Lot of Activity in History after clearing Trojan

Cleared a Trojan (APP_installer_ver_FDTVSV.exe) that I think I got from Harbor Freight scam. Now my Norton History shows a lot of activity, numerous "Firewall rules updated", and others.  I saw the "Download Insight Analyzed APP_installer, etc" with a "access allowed" when the Trojan hit, followed by a "high disk usage" shortly after, and am wondering that even if I quaranteened the Trojan, do I still have stuff that Norton is not getting, even in the Eraser mode. One history note that particularly concerns me is "Protecting your connection to a newly detected network on adapter "Realtek PCIe GbE Family Controller".  I don't think I have a new network.

 

 

 

 

 

wiznot12:

When I go to Firewall/General I see Reset+ clear with Apply gray.

When I click Reset [+].  I do not see Apply.  I see 
 

Did Live Up date and Restart. Confirmed Fast Start was off (had been on as default).  When I go to Firewall/General I see Reset+ clear with Apply gray. If I turn off Smart Firewall, Apply turns yellow, but Reset fades.  If I hit Reset with Smart Firewall on, I get a message that asks if I want to change, but Apply button remains gray and I can't follow thru.

I have also Removed and Restored Norton, but nothing seems to have changed, except I got a lot of "Unauthorized  Access Blocked-access process data" for a while. And more Firewall rule changes coming.

 

 

  • Please run Norton LiveUpdate and Restart (not Shut down) machine.  
  • Please confirm Windows Fast Startup is off. W10 [here] W11 [here]

Reset the Norton firewall settings
https://support.norton.com/sp/en/us/norton-360-deluxe/current/solutions/v15457115


How to post an image in the forums
https://community.norton.com/en/forums/how-post-image-forums-0

An excellent thought.  I did check and I am the Windows Administrator for this computer. 

If I go to Settings/Firewall/General Settings, all of the buttons are on. Same with Intrusion and Browser Protection.  I can change these to off and hit Apply that then lights up. So maybe my grey button issue was overstated.

If I go to Program Control or Traffic Rules in that series, I really don't know what to do.  Here, if I hit use default (which I thought would return me to the point before these constant "firewall rule change" started, it get nothing.

If I could go to default for these two, maybe that will stop the rule changes and so of the other concerning 'allows' that have nothing to do with me.

wiznot12:

I tried to reset my Firewall but the Access button is shaded out in General Settings and every other catagory.  I hesitated to try default, but that may also be compromised.

R U in Windows Admin user account? 
Users need Windows Admin user account to change Norton settings. 

Standard user accounts; Norton settings may appear disabled (grayed out).
Norton settings can also be greyed out after Norton detects and repairs a threat on your computer which requires a restart.

Thank you, and thank you for the quick response.  It calmed me on some of the activity, but I still have questions.  I leave my computer on thru the night after I scan, so cold startup should not be an driver. And I got this message before I accessed my computer in the morning: "You allowed COM Surrogate to access your network resources.,Allowed,No Action Required,COM Surrogate,C:\Windows\System32\dllhost.exe", which is ok unless the virus is masking.  And it comes with "Outbound TCP, https". 

I tried to reset my Firewall but the Access button is shaded out in General Settings and every other catagory.  I hesitated to try default, but that may also be compromised.

 

 

Hello. When there is a system cold start ( power on at the beginning of the day, system shutdown, or a restart for software installation ), you will see the IP address has disappeared notice in Norton History. Below are examples from my history logs on the system I am currently using:

IP address disappeared - This was my system restart that morning

As the restart takes place, Norton detects my same ethernet adapter as a NEW connection, where one was previously. These are both NORMAL.

Regarding Norton Firewall, reset it and restart the machine, look again for the same activity appearing which you are concerned with. If it appears I would install Malwarebytes and run a full system scan. It is compatible with Norton, BUT, should NOT be set to load when Windows starts. Doing so will cause issues as Norton and MBAM will compete against one another for system resources access. Please let us know what your results are so that we can follow up if needed.

For Windows: https://www.malwarebytes.com/

SA