Hi Norton Community -
I am having my Computer constantly attacked from multiple IPs several times a day. This has been going on for some time and I think its related to a specific person that I have pissed off in the "real world".
So far Norton has blocked all these attacks but I am looking to understand what evidence I can gather and what options I have technologically before I take legal measures.
Please advise
Dan
Hi Dan,
Welcome to Norton Community!
Check the Security History and provide us the details on the attacks blocked by Norton, it will be helpful to identify the kind of threat that is trying to get into your computer. As a precaution, I would also suggest to download and run Norton Power Eraser tool :
http://www.symantec.com/norton/support/DIY/index.jsp
Go for Rootkit Scan and Restart the computer. Check if it detects any threats and if it does, please provide us the filename and other details.
Yogesh
Dan,
You can post a screenshot of the security History with the details of the high level threat.You can refer to the following post by Yaso_Kuuhl(guru):
http://community.norton.com/t5/Forum-Feedback/Forum-Tip-How-to-post-screenshots-in-the-forum/m-p/254415#M6103
If you need to remove a deeply embedded threat, include the rootkit scan as it provides the greatest chance of detecting and removing such threats. The Include Rootkit Scan option restarts your computer and proceeds with the scan after you log back in. If you are not concerned about detecting rootkits or prefer to skip the restart process, click Continue to proceed with a basic scan. More information is available in the following tutorial:
http://us.norton.com/products/tutorials/tutorials.jsp?pvid=nis2011&tutid=power_eraser
You need not have to send the files to Norton, you can fix the files if you are sure that the files are maliciouos. If you are not sure about the files detected as threats, please check the details and let us know the same.
Yogesh
Thanks. I will take screen shots. I would like to help the community and also possibly get some insights to maybe help corroborate my suspicions whom and where these people are located in the "real world".
I would suggest waiting to run the Norton Power Eraser until it is determined to be necessary. It is quite aggressive, and if mistakes are made, can damage the system. The screen shots would be the best way to go at the moment.
The above screenshots are the messages I receive when i attempt to FIX
I SCANNED and I believe the SCAN was sent to NORTON and an XML file was saved on my computer
I can take SCREENSHOTS of the various attacks that NORTON has BLOCKED over the past several weeks and months but I will wait for advice from the Community on how best to proceed before I do so
Thanks
Dan
We don't need all the IPS alerts showing blocked attacks, but screenshots of the most representative ones are necessary. So go ahead and post a few. The type of attack shown is the main thing we need, IP addresses aren't that informative. If you are not behind a router, you can obscure your own IP address for safety sake.
These 3 images I posted above are the attacks that hit last night.
I will now post others that have occurred over the past few weeks and more recent