posts: 252
Re: Unauthorised SCAN activated.
« Reply #6 on: August 11, 2008, 08:51:17 PM »
sorry to pop a question in here but is Avast going to cover these rogue anti-malware programs via definitions or has Alwil team mentioned anything about them?

the reason being these can be just as dangerous as other malware if people stumble upon them
Celeron 1.30Ghz, 1Gb ram, Windows XP SP3 32-bit

running Avast 6.0.1289

Offline nicla

  • Jr. Member
  • **
  • Posts: 52
Re: Unauthorised SCAN activated.
« Reply #7 on: August 11, 2008, 08:55:36 PM »
Thanks everyone for the information and instructions. 

There is no way that I purchased this product or filled in my details for something other than what I normally buy -- namely books and the odd DVD for my kids.  Because of my location (remote Panama) I have to rely on internet shopping to acquire items that keep my kids happy.

Things are a bit distracting now that school is finished for the day so I am better off looking at the "how to eliminate guides" later at a quieter time.


Many thanks



Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Unauthorised SCAN activated.
« Reply #8 on: August 11, 2008, 11:40:31 PM »
<snip>
BTW David,

I'm no longer getting email alerts when a post I'm subscribed to in the forum gets a followup post.  I've check my personal preferences and all seems in order.  Is there a problem with that feature?  Thanks.


I no longer use that function so I don't know if there is a problem with it, the only emails I get are notification of PMs.

I much prefer to use the 'Show new replies to your posts' function, from your profile. So when I use firefox I have two tabs that are started, The main index.php page showing all Forums and my Profile.

I use the Babylon theme as I like the layout of the header which is at the top of every page, giving easy access to the 'Show new replies to your posts,' which displays a list of all topics that I have either started or contributed to that have new posts since my last visit, very handy.
« Last Edit: August 11, 2008, 11:55:56 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Unauthorised SCAN activated.
« Reply #9 on: August 11, 2008, 11:42:14 PM »
sorry to pop a question in here but is Avast going to cover these rogue anti-malware programs via definitions or has Alwil team mentioned anything about them?

the reason being these can be just as dangerous as other malware if people stumble upon them

It does detect some of the fake alerts stuff, but lets not loose sight of the fact that they aren't viruses but scum/scamware.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Unauthorised SCAN activated.
« Reply #10 on: August 11, 2008, 11:55:30 PM »
There is no way that I purchased this product or filled in my details for something other than what I normally buy -- namely books and the odd DVD for my kids.  Because of my location (remote Panama) I have to rely on internet shopping to acquire items that keep my kids happy.

Things are a bit distracting now that school is finished for the day so I am better off looking at the "how to eliminate guides" later at a quieter time.

Then you need to beef up your security as somehow they have obtained your card details, most commonly it can be phishing tricking you into giving your details at what you think is a known site, bank, store, when in fact it is a fake site designed to collect your details. There could also be a possibility that a keylogger could capture this type of input. Rapidly use those other tools suggested so as to be sure there isn't a key logger at work.

Now change your passwords as if one is compromised more could be, ensure they are a little more difficult to guess at least 8 characters, mixed upper and lower case and numbers.

If you don't already use it, I would suggest firefox as it has an anti-phishing function and also blocking known attack sites. You could also use www.OpenDNS.com as your DNS server as this too will be able to alert you to the fact that the site you are visiting isn't the one you expected.

What is your firewall ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline nicla

  • Jr. Member
  • **
  • Posts: 52
Re: Unauthorised SCAN activated.
« Reply #11 on: August 12, 2008, 01:09:58 AM »
I don't know if this is related but Firefox is not working.  It was working fine up until 3 hours ago but now every new link clicked produces nothing.  Actually I have just checked with my husband and Firefox on his computer is operating normally. 

I am currently on explorer (a facility for emergencies only)

Rick F - I have looked at the link you provided.  What I have looks like it comes from the same stable but it is not identical.  It is not the 2009 version. What I have also differs in that there is another window on top of the Warning window which says the following.................

________________________________________________________________________________
The page at http : //scan etc etc etc says:

Serious security and privacy threats found on your computer.  It may damage your files or steal
your personal and financial information.

Click "OK" to start downloading CRITICAL security software update.

                                           OK                          Cancel
________________________________________________________________________________

I am not clicking on the OK button and clicking on Cancel one produces no result. Repeatedly no results regardless of number of times it is consecutively clicked.

My question here is how can I close the window that is jammed open and if there is a way to close it before I do implement all the suggestions made in this thread do I jeopardise my vital information? 

Should I disconnect my computer now and pick this up on my husband's computer when he gets home?  Have I already risked everything by not disconnecting instantly? 

I am quite scared now. 


UPDATE :  The uncloseable window is gone.  I went to options in the Firefox tools drop down box to look at security options there but before I could do anything further Firefox went into not responding mode and I closed it.  and opened it anew. 










« Last Edit: August 12, 2008, 01:32:13 AM by nicla »

Offline wyrmrider

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1298
Re: Unauthorised SCAN activated.
« Reply #12 on: August 12, 2008, 01:37:38 AM »
first do download the fake security software

what can you run?
some choices
A safe mode scan with avast
Malware Bytes Rogue Remover
F-Protect on line scan

can you kill the process with task manager ctl alt del

ps - there has been no scan- they're jerking your chain

could you run the Scans that DavidR mentioned in his first post?


Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: Unauthorised SCAN activated.
« Reply #13 on: August 12, 2008, 01:40:14 AM »
<snip>

Rick F - I have looked at the link you provided.  What I have looks like it comes from the same stable but it is not identical.  It is not the 2009 version. What I have also differs in that there is another window on top of the Warning window.

Should I disconnect my computer now and pick this up on my husband's computer when he gets home?  Have I already risked everything by not disconnecting instantly? 

I am quite scared now. 

You can close any active window by holding down the 'Alt' key and then press 'F4'. The 2008 and 2009 version are similar, but both should be able to be handled by running "MalwareBytes" that David recommended.

Here's that link again:
http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009

A link to get rid of AV2008:
http://www.bleepingcomputer.com/malware-removal/antivirus-2008

You can block your computer from trying to access any of those addresses by using avast's 'Webshield'.

Click avast blue ball near your clock, click 'webshield', then 'customize'.  When that window opens, click the 'URL Blocking Tab'.  Click 'enable URL blocking' and then click the 'add' button and type in the URL that application is trying to go to... For me it was

http: //*power-antivirus* (added a space to break hot link)
http: //scan.power* (added space to break hot link)

- see image below -
http://forum.avast.com/index.php?action=dlattach;topic=37714.0;attach=26201;image

Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: Unauthorised SCAN activated.
« Reply #14 on: August 12, 2008, 01:41:51 AM »
first do download the fake security software

WHAT!?  Don't download that!! Close the window if you can.
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,