Yesterday I noticed that Norton popped up and said that it blocked an attack from 213.108.56.18 that was a file from an Adobe folder called ACROBD32.exe. It said it was a High threat.
And then an hour later I saw in my history that two medium attacks had been blocked. When I went to details in my history it stated that the Actor was C:\WINDOWS\EXPLORER.EXE and the Actor PID is 2128. It said the Target was Device\HarddiskVolume1\Porogram Files\Norton Internets Security\Norton Internet Security Engine\17.5.0.127\ccsvchst.exe and the Action was Send Terminate Message to Window and the Reaction was Unauthorized access blocked. (edit: the medium blocks seem to be part of the Norton Product Tamper Protection section)
Is this something different, or is this coming from the original High threat that happened an hour earlier? I don't notice anything different with my computer and I ran the Norton full scan a couple times and nothing showed up and I am completely up to date with all the default settings that were there when I installed the antivirus a couple weeks ago.
I just wanted to make sure that when Norton blocks these things, that I am okay. Or is there further action I need to take in order to make sure my computer is okay?
Yesterday I noticed that Norton popped up and said that it blocked an attack from 213.108.56.18 that was a file from an Adobe folder called ACROBD32.exe. It said it was a High threat.
And then an hour later I saw in my history that two medium attacks had been blocked. When I went to details in my history it stated that the Actor was C:\WINDOWS\EXPLORER.EXE and the Actor PID is 2128. It said the Target was Device\HarddiskVolume1\Porogram Files\Norton Internets Security\Norton Internet Security Engine\17.5.0.127\ccsvchst.exe and the Action was Send Terminate Message to Window and the Reaction was Unauthorized access blocked. (edit: the medium blocks seem to be part of the Norton Product Tamper Protection section)
Is this something different, or is this coming from the original High threat that happened an hour earlier? I don't notice anything different with my computer and I ran the Norton full scan a couple times and nothing showed up and I am completely up to date with all the default settings that were there when I installed the antivirus a couple weeks ago.
I just wanted to make sure that when Norton blocks these things, that I am okay. Or is there further action I need to take in order to make sure my computer is okay?
Thanks for the link to the Tamper Protection issue. I am glad that is not involved.
Oh, yes, it was ACRORD32.EXE (sorry about the typo) Does the capital letter difference matter?
Under the Advanced Details section of my norton history for the intrusion block. It says the attack was "resulted from \DEVICE\HARDISKVOLUME1\ PROGRAM FILES\ADOBE\READER 8.0\READER\ACRORD32.EXE" That is where I got the ACRORD32.EXE name from, so is it just capitals because of the fact it was displayed as such in the description?
It also says the attacker url is from some site I never visited (not sure if I am allowed to post links in case they are dangerous) but the end of the link says loadpdf.php so maybe it is the fact I haven't updated Adobe.
I just got a new netbook and have been installing all my software and antivirus. I haven't done anything with Adobe yet. I just checked my files and it says I have a Reader 8.0 folder in my Adobe Folder. There is AcroRd32.exe file in the Reader folder as well as an AdobeUpdateCheck.exe. I'm a little wary to run something that might be a problem. Do you think it would be safe to run the AdobeUpdateCheck.exe or should I attempt to start the AcroRd32.exe file and go through the Help - Check for Updates route?
I am curious about the exact event that Norton reported. Can you verify by looking specifically in the Norton Tamper Protection logs in your History (use the "Show" dropdown box at the top of the window) if this is showing up there, rather than in quarantine or as a resolved threat? If it too, is a Tamper Protection entry, then there is nothing to worry about. If it shows in Resolved Threats, Unresolved Threats, or Quarantine as a threat that was handled, more information would be useful.
Adobe 8 is still supported, but again you should check for updates as all versions of Adobe are getting security patches often. With a new PC it is important to update all the installed software, as security fixes have probably been issued for a number of applications that are installed by the manufacturer. You can run the Secunia Online Software Inspector to check for outdated and hence, risky programs. Secunia will direct you to the proper site to update any programs that it finds to be in need of patching.
Adobe Reader is up to 9.3 now and should be updated as soon as possible. I find the Adobe updaters too intrusive. I went into program rules and block them from accessing the net. When I want to update Adobe, I go through the website and download the latest version.
Below are the images of the two high risk screens.
It is not under the Tamper Protection section. It is not under resolved problems or quarantine either. Just under a Firewall instrusion block.
I will go to adobe's website and update that right away. Should I update the Adobe Reader, the Acrobat, or both? Can I just install the latest update, or do I have to update them in a specific order because I have such an outdated version?
If Norton blocked this, is there a chance that something else got through, and it just hasn't manifested on my pc yet? That is what I am most worried about.
If this was a blocked intrusion attempt you are safe. It will be a bit before your screenshots post, as they must be approved first, so bear with us.
You just need to update Adobe Reader, and as delphinium suggests, you are better off going with version 9.3.0. I would suggest uninstalling Adobe Reader 8 first and then going to Adobe.com and clicking the "Get Adobe Reader" link to download the latest version (NOTE: before clicking to download be sure to uncheck the box that offers to install the Free McAfee Security Scan along with the software that you actually want.).
I would suggest running a scan with malwarebytes just to make sure you are clean since there were a lot of instances of infected pdf files around. I know you are still installing programs, but there may be some things lurking there.
Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread.
It is a safer location to get the program from than malwarebytes themselves because the malware writers some times block the security programs' websites.
I installed the new Adobe Reader 9.3.0 from their site. (they also asked me to add a firefox add-on, is that a good thing to do as well?)
I downloaded the free version of Malewarebytes, updated it, and ran the full scan. It found two infected objects, and I saved the log file. Then I had malewarebytes remove both of them and a new log popped up and said they had been deleted and quarantined, but when I looked for the second logfile (that said it had been saved) I couldn't find it. But when I looked at it is said "quarantined and deleted" where the "no action taken" text is in the first log.
Edit: I found the second logfile. It was just saved in a different place. I attached it now, as the second one.
By the restore point, do you mean the one that was _restore followed by numbers that the log said was under C:\Sytstem Volume Information? How would I go about deleting that and creating a new one? As far as I know, I cannot locate that folder, and I do have all folders visible supposedly.
