Antivirus 2009 Team's Page

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Not quite a Newb Joined: 29 Oct 2008 Posts: 55

A huge scam going on is Antivirus 2009. They have a page at: http://www.innovagest2000.com .. so is anyone able to do anything with it?

-Rezo

Posted: Thu Nov 06, 2008 1:36 pm

Is it dead already?

Posted: Thu Nov 06, 2008 2:07 pm

I wouldn't go there without a 'noscript' addon, Dr Web says it's safe, but it does try to execute some java code.

https://secure.innovagest2000.com/c0914f0dac5a1d721056e9b46650ab77/

https: so it must be really secure, the /c0914f0dac5a1d721056e9b46650ab77/ 'generated connection string look alike' is actually a directory Rolling Eyes

Not quite a Newb Joined: 29 Oct 2008 Posts: 55

No. It is not dead at all. Still taking people's money from around the world.

Posted: Thu Nov 06, 2008 2:27 pm

Quote:

Address lookup
canonical name secure.innovagest2000.com.
aliases
addresses 69.20.117.228
Domain Whois record

Queried whois.internic.net with "dom innovagest2000.com"...

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: INNOVAGEST2000.COM
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Whois Server: whois.joker.com
Referral URL: http://www.joker.com
Name Server: NS1.DNS-EYE.COM
Name Server: NS2.DNS-EYE.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 02-jun-2008
Creation Date: 17-jul-2005
Expiration Date: 17-jul-2010

Quote:

Queried whois.joker.com with "innovagest2000.com"...

domain: innovagest2000.com
owner: n/a
organization: INNOVAGEST 2000 SL
email: [email protected]
address: CL PEDRO TEIXEIRA 10, S 25
city: Madrid
postal-code: 28020
country: ES
phone: +34.932060230
fax: +34.932060231
admin-c: CCOM-376854 [email protected]
tech-c: CCOM-376854 [email protected]
billing-c: CCOM-376854 [email protected]
nserver: ns1.dns-eye.com 69.20.68.36
nserver: ns2.dns-eye.com 216.195.63.143
status: lock
created: 2005-07-17 17:45:40 UTC
modified: 2008-06-02 09:34:34 UTC
expires: 2010-07-17 17:45:39 UTC

contact-hdl: CCOM-376854
person: Soledad Barros
organization: New Concept Business S.L.
email: [email protected]
address: Strawinskylaan 1443
city: Amsterdam
postal-code: 1077 XX
country: ES
phone: +1.8004998551

Quote:

Network Whois record

Queried whois.arin.net with "69.20.117.228"...

OrgName: Rackspace.com, Ltd.
OrgID: RSPC
Address: 9725 Datapoint Drive
Address: Suite 100
City: San Antonio
StateProv: TX
PostalCode: 78229
Country: US

NetRange: 69.20.0.0 - 69.20.127.255
CIDR: 69.20.0.0/17
NetName: RSPC-NET-4
NetHandle: NET-69-20-0-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS.RACKSPACE.COM
NameServer: NS2.RACKSPACE.COM
Comment:
RegDate: 2003-01-24
Updated: 2004-04-28

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName: Abuse Desk
OrgAbusePhone: +1-210-892-4000
OrgAbuseEmail: [email protected]

OrgTechHandle: IPADM17-ARIN
OrgTechName: IPADMIN
OrgTechPhone: +1-210-892-4000
OrgTechEmail: [email protected]

OrgTechHandle: ZR9-ARIN
OrgTechName: Rackspace, com
OrgTechPhone: +1-210-892-4000
OrgTechEmail: [email protected]

What was the complaint ?

Quote:

Innovagest 2000 S.L.
Cl Pedro Teixeira 10, S 25
28020 Madrid

email: [email protected]
Tel: 1-800-845-4951

Posted: Thu Nov 06, 2008 2:43 pm

It's a rogue malware distributor: here's some more about them:

http://certifiedbug.com/blog/2008/09/30/rogues-privacy-or-security-risks-from-innovagest/

Posted: Thu Nov 06, 2008 2:47 pm

So he has a lousy product, Norton-Symantec will chew him up, no worries about that. To find proof to kill him will take too long if you can find anything, he is not new on the market.

Posted: Thu Nov 06, 2008 2:57 pm

I'm afraid it's not as simple as that, Bill .. They lure you to download their product by saying your PC has a virus infection .. Once you install their product the shit hits the fan ..

Posted: Thu Nov 06, 2008 3:03 pm

You can call that a bug and provide after awhile an update or patch like M$ windoze does, that's no crime.
Or you call it a lemon, like a used car that breaks down the next week and you took no guarantee when you bought it.

But if I have to talk code and debug their program that they did it on purpose, that's too much to ask, there is something like personal responsibility, we can't chase all bad buys Wink

Posted: Thu Nov 06, 2008 3:17 pm

It's not bad buys .. but free downloads to get rid of your virus infections.
The free download however is piled with malware .. so you'd have to buy their product to get rid of that ..

bill2 wrote:

we can't chase all bad buys Wink

Agree on that one, this is not 419 related fraud, and has to be dealt with on other (higher) levels..

Not quite a Newb Joined: 29 Oct 2008 Posts: 55

Bill:

You have no idea what you're talking about.

#1. Windows XP is no longer being updated. (go read the news, so anything that compromises XP, you're stuck with)

#2. You sadly mentioned that Symantec is going to fix the problem.. yeah right. Actually, you have to use a program called "MalwareBytes" on top of everything you use from Symantec because it is too weak to quarantine these types of infections.

#3. Any time you can report this shit, you should. They need to be /removed

Posted: Fri Nov 07, 2008 4:05 pm

3)but if I can kill a site that I don't like for no reason then no software firm is safe for me.
1)My XP pro still gets updated.
2)Haven't had a problem yet, with or without Norton.

If you think it's that important then give me proof of what they do and I give it a try, but just an email from an unhappy customer won't do it I'm afraid.

Posted: Fri Nov 07, 2008 4:31 pm

RezoTheRed wrote:

#1. Windows XP is no longer being updated. (go read the news, so anything that compromises XP, you're stuck with)

This is BS, even today PC's are shipped with XP. Try to find a new eee laptop that hasn't got XP (or linux)

Quote:

#3. Any time you can report this shit, you should. They need to be /removed

Read this: You think we can do more than Microsoft can with their legal power?

What do you reckon we can do from here, besides the fact this has nothing to do with 419 fraud?

Baiting Guru Joined: 03 May 2007 Posts: 18313

Moved here from the fake bank forum.

Rezo, we deal with sites set up by scammers for advance fee fraud, this is not the type of site we deal with here.

From your posts, it sounds like this is indeed something that should be addressed, but it isn't what we work on in the fake bank forum. Please do work on it yourself if you'd like.

Additionally, please don't barge in and demand that members address things that are not dealt with here, per your post:

Quote:

#3. Any time you can report this shit, you should. They need to be /removed

Not quite a Newb Joined: 29 Oct 2008 Posts: 55

In due time, they will all stop receiving security updates. Be aware of the "lifecycle policy."

Example: http://www.microsoft.com/windows/support/endofsupport.mspx

-Rezo

Posted: Fri Nov 07, 2008 5:55 pm

In due time, yes of course .. But the link you posted concerns XP SP1 ..

For XP SP2 (which everyone has by now) I copied and pasted:

Quote:

Windows XP Service Pack 13-Jul-2010

And you can bet this will extended several years too ..

Posted: Fri Nov 07, 2008 7:52 pm

I recognize that disclaimer verbiage in the other thread--if this is the rogue antivirus I think it is, it has been around for years and they come up with new editions each year. They also usually have several sites.

Two or three years ago I spent many hours removing the "antivirus" and its registry damage and spyware from one of the computers at my nonprofit after an employee fell for their tactics and downloaded an earlier version.

This is not your average scammer--you are talking about sleazy spyware pros who are experts at keeping their *sses covered.

You can try to have this site shut down, but I suspect that until they are prosecuted, you will not be able to prove the violations needed to get them shut down.

Posted: Mon Nov 24, 2008 11:43 pm

You should use Linux, you close-minded mortals! Laughing

Posted: Mon Nov 24, 2008 11:47 pm

Linux? Can you eat that?

Chuck Norris Joined: 11 Jun 2007 Posts: 1369

innovagest2000.com:

Quote:

Domain Name: INNOVAGEST2000.COM
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Whois Server: whois.joker.com
Referral URL: http://www.joker.com
Name Server: NS1.DNS-EYE.COM
Name Server: NS2.DNS-EYE.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 02-jun-2008
Creation Date: 17-jul-2005
Expiration Date: 17-jul-2010

Look at the types of sites on ns1.dns-eye.com/ns2.dns-eye.com:

http://www.robtex.com/dns/ns1.dns-eye.com.html

http://www.robtex.com/dns/ns2.dns-eye.com.html

Our "friends" RBN up to their same old tricks--they are truly the worst of the worst.

Not quite a Newb Joined: 29 Oct 2008 Posts: 55

It looks like nobody has been able to stop them yet..

Big surprise. All the losers on this forum site combined can't stop anything. lol. 18 days and law enforcement can't catch up.

HA. HA. HA.

Chuck Norris Joined: 11 Jun 2007 Posts: 1369

Posted: Tue Nov 25, 2008 5:16 am

RezoTheRed wrote:

Big surprise. All the losers on this forum site combined can't stop anything. lol.

Ouch.

Sorry genius, if you've been just as unable to do anything about this site, then like most of us, you're part of the loser crew. Don't worry princess, I personally think you should divert all your efforts and online time to killing that site yourself. Let us know how you go.

Laughing

Baiting Guru Joined: 03 May 2007 Posts: 18313

Rezo: Who are you referring to as losers? If you mean Eater members, you're quite welcome to stop logging in here.

Posted: Tue Nov 25, 2008 5:26 am

Now look what you've done Rezo. You've awoken the sleeping dragon. I'm locking this to protect you from yourself. I have a feeling someone may take offence to being called a loser. I know I'm hurt. I started to cry. Seriously. I'm all cut up about it.

If you wish to remain a member of this forum. Please PM me, or another mod your disgust. Don't post about it. We fear for the safety of defenceless creatures against a stronger foe. Laughing

Antivirus 2009 Team's Page	View next topic View previous topic