• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

My pc was attacked 6x advice needed please

Hi

Norton did its job and blocked some attacks listed in red in history but Ive never had this issue ever before. Maybe its fine and it did its job but Id like to be sure.

xp home sp3 32bit nis 2010 no other live security all up to date.

My scans with mbam and norton are clean and windows live safety free scan thing, which I ran last night and it does install stuff it leaves on pc?  Problem?

My husband is an artist and (music fan) he has a blog at blogger and seperatly frequently googles artists names and looks at their images thru' google, ocas" norton will block it and we heed it.  This time he had no warning and norton said we had a high risk attack attempt it blocked. (He swore there was no red check in search but maybe he missed it?)

However same day earlier he had someone again sign his blog with little boxes that light like links and if you click them they go to seedy sites in asia or something. He deleted the reply on his blog and the whole post.  All seemed fine but then later whilst googling images ..... this image attack thing happen repeatedly? (dont know if they are connected at all)

Ive inc'd screen shots will try to post them right first try at it.

Im wondering is what norton is doing enough or do I need to block something in norton manually somehow?

We do use an external router which to best of my knowledge is set up to block stuff and I changed password, but since we clicked stuff I guess thats out.

Thanks for input and assist and Im a greenhorne with issues like this, be explicit in directions LOL.

This first screen shot is of history of what happened apparantly five times in a row (only show one all the same): 

The second was next day one time dont know if it is of concern or not..the java thing? Would disabling java help? ( I do have the most current version of java installed).

Replies

Kudos1 Stats

Re: My pc was attacked 6x advice needed please

We can't see the screenshots yet, as the moderators have to first allow them, and it can sometimes take some time :-)

Chances are, you just stumbled across a seedy website that made an attack attempt (or repeated ones) at your pc, which Norton blocked. However, we will be able to see more as soon as the screenshots are made available for us to see. I do not believe that you have anything to worry about though :-)

Matt

"The fact that man knows right from wrong proves his intellectual superiority to other creatures; but the fact that he can do wrong proves his moral inferiority to any creature that cannot."- Mark Twain
Kudos0

Re: My pc was attacked 6x advice needed please

Thanks Matt :) I drew over my pc addy was that appropriate when posting screen shots? Didnt wanna be a dummy and leave info there I shouldnt LOL? Also in my orig post I wrote about his blog on blogger could ya tell me if theres a chance it could infect his blog on blogger? (the seedy linked reply he removed, or doesnt it work like that)?  thnks :)

Kudos1 Stats

Re: My pc was attacked 6x advice needed please

It's not a problem :-)

Ok, I don't recognize either of those websites or their addresses. If I am correct, both of these attacks happened after you clicked on a link? and which one was it that happened "five" or so times? (I'm guessing the first (FakeAV scan attempt) one?)

have you had any problems since then? for instance when browsing common websites? (so while you are actually on the common website having clicked on nothing)

Matt

PS: it depends I suppose, whether or not malicious script can be uploaded to the blogger. I am guessing probably not. If he navigates to his blogger, does Norton block anything? if not then I would say there is no need to worry. I also do not believe that the two are connected... If you were infected and the infection uploaded something to his blog, then it stands to reason that it would do it again if it had been removed... I'm really not sure about this though.

"The fact that man knows right from wrong proves his intellectual superiority to other creatures; but the fact that he can do wrong proves his moral inferiority to any creature that cannot."- Mark Twain
Kudos0

Re: My pc was attacked 6x advice needed please

Thanks :) yeah the first one, fake av one was five try one.

No everything seems fine actually.  Thanks for input I do appreciate it immensily.

I was so spoiled by no big red alert attacks LOL till now.

Oh and I do surf on a limited user side of pc just for safety.

Kudos0

Re: My pc was attacked 6x advice needed please

Pleasure

I wouldn't worry about anything then - as it all seems fine. The FakeAV's are very persistent, hence the 5 tries.

But as I say, no need to worry about anything :-)

Matt

"The fact that man knows right from wrong proves his intellectual superiority to other creatures; but the fact that he can do wrong proves his moral inferiority to any creature that cannot."- Mark Twain
Kudos5 Stats

Re: My pc was attacked 6x advice needed please

I would be very concerned about the part of the advisory that states that the attack was resulted from Device\Harddiskvolume1\programfiles\internetexplorer\iexplore.exe.  This is very, very similar to the information provided when there is a rootkit on board attempting to access the internet.

I think there is cause for further investigation.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: My pc was attacked 6x advice needed please


delphinium wrote:

I would be very concerned about the part of the advisory that states that the attack was resulted from Device\Harddiskvolume1\programfiles\internetexplorer\iexplore.exe.  This is very, very similar to the information provided when there is a rootkit on board attempting to access the internet.

I think there is cause for further investigation.


Delphinium is right. There are several programs we can use to see whether or not you have a rootkit active on your system, however we will need an exper to remove them.

shall we move forward with this, then? :-)

PS: I have sent you a pm. at the top right of your screen you will see a yellow envelope, click on that to view the message.

"The fact that man knows right from wrong proves his intellectual superiority to other creatures; but the fact that he can do wrong proves his moral inferiority to any creature that cannot."- Mark Twain
Kudos0

Re: My pc was attacked 6x advice needed please

Oops...I didnt stop back, so whats next? Thanks for input.  I will try to do what you need to help, this all occured to my knowledge on the limited user side of pc and I did run malware bytes.

Will wait for input.

Kudos0

Re: My pc was attacked 6x advice needed please

I downloaded and ran GMER ran it under malware and rootkits tab nothing came up red.

I downloaded and ran trend micro's rootkit buster again nothing found. ( **Question tho: do the programs gmer and rootkit buster only install zip file I dont see them anywhere else after running? )

mbam is clean so is norton.

So? Pc runs fine.

Sometime in past year we had the darn downloader fake virus thing flip pages but we didnt click it and shut down, scanned after etc has been fine.

Also I freq get in norton that ctfmon.exe is trying to access net and it blocks it.  I asked about it a long time back and many said prob' a program trying to update hard to say.  I set all my programs to not do anything without me if I can set it too.

Oh and lastly I ran java ra to remove old programs of java for which there wasnt much, like one file.

 I wonder why it read like that...the hard disk program files one that delphinium pointed out it does end with ie tho?

Doe it reside on ie then or my prog files?

Thanks to all, will wait for input ;)

Kudos1 Stats

Re: My pc was attacked 6x advice needed please

Hello artfreak

I would suggest that you stop over at www.bleepingcomputer.com and have them tell you the proper tests or scans to see if you are indeed infected or not. I think they would be the quickest ones to find out if you have some malware on your system or not, but you may have to wait till it's your turn. Sometimes running the wrong scans can do more harm if you do indeed have malware. They will give you the standard tests or scans to run and will be able to diagnose if you do have malware and they also have strict rules that  need to be followed.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: My pc was attacked 6x advice needed please

Hi artfreak,

If you do not have any computer issues and your scans are clean you are likely not infected.  It sounds like you were redirected by one or more compromised web pages to malicious sites that attempted to use exploits to infect you.   These attacks appear to have been unsuccessful.  The attacks are shown as coming from Internet Explorer because the browser was the program through which the attacks came from the internet.  If everything seems normal, I would think you are OK.

Kudos0

Re: My pc was attacked 6x advice needed please

I must agree with floplot.  The GMER scan was incomplete and may or may not accurately idenify the recent rootkits.  MBAM does not identify rootkits.  Better to take the time to be safe than sorry.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain

This thread is closed from further comment. Please visit the forum to start a new thread.