• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Potential System Security Risk

I have a personal computer that I decided to run an IIS server on. It is new, so I know nobody is actually visiting my website.

Ever since I turned it on, Norton has been repelling all sorts of attacks including, lately, "System Infected: Trojan.Backdoor Activity 234" as well as "Suspicious Outbound Traffic".

I'm concerned because this is my main machine where I do my banking and my other personal transactions.

I do not have enough $$$ to separate the two.

What can I do to block this? How are these trojans getting on my machine? My machine is the source address... and the destination address is somewhere in Russia. How did they get on my machine? Through an SSL port, nonetheless!

What the hell are they stealing!?

Replies

Kudos0

Re: Potential System Security Risk

The first infection suggests your computer is already compromised, please read this article: https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30344

The second notice "Suspicious Outbound Traffic" affirms that traffic is outbound to a remote server.

My suggestion - Uninstall ISS or disable, run a full system scan OFFLINE. Once done check your client SSL status here:

https://www.ssllabs.com/ssltest/viewMyClient.html

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93
Kudos0

Re: Potential System Security Risk

I'd like to know how I can disenfect my machine. Do you have any advice on that other than running a full system scan offline? I have ran a full system scan while online, though. How will being offline be any different?

Thanks!

Kudos0

Re: Potential System Security Risk

SRM being offline will keep outbound traffic from connections to anything remote. As before disable IIS and perform a full system scan. If you prefer you can use NPE, the built in version inside the Norton UI  however still disable IIS and it must be online to do its job.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93
Kudos0

Re: Potential System Security Risk

SRM, following up on your status.

Cheers

Retired military (Navy 1980-2002) AO1 (AW) Aviation Warfare Specialist "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.437 / NCSP 22.17.0.183 / Norton Core v.282 on Android 1.93

This thread is closed from further comment. Please visit the forum to start a new thread.