Repeated Instrusion attempt

london2010 · ‎05-04-2010

Hello,

Hoping someone out here could help ! Over the last week or so Norton has been repeatedely blocking intrusion attempts - I've pasted a copy of my History below.

An intrusion attempt by m01n83kjf7.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE.

Any idea how to get rid of this virus / trojan / malware ? Any help will be much appreciated.

Thank you.

Tech83 · ‎07-30-2008

Hi! London2010,

Welcome to the Norton Community! :)

I have done some research and I must recommend that you sit tight, do nothing with the system and wait for Quads to provide you with some assisstance. :)

Luu777 · ‎05-05-2010

Hi, I am having the same problem. This problem started after Norton blocked a trojan called rurj.exe. Since that time I get blocked attacks from different websites including this one. The website seems to change daily and the attack comes through both explorer and firefox. Sometimes it also shows up as a Tidserv request to SVCHOST.EXE.

Hopefully I'm not hijacking this thread, but I thought the similarities of the attacks and the extra info might help resolve it for both of us.

london2010 · ‎05-04-2010

yep I get in Firefox too. Have you noticed thats its pretty much every time you're on Google as well ? Get it less frequently when on other websites.

Admins / Mods - Help !!

Luu777 · ‎05-05-2010

Mine just hits randomly, sometimes when I'm not even actively surfing, although I do see it quite a bit when on google.

Tech83 · ‎07-30-2008

Hi! All,

Please provide your installed OS and installed Service Pack Level (i.e., Windows XP SP3, Vista SP2, Windows 7 no SP).

Also provide your installed Norton product and its version (i.e., NIS 17.6.0.32). You can find this information by opening your Norton product and selecting Help & Support>About (In some Norton products it is Help then About).

This information will be useful in assisting you with your issue.

Tech83 :)

Luu777 · ‎05-05-2010

Windows XP SP3 here

Tech83 · ‎07-30-2008

Hi! Luu777,

Please download and install MalwareBytes Anti-Malware (if you do not already have it installed) from here. Your browser may present a message stating that "To protect you security your browser has blocked the download" (Wording will vary) click this message and select to download the file. Once the file is downloaded select to open the file. This will start the installation process; during this process you are presented with the option to update the program and open it select the options to do so. Select the option to Perform Full Scan click on Scan twice (by default your OS drive is selected usually Drive C). Wait for the scan to complete and select the option to fix any problems found by the program; MBAM should automatically open a log file save this file to an easy to access location. And post it here using the Add Attachment link to the bottom left of the Attachments box.

It will be reviewed by all who see your post and assisstance will be provided.

Tech83 :)

Tech83 · ‎07-30-2008

Hi! All,

I sent the information to a PC Specialist who identified the problem as Rootkit.Win32.TDSS.d and was told that this malware item is a fairly recent modification. The specialist was unsure about how recent and is doing further research.

Tech83 :)