Computer Constantly being Attacked

Hi Norton Community -

 

I am having my Computer constantly attacked from multiple IPs several times a day.  This has been going on for some time and I think its related to a specific person that I have pissed off in the "real world".

 

So far Norton has blocked all these attacks but I am looking to understand what evidence I can gather and what options I have technologically before I take legal measures.

 

Please advise

 

Dan

Hi Dan,

 

Welcome to Norton Community!

 

Check the Security History and provide us the details on the attacks blocked by Norton, it will be helpful to identify the kind of threat that is trying to get into your computer. As a precaution, I would also suggest to download and run Norton Power Eraser tool :

http://www.symantec.com/norton/support/DIY/index.jsp


Go for Rootkit Scan and Restart the computer. Check if it detects any threats and if it does, please provide us the filename and other details.


 Yogesh

Hi Yogesh,

 

Thank you for the welcome to the Norton Community!

 

I have a complete log of the HIGH level threats I have received via my Security History. How can I best provide you with he details on the attacks blocked by Norton? 

 

I will absolutely download and run Norton Power Eraser tool. Thank you so so much for providing me the link.

http://www.symantec.com/norton/support/DIY/index.j​sp


Can you explain what "Rootkit Scan" is ? I am not familiar with that term. Also, how can I "copy" any threats that are detected so I can send to Norton?

 

Thanks again for the help


 Dan

Dan,

 

You can post a screenshot of the security History with the details of the high level threat.You can refer to the following post by Yaso_Kuuhl(guru):

http://community.norton.com/t5/Forum-Feedback/Forum-Tip-How-to-post-screenshots-in-the-forum/m-p/254415#M6103

 

If you need to remove a deeply embedded threat, include the rootkit scan as it provides the greatest chance of detecting and removing such threats. The Include Rootkit Scan option restarts your computer and proceeds with the scan after you log back in. If you are not concerned about detecting rootkits or prefer to skip the restart process, click Continue to proceed with a basic scan. More information is available in the following tutorial:

http://us.norton.com/products/tutorials/tutorials.jsp?pvid=nis2011&tutid=power_eraser

 

You need not have to send the files to Norton, you can fix the files if you are sure that the files are maliciouos. If you are not sure about the files detected as threats, please check the details and let us know the same.

 

Yogesh

Thanks. I will take screen shots. I would like to help the community and also possibly get some insights to maybe help corroborate my suspicions whom and where these people are located in the "real world". 

I would suggest waiting to run the Norton Power Eraser until it is determined to be necessary.  It is quite aggressive, and if mistakes are made, can damage the system.  The screen shots would be the best way to go at the moment.

NORTON1.jpg

Norton2.jpg

Norton3.jpg

The above screenshots are the messages I receive when i attempt to FIX

 

I SCANNED and I believe the SCAN was sent to NORTON and an XML file was saved on my computer

 

I can take SCREENSHOTS of the various attacks that NORTON has BLOCKED over the past several weeks and months but I will wait for advice from the Community on how best to proceed before I do so

 

Thanks

 

Dan

We don't need all the IPS alerts showing blocked attacks, but screenshots of the most representative ones are necessary.  So go ahead and  post a few.  The type of attack shown is the main thing we need, IP addresses aren't that informative.  If you are not behind a router, you can obscure your own IP address for safety sake.

NORTON4.jpg

NORTON5.jpg

NORTON8.jpg

These 3 images I posted above are the attacks that hit last night.

 

I will now post others that have occurred over the past few weeks and more recent

NORTON9.jpg

NORTON10.jpg

NORTON11.jpg

NORTON33.jpg

NORTON44.jpg