Welch Company
San Francisco, CA
S U M M A R Y
DIARY: November 22, 2010 11:16 AM Monday;
Rod Welch
Google search redirect virus malware investigate Comcast.
1...Summary/Objective
2...Virus Google Search Redirection Trend Micro Support
..............
Click here to comment!
CONTACTS
0201 - Trend Micro, Inc.
020101 - Ms. Elena (Len) Quitoriano; Customer Support Representative
020103 - Consumer Support Team
0202 - Comcast Corporation
020201 - Mr. Customer Assistant
020203 - Customer Support Department
SUBJECTS
Comcast Offers Free Norton Utilities Virus Protection May Replace Pc
1903 -
1903 - ..
1904 - Summary/Objective
1905 -
190501 - Follow up ref SDS 4 0000, ref SDS 3 0000.
190502 -
190503 -
190504 -
190506 - ..
1906 -
1907 -
1908 - Progress
1909 -
190901 - For the past 6 months or so, there has been continuous redirection of
190902 - search results using Google. Cache results display, but this makes it
190903 - very diffucult to cite sources.
190905 - ..
190906 - Research found redirection of Google searches may be caused by virus,
190907 - reported on 101031 1719, ref SDS 4 ML6G
190909 - ..
190910 - Ran reimage and it reported finding no virus threats. ref SDS 4 4P3F
190912 - ..
190913 - Comcast sent a letter saying...
190914 -
190915 - 1. Subject: Comcast Security Service Announcement
190916 - Date: Thu, 18 Nov 2010 20:58:43 +0000 (GMT)
190923 - ..
190924 - 2. We are committed to providing you with the best and safest
190925 - online experience possible.
190927 - ..
190928 - 3. As part of our ongoing efforts to help protect you while you
190929 - are online, we are launching Constant Guard™ for High-Speed
190930 - Internet customers in your area. Constant Guard is the result
190931 - of a multi-year effort to create a comprehensive approach to
190932 - protect our customers from increasingly sophisticated online
190933 - security threats.
190935 - ..
190936 - 4. The Constant Guard service consists of:
190937 -
190938 - 1. Customer Security Assurance: Highly skilled security
190939 - professionals who proactively contact customers to respond
190940 - to issues relating to spam, virus-infected computers, and
190941 - other security-related issues.
190943 - ..
190944 - 2. Education: Our online security website includes real-time
190945 - security alerts, tips, tools and other resources that help
190946 - educate and protect consumers. For more details please
190947 - visit...
190948 -
190949 - http://www.comcast.net/security.
190951 - ..
190952 - 3. World-Class Technology:
190954 - ..
190955 - 5. Need to download the Norton Security Suite? Click Here
190956 -
190957 - http://security.comcast.net/norton/resi/?cid=NET_33_349
190959 - ..
190960 - 6. Need to remove a Bot or malware? Visit the Constant Guard
190961 - Center
190962 -
190963 - http://security.comcast.net/get-smart/?cid=NET_33_350
190965 - ..
190966 - 7. Need the latest information and tips on security issues? Visit
190967 - the Security Website
190968 -
190969 - http://security.comcast.net/get-smart/?cid=NET_33_350
190971 - ..
190972 - 8. Need to contact Comcast's Security Assurance Team? Get Help
190973 -
190974 - http://security.comcast.net/get-help/contact-comcast-security.aspx?cid=NET_33_3
190975 -
190976 - 1. Proactive Bot Notification: As a new feature of the
190977 - Constant Guard service, we may email a "Service Notice" to
190978 - your Comcast primary email address if we believe one or
190979 - more of your computers may be infected with a type of virus
190980 - called a Bot. A Bot is a malicious form of software that
190981 - could use your computer to send spam, host a phishing site,
190982 - or steal your identity by monitoring your keystrokes. The
190983 - email will advise you to go to the Comcast Constant Guard
190984 - Center at
190985 -
190986 - https://constantguard.comcast.net
190987 -
190988 - ...where you can
190989 - access resources to help you remove the Bot from your
190990 - computer. An example of the Service Notice email can be
190991 - found at
190992 -
190993 - http://security.comcast.net/constantguard
190995 - ..
190996 - This
190997 - service e-mail is designed to proactively alert you to take
190998 - steps to protect your security interest on a real-time
190999 - basis. Our goal is to provide customers with a safe and
191000 - secure Internet experience.
191002 - ..
191003 - 2. Top-rated Norton Security Suite: Provides award-winning
191004 - online protection that helps guard against identity theft,
191005 - viruses, hackers, spam, phishing and more. It also includes
191006 - easy-to-use parental controls to help keep your kids safe
191007 - online. (A $160 value included at no additional charge.)
191009 - ..
191010 - 3. Secure Backup & Share: The new easier way to securely
191011 - backup and share your valuable files, like photos. (2 GB
191012 - storage included at no additional charge.)
191014 - ..
191015 - 4. Desktop Applications: The Comcast Toolbar includes
191016 - anti-spyware, network-embedded anti-spam and anti-virus
191017 - technologies brought to you through our partnerships with
191018 - Bizanga, Cloudmark, Goodmail CertifiedEmail and Return
191019 - Path. In addition, we use up-to-date blocklists from
191020 - Spamhaus and TrendMicro to help reduce and guard against
191021 - unwanted spam.
191023 - ..
191024 - 9. We appreciate your business.
191026 - ..
191027 - 10. Sincerely,
191029 - ..
191030 - 11. Comcast Customer Security Assurance
191032 - ..
191033 - 12. This is a service-related email. Comcast will occasionally
191034 - send you service-related emails to inform you of service
191035 - upgrades or new benefits to your Comcast High-Speed Internet
191036 - service.
191038 - ..
191039 - 13. Copyright 2010. Comcast. All other trademarks are properties of
191040 - their respective owners.
191042 - ..
191043 - 14. Comcast respects your privacy. For a complete description of
191044 - our privacy policy, click here.
191046 - ..
191047 - 15. Comcast
191048 - One Comcast Center, 10th Floor
191049 - 1701 JFK Boulevard
191050 - Philadelphia, PA 19103-2838
191051 - Attn: CHSI
191052 -
191054 - ..
1911 -
1912 -
1913 - 1138
1914 -
191401 - Called Comcast and talked to Alice.
191402 -
191403 - Alice is familiar with the Google search redirection problem.
191405 - ..
191406 - Alice said that Comcast's letter received this morning, per above,
191407 - ref SDS 0 UB7M, is intended to induce Comcast customers to buy or
191408 - otherwise become a Norton virus protection program customer.
191410 - ..
191411 - Alice said to call the virus protection program vendor for assistance
191412 - investigating Google search redirection.
191413 -
191414 -
1915 -
SUBJECTS
Virus C16 Google Search Redirection Intercepting Pccillin Virus Scan
4803 -
4804 - 1141
480501 - ..
480502 - Virus Google Search Redirection Trend Micro Support
480503 -
480504 - Follow up ref SDS 4 0001, ref SDS 1 QU5I.
480505 -
480506 - Since Comcast of free virus protection services with Norton cannot
480507 - resolve Google search redirection problems, per above, ref SDS 0 714E,
480508 - called Trend Micro.
480510 - ..
480511 - Talked to Katie.
480513 - ..
480514 - Katie is familiar with the Google search redirection problem. She
480515 - asked for the date of the last virus definition update and computer
480516 - scan.
480518 - ..
480519 - She asked for the serial number of pccillin on the computer. Found
480520 - this in the record on 100219 0811. ref SDS 2 IG5I
480522 - ..
480523 - Case number....... 1-1-387474399
480525 - ..
480526 - Katie asked for the date of last virus definition update, and the
480527 - date of the last virus scan?
480529 - ..
480530 - This was done on................................ 101117
480532 - ..
480533 - Katie asked to updated Pccillin virus protection. Did that.
480535 - ..
480536 - Asked to run a scan again to test for virus.
480538 - ..
480539 - Katie said to call Trend Micro when the scan is complete, so the next
480540 - step can be performed to clear search redirection problems.
480541 -
480543 - ..
4806 -
4807 -
4808 - 1128
4809 -
480901 - Virus scan on system.
480902 -
480903 - Went hiking.
480904 -
480906 - ..
4810 -
4811 -
4812 - 1345
4813 -
481301 - Returned scan nearly complete.
481302 -
481304 - ..
4814 -
4815 -
4816 - 1425
4817 -
481701 - Scan complete reports no virus or other threats found.
481702 -
481704 - ..
4818 -
4819 -
4820 - 1443
4821 -
482101 - Called Trend Micro.
482102 -
482103 - Talked to John.
482105 - ..
482106 - Updated email address and phone.
482108 - ..
482109 - Test for "cholesterol anacetrapib.
482111 - ..
482112 - For some reason, searches seem to work better today avoiding
482113 - redirection.
482115 - ..
482116 - John is sending a letter with diagnostic software.
482118 - ..
482119 - This problem and work plan seems similar to work with Trend Micro to
482120 - fix a prior virus problem reported on 091202 2306. ref SDS 1 QU5I
482122 - ..
482123 - John advised it is possible that the recent virus definition update
482124 - fixed the virus problem causing redirection problems on c16. This
482125 - does not seem likely because the virus scan did not report finding
482126 - any virus activity.
482128 - ..
482129 - Another possibility is that recent updates of Microsoft Windows XP
482130 - include downloads that fix search redirection problems.
482131 -
482132 - [...below on 101122 1116 at 1503 received letter from Trend
482133 - Micro with instructions for downloading code to diagnose
482134 - search redirection problems; decided not to do this work,
482135 - since redirection seems at the moment less severe.
482136 - ref SDS 0 W44H
482137 -
482138 -
482139 -
4822 -
SUBJECTS
Trend Micro Instructions Download Code Create Diagnostic Log C16 for
7303 -
7304 - 1503
730501 - ..
730502 - Received letter from John at Trend Micro, per work plan above to
730503 - resolve Google redirection problem. ref SDS 0 0G4K
730505 - ..
730506 - Since Google searches now seem to be working correctly, per above,
730507 - ref SDS 0 F45I, will forego doing this long diagnostic for now.
730509 - ..
730510 - Letter from Trend Micro says...
730511 -
730512 - 1. Subject: [SR1-1-387474399] Redirected to different page
730513 - Date: 23 Nov 2010 07:13:29 +0800
730520 - ..
730521 - 3. This is John from Trend Micro Consumer Support. Regarding the
730522 - website redirection, I apologize for the inconvenience this has
730523 - caused but rest assured that I will do my best to be of
730524 - assistance to you. We will need to gather log files from you
730525 - and for us to be able to more effectively investigate your
730526 - concern. Please find below the steps for gathering these
730527 - accordingly. You may print these out for your convenience, if
730528 - you wish:
730529 -
730530 - [On 101127 1017 received letter from John asking about
730531 - progress performing diagnostics on c16 to eliminate Google
730532 - search redirection problem. ref SDS 5 H26W
730534 - ..
730535 - [On 101217 1210 applied Trend Micro instruction on creating
730536 - a scan log to evaluate the problem of Google search
730537 - redirection, ref SDS 6 716S, and submitted the log for
730538 - analysis with a letter to Trend Micro. ref SDS 6 KO4Y
730540 - ..
730541 - 4. Getting the HiJackthis log:
730542 -
730543 - 1. Please click on the link below to download HiJackThis.exe
730544 -
730545 - http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
730546 -
730547 - 2. Click on 'Download HijackThis Installer'.
730549 - ..
730550 - 3. Then click 'Save'.
730552 - ..
730553 - 4. In the 'Save in' in drop down, make sure you select
730554 - 'Desktop'.
730556 - ..
730557 - Decided to save the download to....
730558 -
730559 - g: 00 trendmicro redirection_fix
730561 - ..
730562 - Trend Micro's letter continues...
730563 -
730564 - 5. Then click 'Save'.
730566 - ..
730567 - 6. Wait for the download to complete, then click 'Run'.
730569 - ..
730570 - 7. After the download click 'Install'.
730572 - ..
730573 - 8. The Trend Micro 'HijackThis' would open, click on "Do a
730574 - system scan and save a logfile"
730576 - ..
730577 - 9. Wait for bar to finish loading.
730579 - ..
730580 - 10. When its finished a “hijackthis.log – notepad” will show
730581 - up.
730583 - ..
730584 - 11. Click 'File' and select 'Save As'.
730586 - ..
730587 - 12. Save it on the 'Desktop'.
730589 - ..
730590 - 13. Click 'Save'.
730592 - ..
730593 - 14. The 'HijackThis.log' would show up on the desktop. And this
730594 - would be the file that you will attach on the email.
730595 -
730596 - [On 101217 1210 applied Trend Micro instruction on
730597 - creating a scan log to evaluate the problem of Google
730598 - search redirection, ref SDS 6 716S, and submitted the
730599 - log for analysis with a letter to Trend Micro.
730600 - ref SDS 6 KO4Y
730602 - ..
730603 - [On 101227 0948 letter from Trend Micro reports
730604 - examination of log file created on 101217, with
730605 - hijackthis.exe program received from Trend Micro and
730606 - according to Trend Micro instructions, did not resolve
730607 - Google search redirection virus problem, ref SDS 7 3G5F;
730608 - Trend Micro submits 28 additional detailed technical
730609 - steps for customer to help Trend Micro recover from
730610 - failure of Trend Micro virus protection with Pccillin.
730611 - ref SDS 7 9H3P
730613 - ..
730614 - [On 101227 1134 letter notifies Trend Micro that Google
730615 - Search redirection problem does not occur on Internet
730616 - Explorer (IE), only Netscape (Firefox), ref SDS 7 NU5P;
730617 - Window XP system on c16 reported memory could not be
730618 - read error on shut down, ref SDS 7 NU7Q; and that
730619 - implementing 28 detailed technical instructions received
730620 - from Trend Micro, did not correct failure of Pccillin to
730621 - prevent Google Search redirection virus using Firefox
730622 - browser. ref SDS 7 NU8S
730624 - ..
730625 - 5. Should you require help with generating the requested log file, you may call us at 1-800-864-6027 from Mondays to Fridays, 5:00 AM to 8:00 PM Pacific time.
730627 - ..
730628 - 6. By the way, if you have continued difficulties with following
730629 - and performing the provided troubleshooting steps, you may now
730630 - avail of our Premium Services offering. This is our extended
730631 - support package for our valued home users, with the following
730632 - advantages:
730634 - ..
730635 - Enjoy direct, priority access to Trend Micro Home User support
730636 - specialists.
730638 - ..
730639 - Ease your worries and let our experts do the work for you.
730640 -
730641 - [On 101217 1210 applied Trend Micro instruction on creating
730642 - a scan log using hijackthis.exe received from Trend Micro
730643 - to evaluate the problem of Google search redirection,
730644 - ref SDS 6 716S, and submitted the log for analysis with a
730645 - letter to Trend Micro. ref SDS 6 KO4Y
730647 - ..
730648 - Receive the help you need, when you need it most with Emergency
730649 - 24/7 support.
730651 - ..
730652 - 7. For more information on the Premium Services offerings to fit
730653 - your needs, please visit
730654 -
730655 - http://esupport.trendmicro.com/consumer/Pages/Premium.aspx.
730657 - ..
730658 - 8. Best regards,
730660 - ..
730661 - 9. John Catequista
730662 - Consumer Support Team
730663 - Trendlabs HQ, Trend Micro Incorporated
730665 - ..
730666 - 10. In order for us to have a history of our correspondence, please
730667 - do not delete the subject and the contents of this email.
730669 - ..
730670 - ===========================================================================
730672 - ..
730673 - For future inquiries, you may visit our support page using the
730674 - link below:
730675 -
730676 - http://esupport.trendmicro.com/support/consumer/consumerhome.do
730677 -
730678 -
730679 -
730680 -
730681 -
730682 -
730683 -
730684 -
730685 -
730686 -
730687 -
730688 -
7307 -
Distribution. . . . See "CONTACTS"