Hello i am new to these forums and I have looked for help with these topics and i haven't really found any, so any help would be appreciated, and i hope i put this in the right section

First off I decided to go on Norton and check the history of what it has been doing and i notice a lot of intrusion attempts being blocked on Norton. It is from 10.177.0.34 and it's traffic description is "UDP, Port 53". Now i noticed on the history that it is pretty random, so im guessing its a site that i am visiting(i turned on notification of this just in case it is the site, and i can avoid it). But i figure i would ask people here if it something more serious. I mean Norton blocks it, but i would like to stop it from even trying. Oh its risk name is "port scan". And it is "medium" severity.

Also not sure if this will help buy my internet is T-mobile mobile broadband, and I only us IE(newest version) now that FF doesn't allow nor tons tool bar. I have a Vista home premium, x64 bit.

Alright second topic. Also when checking my history i noticed "Au_.exe" made 41 changes to my computer. This kind of worries me, but it is at the same time i decided to unistall Firefox. Now I know it was because of Ff, but my question is, is it a good change, or did i set something off when i uninstalled it?

Third topic, I recently went into my temp folder and noticed i had a ton of files that i haven't deleted (like 256 mb worth, i always used the vista computer cleaner) so i deleted those, but shortly after I noticed that "irsetup" shows up on it and i don't have permission to delete it)I have UAC turned off and i am the administer) so i was wondering what i can do about that

And the last topic, all of a sudden today(well i didn't run a scan for a day or so, so it could have been in between that) My Norton doesn't fully scan my computer in "full scan mode", I normally have 600k+ files on both my c and d drive (500k+ is on my c) and now when it scans its only like 230k. So i decided to right click the c drive and scan it that way, a few more files showed up, but not all of them. I than decided to scan a specific file in the c drive and it also came up with a few more file, but was way off.

I decided at that point to shut off my computer and boot up in safe mode. When i did that it did a complete scan (630k ish) and didn't find anything, and i also decided to run spybot, and nothing was found. The only thing i found when it did the quick scan(pre safe mode) was some cookies, but i get those all the time and shows up in the can all the time( i use Google).

I would like to know what i should do about that, and if its a virus causing this or not. Im worried of reinstalling Norton, just in case it IS a virus and i wouldn't be able to reinstall Norton.

Also sorry about the wall of text, but i wanted to make my descriptions as specific as i could, so i can get an answer closer to what my problem is (yes i have looked some of this stuff up, but most of it wasn't that specific, and still left me wondering what to do). Also sorry for the multiple topics on one post, but i figured i would do one big topic, instead of multiple small ones, and save space.

Thank you for any answers you can provided, i am try my best to be a safe surfer online (i make sure it has the check mark from Norton, and i even read reviews about the site before i visit, minus sites i normally visit).

I just want to nip this in the butt, since i use my computer for a lot of things, and i don't want to risk the safety of my usage of my PC.

Oh i also forgot to add, i run the spybot Teatimer along with Norton for a week or two now, and it didn't have anything that popped up about something being wrong, or interfering with Norton. I also downloaded a windows update a week or so ago.

And can viruses be apart of Adobe reader? I noticed sometimes i had a download pop up that was "amazon" something and i denied it, and yesterday adobe was open, with out me reading a PDF and it popped up saying it was running and i couldn't shut down my computer until i closed it. I decided to uninstall adobe after that just in case. Again sorry for the wall of text.

Oh and I also forgot to add, IE crashed a few hours ago (well a tab) after it said it stopped a download when I was on basilmarket.com, Im not sure if this could be used for anything, but figured I would add this information.

And Also, when I start up my computer it sometimes starts up in 800x600 resolution(and mine is way higher) but I am able to change it back easily, so im not sure if it that is just a vista/graphics card problem.

EDIT: Forgot to add, I have NIS 2009.

Just wanted to bump this thread, I really want to know what i should do. Shortly after i started up my computer and started IE Norton said it blocked an intrusion attempt by the same number. I decided to look into the history some more, and i noticed i started getting these notifications this month, and the other intrusion it is blocking is coming from 10.184.80.242. Also in reguards to the full scan not working correctly, I have had norton for over 200 days and its the first this is happening, I would really apreciate some help on this. I want to know if this is fixable, something i need to worry about, or if i have to factory restore my computer (hope i dont have to do that seeing as i dont have a portiable HD)

What version and package of Norton do you have on your system?  You have Vista 64bit; what level of Vista and what service pack?  Thank you. 

I currently Have Norton Internet Security 2009, Version 16.5.0.135, I also ran live update and it says its up to date.

EDIT: forgot to add Vista Information, I have Vista home premium, service pack 2

Please download SysProt here http://sites.google.com/site/sysprotantirootkit/  (direct link for latest version is at the bottom of the page), disable Norton’s Auto-Protect feature (Settings > Real Time Protection > Auto-Protect > Off) and run SysProt.

Choose the Log tab and select all the items in the Write to log box. Then select Create Log to start scanning. When it is done, a message window will appear with the location of the log file.

Please attach the log file to a post here; the Add Attachments links is below the orange Post button. Thanks

Alright i will do that, but It may take me 5-10 min to post after, since i have to siable the auto-protect im going to dissconnect from the internet just in case.

Ok i ran the file as admin, but during the scan i did get a pop up saying it needs to be run as admin as well(i have UAC turned off) but i did get a text file from the scan so i will attach it to this message.

Hello i am new to these forums and I have looked for help with these topics and i haven't really found any, so any help would be appreciated, and i hope i put this in the right section

First off I decided to go on Norton and check the history of what it has been doing and i notice a lot of intrusion attempts being blocked on Norton. It is from 10.177.0.34 and it's traffic description is "UDP, Port 53". Now i noticed on the history that it is pretty random, so im guessing its a site that i am visiting(i turned on notification of this just in case it is the site, and i can avoid it). But i figure i would ask people here if it something more serious. I mean Norton blocks it, but i would like to stop it from even trying. Oh its risk name is "port scan". And it is "medium" severity.

Also not sure if this will help buy my internet is T-mobile mobile broadband, and I only us IE(newest version) now that FF doesn't allow nor tons tool bar. I have a Vista home premium, x64 bit.

Alright second topic. Also when checking my history i noticed "Au_.exe" made 41 changes to my computer. This kind of worries me, but it is at the same time i decided to unistall Firefox. Now I know it was because of Ff, but my question is, is it a good change, or did i set something off when i uninstalled it?

Third topic, I recently went into my temp folder and noticed i had a ton of files that i haven't deleted (like 256 mb worth, i always used the vista computer cleaner) so i deleted those, but shortly after I noticed that "irsetup" shows up on it and i don't have permission to delete it)I have UAC turned off and i am the administer) so i was wondering what i can do about that

And the last topic, all of a sudden today(well i didn't run a scan for a day or so, so it could have been in between that) My Norton doesn't fully scan my computer in "full scan mode", I normally have 600k+ files on both my c and d drive (500k+ is on my c) and now when it scans its only like 230k. So i decided to right click the c drive and scan it that way, a few more files showed up, but not all of them. I than decided to scan a specific file in the c drive and it also came up with a few more file, but was way off.

I decided at that point to shut off my computer and boot up in safe mode. When i did that it did a complete scan (630k ish) and didn't find anything, and i also decided to run spybot, and nothing was found. The only thing i found when it did the quick scan(pre safe mode) was some cookies, but i get those all the time and shows up in the can all the time( i use Google).

I would like to know what i should do about that, and if its a virus causing this or not. Im worried of reinstalling Norton, just in case it IS a virus and i wouldn't be able to reinstall Norton.

Also sorry about the wall of text, but i wanted to make my descriptions as specific as i could, so i can get an answer closer to what my problem is (yes i have looked some of this stuff up, but most of it wasn't that specific, and still left me wondering what to do). Also sorry for the multiple topics on one post, but i figured i would do one big topic, instead of multiple small ones, and save space.

Thank you for any answers you can provided, i am try my best to be a safe surfer online (i make sure it has the check mark from Norton, and i even read reviews about the site before i visit, minus sites i normally visit).

I just want to nip this in the butt, since i use my computer for a lot of things, and i don't want to risk the safety of my usage of my PC.

Oh i also forgot to add, i run the spybot Teatimer along with Norton for a week or two now, and it didn't have anything that popped up about something being wrong, or interfering with Norton. I also downloaded a windows update a week or so ago.

And can viruses be apart of Adobe reader? I noticed sometimes i had a download pop up that was "amazon" something and i denied it, and yesterday adobe was open, with out me reading a PDF and it popped up saying it was running and i couldn't shut down my computer until i closed it. I decided to uninstall adobe after that just in case. Again sorry for the wall of text.

Oh and I also forgot to add, IE crashed a few hours ago (well a tab) after it said it stopped a download when I was on basilmarket.com, Im not sure if this could be used for anything, but figured I would add this information.

And Also, when I start up my computer it sometimes starts up in 800x600 resolution(and mine is way higher) but I am able to change it back easily, so im not sure if it that is just a vista/graphics card problem.

EDIT: Forgot to add, I have NIS 2009.

Try again and do the right click / “Run as administrator…”, please.  Thanks.

Thats what i did before, i tried it again and during the scan i still got the pop up saying “needs to be run with admin”

In regards to your question about Malwarebytes’ Anti-Malware and the “Hijack.DisplayProperties,” did you disable the Windows Security Center notifications? I get that detection when I disable the notifications.

Ok, let's check with one other scan then.

Please download GMER from http://www.gmer.net and run the program. Select "Scan" and then "Save" the log. Do nothing else with the GMER program as it can harm your system if used incorrectly. Then attach the log file as a text file to a post here. The Add Attachments link is below the orange Post button.

Yeah i believe so, i turned off vista’s UAC, because i was getting a pop up for alot of things, and when i did research about it, i found it it really doesnt protect you, and since i have NIS i disabled the notifications for UAC. with the Hijack.display, i looked it up on google and found half saying it was false positive, and the other half of the people saying its malware.

Alright i ran GMe for both my C and D drive and it seemed to scan all the files, but im not sure(like it might be doing what NIS was doing) but i will attach both files. If i need to i will run these scans on safe mode. The first file is my c drive, and the second is my D drive.

I see no problems in your scan logs.

Your Norton scans may be adjusted by the Insight Trust levels increasing.  If you run Norton Insight off the main NIS screen, what level of Trust do you have set there?  If you set this to Full Scan and then scan your system, how many files does it scan then? 

(Remember to set this back to Standard Trust when done if you want; this setting tells the scan engine wither or not to scan a file based on the Insight database Trust level; Trusted files do not have to be rescanned every time so this speeds up your scanning and lessens Norton's load on your system.)

Yeah i remeber looking at the log and iot had like 200 + k trusted files, but it was still missing about 100k that the safe mode scan got. But it was a "standard" trust, and i changed it to a full scan and now im going to scan it and see what comes up. Also can you explain a little bit about the intrusion messages? As i said it started all of a sudden this month, and I have read somethings that it could be a program your using causeing it (but i have two diffrent ip's trying to access), It could because of malware/virus/etc, or it could just be someone scanning my computer. Should i worry about this more?

The intrusion is the thing that concerns me the most out of everything that i have posted about. Thank you for the help you are giving me BTW.

EDIT: Also i forgot to say the latest time it popped up it was when i went onto hotmail, and i know it starts up the messanger so it coudl be that, so i decided to test that theory, and go to the hotmail site again, and it didnt pop up so i dont think it was that.

Im currently running the virus scan and its at 500k files scanned, so im pretty sure that the issue, but the intrusion thing still buggs me, While my antivirus was scanning(and still is right now) i got 2 intrusion attemps from the ip address i put on my post, and it made my computer slow down, yet agian when i do a scan my computer is slow to begin with. I was using IE when it popped up. And the only thing the scan has found so far is tracking cookies, but that happens alot, and it didnt slow down when it deleted them

Hi AzureCubia,

The remote IP address shown in your alert is a local address that cannot be routed over the internet, so it is a DNS communication within your own network.  Look in the Norton Network Security Map and you should find a device on your network with an address that matches what you are seeing,  such as your router or modem.

Hm thats odd the only thing that shows up is the connection i created “tmobile 2” and it has a diffrenet address from the previous two i have mentioned. I used my blackberry, and i connect to my computer via USB cord, but i have been doing this since last december, and this just popped up this month. Could it be something else? and is thier a way i could look for it, besides the netword security map?

Go into your router settings and look at the Local Network Status screen.  This will show the IP address for the router and each device attached to it.  The main thing is that since 10.177.0.3 can’t be routed across the internet, it is definitely not an attack from an outside attacker.