sansasecurity.com

[gmc]

Anyone have any ideas how to get rid of this? It keeps trying to send my IP address and I thougbht initially it was part of the security update programme bit when I checked with them they said no. I have online support but all they can tell me is it's not a virus but some kind of malware. It's driving me up the wall popping up every few minutes and stopping what I'm doing.

[Scrat]

I got one from somewhere and I hit it with my McCaffe and it went away. Same thing but it wants me to take surveys and crap.

[Snowfire]

gmc;1354367 wrote: Anyone have any ideas how to get rid of this? It keeps trying to send my IP address and I thougbht initially it was part of the security update programme bit when I checked with them they said no. I have online support but all they can tell me is it's not a virus but some kind of malware. It's driving me up the wall popping up every few minutes and stopping what I'm doing.


There are far more professional members here that will advise but can I suggest a free Antispyware that has proved invaluable to me in the past for similar irritants.

SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

There is a free edition that will do a complete scan and deal with the malware you have.

I scan with this occasionally even though I have Spyware doctor with an antivirus engine. It often picks up those irritating things that sometimes get missed by other software

[gmc]

I did have a load of viruses that had been quarantined by the security software but somewhere in an e-mail archive. I use thunderbird so i removed it and removed every folder I could find to do with thunderbird and that seems to have done the trick so far as the viruses are concerned - hopefully it will take out the malware as well. I am about to re-install thunderbird so I'll see. Haven't had any problems for some years but this seems to be e-mail related. I get a lot of spam.It's annoying.

[gmc]

:-5:-5:-5:-5:-5

[spot]

Can we have a try getting to the bottom of this, it's puzzling me.

Firstly, there is no sansasecurity.com domain. Where do you get the name from? May we have a description of what you see which worries you?

[LarsMac]

I take it you started seeing it again after re-installing TBird?

Can you get a screen print of the thing?

Sounds like something is lodged in your registry.

[Wandrin]

spot;1358106 wrote: Can we have a try getting to the bottom of this, it's puzzling me.

Firstly, there is no sansasecurity.com domain. Where do you get the name from? May we have a description of what you see which worries you?


I would love to see what a good firewall would report as to the IP address used when trying to connect to that non-existant domain. Sandisk sold a lot of Sansa mp3 players, but I don't recall any security program for them, let alone a domain. But there is this interesting report: Mr. George Abraham, Sansa Security Company Madrid - Anti-Fraud International

[gmc]

Sorry guys I missed these replies.

posted by spot

Can we have a try getting to the bottom of this, it's puzzling me.

Firstly, there is no sansasecurity.com domain. Where do you get the name from? May we have a description of what you see which worries you?


My ISP is Virgin media and I have their security suite. I have the privacy manager set so it reports every time somethingh asks for my ip address or host name. Most of the time I recofgnise what it is ir know the website is asking but this sansasecurity keeps cropping up. Virgin media don't seem to know what it is and I know a couole of IT guys who are aware of it but don't know the source. Virgin media mentioned they had some problems with a key stroke following virus that masqueraded as part of the security software.

At first I thought it was in fact part of the security software but it was very irritating that was what prompted me to do a search but it came up as being in AVG which I do not have and thart's what made me suspicious. When i search it doesn't show up yet when using the internet it keeps popping up, often enough to be really irritating and get in the way.

posted by larsmac

I take it you started seeing it again after re-installing TBird?

Can you get a screen print of the thing?

Sounds like something is lodged in your registry.




You're right it did. I'll get a screen print if I can. Seems to go through phases, nit much activity then wham. I use financial services sites a lot and it's usually on them it pops up.

[spot]

"Privacy Manager" is a good hook to check against. Every Privacy Manager I've heard of checks to see whether you're sending your real name or any real-world contact details off-site, and warns you if you're about to. Which, when accessing financial services sites, you'd expect to happen. You're sure it isn't that?

It doesn't sound remotely like the behaviour or any trojan or keylogger I've come across. What you've got, whatever it is, is advertising its presence to you.

As for Virgin's security suite I'd sooner eat worms but that's just me. And yes, if you have the chance to screen-capture it in action we'll be delighted to see it. If the screen capture shows private information, remember to blank that out before you upload it here.

[gmc]

spot;1358178 wrote: "Privacy Manager" is a good hook to check against. Every Privacy Manager I've heard of checks to see whether you're sending your real name or any real-world contact details off-site, and warns you if you're about to. Which, when accessing financial services sites, you'd expect to happen. You're sure it isn't that?

It doesn't sound remotely like the behaviour or any trojan or keylogger I've come across. What you've got, whatever it is, is advertising its presence to you.

As for Virgin's security suite I'd sooner eat worms but that's just me. And yes, if you have the chance to screen-capture it in action we'll be delighted to see it. If the screen capture shows private information, remember to blank that out before you upload it here.


Quite sure it's not the site asking. The security suite is a free add on (well not eally cos i pay for the service) If you're not terribly IT literate it's as good as any. I keep meeting people who have had problems with macafee or norton so it suits me.

[spot]

I'd have problems with MacAfee or Norton too, it's not just the not terribly IT literate. Besides, I'm feeling less and less IT literate as each year passes.

And no, I didn't think it was the site asking, I thought maybe it was your computer asking whether you were sure you really wanted the details being sent off-site.

[LarsMac]

If you are using Windoze, boot up in "Safe Mode" and

open the registry editor and do a search for the 'sansasecurity' string.

it's a little tedious, but log each time it's found in the registry, and then look at them to see what entries there are.

Also look for stuff in your startup folders that you don't know why it's there.

[Wandrin]

I found a reference that said that sansasecurity.com was purchased by AVG Technologies, but it is probably out of date. The IP address listed is 212.67.88.92 in the Czech Republic, routed by AS-Pragonet. The IP address is registered to avq.co.uk. The description I found said that they have/had an anti-virus and security tool.

[Bryn Mawr]

Wandrin;1358209 wrote: I found a reference that said that sansasecurity.com was purchased by AVG Technologies, but it is probably out of date. The IP address listed is 212.67.88.92 in the Czech Republic, routed by AS-Pragonet. The IP address is registered to avq.co.uk. The description I found said that they have/had an anti-virus and security tool.


It's been some years since you went to the Grisoft address in Prague for updates to AVG but that was their startup address.

[gmc]

spot;1358185 wrote: I'd have problems with MacAfee or Norton too, it's not just the not terribly IT literate. Besides, I'm feeling less and less IT literate as each year passes.

And no, I didn't think it was the site asking, I thought maybe it was your computer asking whether you were sure you really wanted the details being sent off-site.


Presumably the comoputer was only going to do so becaeuse the site asked for the info. That's what i meant.

posted by bryn mawr

It's been some years since you went to the Grisoft address in Prague for updates to AVG but that was their startup address.


I did use to use AVG. But not foe some years and so far as I know there is no trace of it left on my cumputer

[gmc]

Just did a search for avg. Turns out there are files within virgin media. I will get back once I have chatted to the support line.

[gmc]

This is the "conversation" i had with the online suopport

David-Allan: Hi! My name is David-Allan and I will be your Virgin Media Digital Home Support Adviser. One moment please while I review your account.

08:40 David-Allan: Thank you, I have your account up. How can I help you today?

08:42 MR This is something I have aske about before. I have been having problems with something called sansasecurity.com trying to send out my IP address - the privacy manager is picking it up. No one seemed to know what it is. It seemed to be connected to AVG. On doing a search for avg on my computer it turns out there are several avg files the within virgin security files. Is this the way it should be? If so how come nobody in virgin was aware of it?



08:45 David-Allan: Virgin security is based on the AVG software. The guys you speak to in technical services are not trained on all aspects of the software#

08:47 MR In that case should I be allowing sansasecurity to send out my IP address? I became concerned because there was no apparent connection to the virgin security software. I have also asked this question of the on line support team before and no one knew what it was.

08:48 MR I might add that at times it tries to send it out numerous times especially when i am using financial services sites.

08:50 David-Allan: your i.p address doesnt give out any information about what your doing on your system so its not something to worry about but if give me a few minutes i'll do a little research in to that domain.

08:55 David-Allan: Before we go any further, I must ask you a few authentication questions to verify your Virgin Media account...

08:55 David-Allan: Could you please tell me what the [3rd] and [4th] letters or numbers of your Virgin Media account password are?

08:57 MR

08:57 David-Allan: thanks

08:58 David-Allan: thanks, thats your account validated, just so I can add this to your account incase you have further issues

09:12 David-Allan: ok I can't seem to see anything that would cause me to have any concerns over this domain, if your worried about this you would have to speak to technical services again and ask them to upgrade this to 2nd level support

09:18 MR Look if this is something on my computer because i have subscribed to virgin media security I don't see why I should have to upgrade and pay more to find out what it is. I also have difficulty accepting that no one in technical services is aware of it. I can't be the only PAYING client having this issue. If you don't know why my IP address would be sent to this domain or indeed whether it shopuld be sent it rather suggests there is something wriong. Will you please find out what and get back to me. This is the thiord or fourth time i have enquired about this and the reason i signed up to the online support






OK perhaps you shouldn't reply to things immedialtely when annoyed. But tell me is it inreasonable expect them to know what their software is doing and why?

[spot]

I'm also on Virgin but I came from the Telewest part of the merger. I think your Privacy Manager used to be ntl:Netguard.

Anyway, there must be a configure option for it. It's where you add your name and address and account numbers and phone details, so that if any program tries to include that information you get the pop-up asking whether it's okay. You'd test it by sending an email with some of that detail, and see whether it gets queried before it's sent.

I can't think of a single reason why your IP address should be considered private information. It's very public information. What would be bad is if it were sent alongside detail that personally identified you.

If it's just the IP address that the pop-up is querying, then the IP address has somehow got into your Privacy Manager configured set of watch-for-this information. Go into the configuration and see if it's there. If it is and if you remove it then your pop-ups will stop. You can take the opportunity to put all your really sensitive information in there instead.

[gmc]

spot;1358242 wrote: I'm also on Virgin but I came from the Telewest part of the merger. I think your Privacy Manager used to be ntl:Netguard.

Anyway, there must be a configure option for it. It's where you add your name and address and account numbers and phone details, so that if any program tries to include that information you get the pop-up asking whether it's okay. You'd test it by sending an email with some of that detail, and see whether it gets queried before it's sent.

I can't think of a single reason why your IP address should be considered private information. It's very public information. What would be bad is if it were sent alongside detail that personally identified you.

If it's just the IP address that the pop-up is querying, then the IP address has somehow got into your Privacy Manager configured set of watch-for-this information. Go into the configuration and see if it's there. If it is and if you remove it then your pop-ups will stop. You can take the opportunity to put all your really sensitive information in there instead.


I too came from the telewest side of it.

In the privacy manager as well as the keyword list there are two options, scan for IP address, scan for host name, I assumed it was important they were not sent without your knowing it - otherwise why have them as options? I don't even know what the IP address is and probably would just tell it to send it except it asked time after time after time even after I clicked allow. So I queried what was going on. I was given then inpression there had been an issue with a keystroke tracking virus maqquerading as part of the security software - hemnce my concern. I don't leave passwords etc on my computer or have any electronic logging on programmes but log in using passwords. If it doesn't matter they should just have said so but it annoys me that they don't seem to know or seem particularly bothered. It hasn't been doing it recently - seems it is quiet for a spell and then just starts up again. haven't worked ouit if anything in particular triggers it. I did have a load of viruses, quarantined by the virgin security system that picked them up. I eventually deleted them all by removing and re-installing the thunderbird software, so i've been concerned i;ve gopt something on my computer.

[spot]

Here's my thinking.

If there's a keylogger - which I'm convinced there isn't - then it would get caught with the keywords which matter. Like your surname or bank account code or the like. Trapping the transmission of your IP address, while there might be circumstances where you'd want to know it happened, isn't a security risk at all and if I were you I'd deselect both that and the IP hostname.

The sansasecurity.com destination, as Bryn noted, is an old name for a perfectly legitimate part of the AVG suite. Anything being sent to that address in Prague is legitimate, given that you're using the Virgin Security Suite.

It's not surprising the help desk staff know nothing about it, they're following scripts to get users back into a functional state. Line 2 support has staff who do know things. In this instance you've no reason to bother them and raise your blood pressure, you can just switch off the notifications without prejudicing your security.

[gmc]

spot;1358252 wrote: Here's my thinking.

If there's a keylogger - which I'm convinced there isn't - then it would get caught with the keywords which matter. Like your surname or bank account code or the like. Trapping the transmission of your IP address, while there might be circumstances where you'd want to know it happened, isn't a security risk at all and if I were you I'd deselect both that and the IP hostname.

The sansasecurity.com destination, as Bryn noted, is an old name for a perfectly legitimate part of the AVG suite. Anything being sent to that address in Prague is legitimate, given that you're using the Virgin Security Suite.

It's not surprising the help desk staff know nothing about it, they're following scripts to get users back into a functional state. Line 2 support has staff who do know things. In this instance you've no reason to bother them and raise your blood pressure, you can just switch off the notifications without prejudicing your security.


Thanks for the help, I'll take your advice and stop bothering about it.