• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos1 Stats

MicroSoft.PowrShell

Norton has displayed the message "suspicious outgoing traffic detected. Do you wish to run Norton Power Eraser? I have replied yes three times. Each time a problem with the registry  has been found. Each time the registry key has been removed and the problem reported as solved. The same message has been displayed after the first two instances, the registry key involved aa three times has been HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\Shellids\Microsoft.PowerShell\"ExecutionPolicy". I have not attempted any registry edits. What can I do to prevent this from happening?

Replies

Kudos1 Stats

Re: MicroSoft.PowrShell

may be related: https://community.norton.com/en/forums/norton-power-eraser-recurrent-powershell-problem

pasastrojohn:
Norton has displayed the message "suspicious outgoing traffic detected. Do you wish to run Norton Power Eraser?

need more info re message 

How to post an image in the forums.

For info re event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

Kudos0

Re: MicroSoft.PowrShell

Hello pasastrojohn. NPE is a very aggressive tool, I wouldn't allow it to make any changes to the registry for the simple reason there is a high possibility of a false positive. My recommendation is download Malwarebytes and run a full system scan, also make sure you have the rootkit scan selected. Let us know what MBAM finds.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93
Kudos1 Stats

Re: MicroSoft.PowrShell

I have not rum Malware Bytes but I did download the latest Norton updates and run a full system scan. I received a notification that trojan malijava was fully resolved.

Kudos0

Re: MicroSoft.PowrShell

Trojan.Maljava is a detection name used by Symantec to identify malicious Java files that exploit one or more vulnerabilities. 
https://www.symantec.com/security-center/writeup/2010-102003-2856-99#summary

Kudos0

Re: MicroSoft.PowrShell

Good news pasastrojohn and thanks for the update. I would still run MBAM just to ensure nothing is still hanging around that Norton would otherwise miss.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93
Kudos0

Re: MicroSoft.PowrShell

I ran MBAM and it found 31 files related to PUP.Option. I quarantined them all.

Kudos0

Re: MicroSoft.PowrShell

Have MBAM remove those files, you should then have a clean system. Whatever OS and version you are using make sure ALL your software is up to date. Remove older versions of JAVA, Flashplayer (if not on Windows 10), Adobe products, etc. These are known exploits for outdated software. If you have not done so, have a look at your router firmware and check for updates to it either from your ISP or directly from the manufacturer.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93

This thread is closed from further comment. Please visit the forum to start a new thread.