Malware

For a couple of months I have been dealing with a Comcast popup box with Constant Guard that shows up in every browser I use in both Linux and Windows.

Scans of malware, virus, and rootkits have come up negative.

Popup blockers and disable script also are ineffective.

If you click on it, it takes you to Comcast’s website, so I think they made it.

I called Comcast and nobody knows anything about it.

I got their corporate address thinking I would send a letter to them about it.

Anyone have any experience with this or other ideas ?

Thanks.

Constant Guard is a Comcast product, so yea, it might as well be malware. The Constant Guard web site refers to a “Customer Security Assurance Department,” have you tried contacting them?

Constant Guard - Contacts

Is comcast your ISP?
Do you use DNS provided by them?

I too have Comcast one thing you might want to try is to change your Servers to OpenDNS.
Like here:
http://imageshack.us/a/img209/2821/jwy.th.png](http://imageshack.us/photo/my-images/209/jwy.png/)

I get free internet as a free service, but it is an open network at my apartments.

I tried setting it up with WPA2, but you have to pay a monthly charge.

ipconfig gives this.

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.tx.comcast.net. I think this means that Comcast is the internet provider.
___________________
Since clicking on the popup goes to Comcast’s website, I tend to believe that it was made by Comcast.

Calls to Comcast led to answers like:

“I am not aware of that.”

“Have you used a malware and virus scanner ?”

“I talked to the guy in the software department and they do not know what it is.”

I may send a certified letter to one of their corporate offices.

And/or use my dialup.

Connect speed is a constant 53K which is better than I have gotten in the past.

I am evaluating this to see if it offers some more protection.
Spotflux Free VPN

Take care,
Andy

On Thu 05 Sep 2013 05:56:02 PM CDT, andy77586 wrote:

I get free internet as a free service, but it is an open network at my
apartments.

I tried setting it up with WPA2, but you have to pay a monthly charge.

ipconfig gives this.

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.tx.comcast.net. I think
this means that Comcast is the internet provider.


Since clicking on the popup goes to Comcast’s website, I tend to believe
that it was made by Comcast.

Calls to Comcast led to answers like:

“I am not aware of that.”

“Have you used a malware and virus scanner ?”

“I talked to the guy in the software department and they do not know
what it is.”

I may send a certified letter to one of their corporate offices.

And/or use my dialup.

Connect speed is a constant 53K which is better than I have gotten in
the past.

I am evaluating this to see if it offers some more protection.
‘Spotflux Free VPN’ (http://www.spotflux.com/)

Take care,
Andy

Hi
If you manually set the nameservers in /etc/resolv.conf you can use
those instead. In my router there is no option to change, so manually
set them…


nameserver 208.67.222.222
nameserver 208.67.220.220


Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 12.3 (x86_64) GNOME 3.8.4 Kernel 3.7.10-1.16-desktop
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

What will doing that do ?

I found out from the manager that the network I have been using is not theirs.

I think I was picking up another signal thinking that it belonged to the apartment.

My apartment is out of range where I live.

I have disabled that unsecured open network.

(Whoever has setup an unsecured wireless network is asking for trouble.

Comcast told me they(owner of unsecured network) have a serious virus problem.)

I am now trying to get my new Linux capable modem setup and running.

I made a more detailed post in the Hardware section.

Andy

Sounds like a Mitm attack to me, well not really an attack more like an exploitation really. I never trust any open free networks I find just hanging out there for anybody to use.

On 2013-09-05 21:26, andy77586 wrote:
> What will doing that do ?

My mobile ISP uses their DNS to reroute my http browsing to a server
they own to tell me I have overdrawn my monthly download/upload
capacity. Likewise, they can do other things: blocking sites, rerouting
to commercial advertising, etc.

Using an external DNS bypass their tinkering.

But not your case.


Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)