Intrusion attempt - blocked(always)

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

After I've installed my norton systemworks(rightly after reformatting my drive c:), i did update it, then scanned my computer(full system scan). There were some viruses detected and removed. Hoping now there are no more threats or viruses on my pc. And so far I haven't seen any strange activities on my pc except that there is always an annoying intrusion attempt blocked by my NASW. For example in my security history:

it says - High - An intrusion attempt by ***.***.68.43 was blocked. >>and this keeps on blocking lyk 3 times in 5minutes or more. Can someone help me out why there is intrusions attempt by different IP address on my pc? how can i stop this vulnerability? thanks!

 

 

 

 

 

[edit: Broke IP address for privacy and security.]

Message Edited by Allen_K on 09-30-2008 08:10 AM

I think he should worry.  It’s one thing if Norton blocks it once.  It’s quite something else if Norton keeps on blocking it – that indeeds there is an ongoing activity that he needs to be aware of and deal with.  Don’t you agree?


mijcar wrote:
I think he should worry.  It's one thing if Norton blocks it once.  It's quite something else if Norton keeps on blocking it -- that indeeds there is an ongoing activity that he needs to be aware of and deal with.  Don't you agree?

 

It could be something to worry about, that is why I suggested doing a Full System Scan in Safe Mode. 

 

It could just be that the same computer is trying to access the computer but failing.

 

How often does it occur?  Please check your Intrusion Prevention History.  And I know you stated how often it occurs in your First Post; want an up-to-date Posts of this Issue.

Message Edited by Floating_Red on 09-29-2008 07:17 PM

Hi rey_0105,

 

The address you mentioned is included in the Internet registry space assigned to:

 

OrgName:    Asia Pacific Network Information Centre
OrgID:      APNIC

 

You can get more details by copying and pasting the address in the search box at whois.

 

You may also want to check the APNIC FAQ resource page.

 

I'm concerned with the frequency of the intrusion attempts.  Let us know how you do with the Full System Scan in Safe Mode as recommended by Floating_Red.

 

2 Likes

seems like there is a lot of activity as far as attempts to access computers that come from IP addresses in China.

I’ve done my full system scan in safe mode. Well, nothing was found. Still the attack is going on,but always blocked. Here’es the latest history in terms of the time: 1024 1024 1021 1021 1003 0731 0717 0647 0647 0644. Also I’ve traced the IP address. Like what Phil_D said it was from APNIC. But in their homepage they said its not them, they were just used by those “element” who want to infiltrate you. APNIC is also an “IP address searcher” so from there ive searched out again. What I’ve found out is the name of my ISP. Maybe that’s why we(attacker and my pc) have the same first 2 batch numbers in the ip address. Just a little history, recently my pc was infiltrated with viruses lyk “backdoor,trojans,trojan dropper” because i’ve installed a downloaded program maybe it was a fake one so all the virus were dropped on my system. And lyk what ive said earlier I did re4mat my system. Also, this(intrusion attempts) never happened when I was using NAV, not until now im using NASW. For me, its like im in a firing squad. Until now I still dont have a peace of mind about my pc although yeah they’re all blocked. But is there a way,were I can get out from this, like im going to be “invisibile” so that they would stop attacking me? Pls help!  I did appreciate for those who replied…=)

Hi rey_0105,

 

Are these intrusion attempts coming when you visit one specific website or are they from different websites?

 

Are you behind a router or do you connect directly to the internet?

 

In your first post, you said that right after you reformatted "There were some viruses detected and removed".  Is that correct?

 

If so, there's a problem. 

Message Edited by Phil_D on 09-29-2008 11:14 PM

Im connected directly to the internet. actually there’s no specific website, because wen i simply open my internet explorer or even im not surfing as long as im online to the net then the intrusion is still active. Yup, only the system disk i did re4mat because i dont wana erase my important files. That’s why i did full system scan asap after i’ve reformatted. Do u think there might still virus in my pc? coz ive done all the full system scan in safemode and none were already found. Not unless norton cannot detect. Even ryt now its attacking my pc…

What hppens when you use Firefox?

You could always set a Rule of your Firewall to Block the Ports it is using.

 

Also, you could also Un-Trust the I.P. Address(es) so that they do not have access to your computer.

 

If you want to do either of those, let me know.

 

What hppens when you use Firefox?
 

Real Time Protection = NIS 2009 + NAT
On Demand Protection = MBAM
Browser = Firefox w/Ad Blocker Plus
 
 >> I cant fully understand what you mean? But im using Firefox and my Norton Systemworks are always active and updated.

Could you explain me how does it help? and yah i want to try either of those! thanks man…

Hi rey_0105,

 

 

I would like to suggest two things to check your system for malware.

 

First download and install the trial version of Norton Anti-Bot. See if this helps your situation.

 

If that does not solve your issue, download, install and update the FREE version of Malwarebytes. This is an on-demand scanner which does not run in the background.

 

Once you have installed and updated Malwarebytes: unplug from the internet, restart your computer in Safe Mode and run a Full System scan with Malwarebytes.

 

Let us know how you do.

3 Likes

See this Thread: http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=9659

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

D:\INSTALLER\Acd24.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.

 

>>Hey guys! This was the result after i scanned my computer(about 4hrs) using Malwarebytes. The Norton AntiBot hasn't done anything. By the way these two programs are registered and updated. I also did what Floating_Red said on how to block a port. The bad news is it hasn't stop attacking me, and myNASW just kept blocking as usual. Thanks for those programs recommended, it would sure help giving me more protection. But what I think, maybe those like trojan.downloaders are the ones that try to download viruses on my pc. Maybe I could say my pc has been breached by some viruses(as what I have said earlier, I did reformat my system disk) or something thats why it keeps attacking my pc. Any suggestions how to detect and eradicate them all completely?? Thanks.. by the way I learned many things because of this.

Hi rey_0105,

 

It would not be uncommon to have to perform both the Norton and Malwarebytes scans a few times to achieve the desired results.

 

Be sure to run them in Safe Mode while unplugged from the internet.

 

Also I would recommend deleting all of your system restore points by temporarily turning off System Restore. Your System Restore Points may be harboring the infection.

 

Now for the quandary; your reported results show the registry keys infected, yet the last entry shows that "D" was infected.  You mentioned earlier that you had reformatted your "C" drive and immediately after, the first scans showed virus detection. That is highly unusual after a complete reformat. Since D is shown on the report, we will need some more information.

 

Can you elaborate on how your system is set up? Which drive is your operating system on? What is drive "D" used for?

 

Thanks.

 

Message Edited by Phil_D on 10-02-2008 09:37 AM

You might be confused here. I have 3 drives. Drive C: where  the operating sytem is on. While D and E was for my important files. When my pc was infected, I have no choice but to reformat my system disk which is drive C. Ofcourse not my D and E because I dont have any backups for my data bank, although I know there’s a big chance that they could also be infected. So after positioning my system back, what I did first was to install my new NASW (because before i reformatted it I was only using NAV). Then updated it and removed all the viruses left. No more signs of viruses did, except for that intrusion attempts everytime I’m connected to the Internet. And that’s what we’ve been doin. Ok, I’ll run again the full system scan of Norton and Malware in Safe Mode and turning of all the system restore points. I’ll relay the progress asap. Thanks.


rey_0105 wrote:
You might be confused here. I have 3 drives. Drive C: where  the operating sytem is on. While D and E was for my important files. When my pc was infected, I have no choice but to reformat my system disk which is drive C. Ofcourse not my D and E because I dont have any backups for my data bank, although I know there's a big chance that they could also be infected. So after positioning my system back, what I did first was to install my new NASW (because before i reformatted it I was only using NAV). Then updated it and removed all the viruses left. No more signs of viruses did, except for that intrusion attempts everytime I'm connected to the Internet. And that's what we've been doin. Ok, I'll run again the full system scan of Norton and Malware in Safe Mode and turning of all the system restore points. I'll relay the progress asap. Thanks.

 

I know it probably too late, but make sure you Update both Products before Scanning in Safe Mode.

Hi rey_0105,

 

Okay I understand now, but it is unusal for a "storage drive" to be infected with a Trojan Downloader.exe. 

 

Be sure to run the all of the suggested scan procedures on ALL of your drives.

 

Let us know how you do.