Two questions, hopefully not related. Wondering why it is that I have to pay more to renew than to start new account online? Secondly and more important, I have, since I received notice that my subscription is due to be renewed received numerous notices from Internet Security telling me that it blocked an attempt to enter my computer. All, except one and it hasn't been repeated say it results from \DEVICE\HARDDISKVOLUME2\PROGRAMFILES (X86)\MSN\MSNCOREFILES\MSN.EXE. I have run quick scan, full system scan, Ad-Aware quick and full system scan, Housecall, ESET online scan, Malware Bytes, used the Norton Boot, booted in safe with networking and run the scans. Nothing shows up. Any ideas?
Hello sabaiThai
You can renew you subsciption also by shopping around in stores and at reputable online sites to find a better price. You do not have to buy the product thru the estore.
Ad aware may also be interfering with NIS.
Ok, let's see if I can get you the logs. I'm not the most computer savy person around, in fact I'm doing good to push the right buttons from time to time. I did notice that Norton is blocking Ad-Aware a lot and there is another aspect that I don't really have a clue as to what is going on. I will put that portion of the log here also just in case there is something there that needs to be looked at.
Thanks for the help.
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,Category,Default Action,Action Taken,IPS Alert Name,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
23-Jul-11 09:02,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
23-Jul-11 09:02,Info,Intrusion Prevention is monitoring 1694 signatures. Driver version: 10.0.1.3,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
23-Jul-11 09:02,Info,Intrusion Prevention Engine version: 4.9.0.5 Definitions Set version: 20110722.031,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
22-Jul-11 16:42,High,An intrusion attempt by 85.17.131.161 was blocked.,Blocked,No Action Required,,No Action Required,No Action Required,Web Attack: Phoenix Toolkit Variant Activity 4,"85.17.131.161, 80",cristopherm.info/yoboywjraokmgqiw.php,"USMC56-PC (192.168.1.2, 57249)",85.17.131.161,"TCP, www-http"
22-Jul-11 16:42,Info,Intrusion Prevention Signature Auto Block has blocked IP: 85.17.131.161 for a period of: 30 minutes,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
22-Jul-11 16:42,High,An intrusion attempt by 85.17.131.161 was blocked.,Blocked,No Action Required,,No Action Required,No Action Required,Web Attack: Malicious Toolkit Website 9,"85.17.131.161, 80",cristopherm.info/yoboywjraokmgqiw.php,"USMC56-PC (192.168.1.2, 57249)",85.17.131.161,"TCP, www-http"
22-Jul-11 16:04,High,An intrusion attempt by 174.127.98.40 was blocked.,Blocked,No Action Required,,No Action Required,No Action Required,Web Attack: Blackhole Toolkit Website 5,"174.127.98.40, 80",temp.livedanang.com/index.php?tp=413ac28f13a95e53,"USMC56-PC (192.168.1.2, 56160)",174.127.98.40,"TCP, www-http"
22-Jul-11 14:05,Info,Intrusion Prevention Signature Auto Block has blocked IP: 85.17.131.161 for a period of: 30 minutes,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
22-Jul-11 14:05,High,An intrusion attempt by 85.17.131.161 was blocked.,Blocked,No Action Required,,No Action Required,No Action Required,Web Attack: Phoenix Toolkit Variant Activity 4,"85.17.131.161, 80",cristopherm.info/yoboywjraokmgqiw.php,"USMC56-PC (192.168.1.2, 55288)",85.17.131.161,"TCP, www-http"
22-Jul-11 14:05,High,An intrusion attempt by 85.17.131.161 was blocked.,Blocked,No Action Required,,No Action Required,No Action Required,Web Attack: Malicious Toolkit Website 9,"85.17.131.161, 80",cristopherm.info/yoboywjraokmgqiw.php,"USMC56-PC (192.168.1.2, 55288)",85.17.131.161,"TCP, www-http"
22-Jul-11 09:26,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
22-Jul-11 09:26,Info,Intrusion Prevention Engine version: 4.9.0.5 Definitions Set version: 20110721.031,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
22-Jul-11 09:26,Info,Intrusion Prevention is monitoring 1693 signatures. Driver version: 10.0.1.3,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
21-Jul-11 21:24,Info,Intrusion Prevention is monitoring 1685 signatures. Driver version: 10.0.1.3,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
21-Jul-11 21:24,Info,Intrusion Prevention Engine version: 4.9.0.5 Definitions Set version: 20110720.031,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
21-Jul-11 21:24,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
21-Jul-11 18:45,High,An intrusion attempt by 174.127.98.40 was blocked.,Blocked,No Action Required,,No Action Required,No Action Required,Web Attack: Blackhole Toolkit Website 5,"174.127.98.40, 80",dred.acestimates.net/index.php?tp=4524b83cdb1fd7a0,"USMC56-PC (192.168.1.2, 51013)",174.127.98.40,"TCP, www-http"
21-Jul-11 17:09,Info,Intrusion Prevention is monitoring 1685 signatures. Driver version: 10.0.1.3,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
21-Jul-11 17:09,Info,Intrusion Prevention Engine version: 4.9.0.5 Definitions Set version: 20110720.031,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
21-Jul-11 17:09,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
21-Jul-11 13:14,High,An intrusion attempt by 85.17.131.161 was blocked.,Blocked,No Action Required,,No Action Required,No Action Required,Web Attack: Phoenix Toolkit Variant Activity 4,"85.17.131.161, 80",cccccc.ks.ua/gzylxob.php,"USMC56-PC (192.168.1.2, 56006)",85.17.131.161,"TCP, www-http"
21-Jul-11 13:14,Info,Intrusion Prevention Signature Auto Block has blocked IP: 85.17.131.161 for a period of: 30 minutes,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
21-Jul-11 13:14,High,An intrusion attempt by 85.17.131.161 was blocked.,Blocked,No Action Required,,No Action Required,No Action Required,Web Attack: Malicious Toolkit Website 9,"85.17.131.161, 80",cccccc.ks.ua/gzylxob.php,"USMC56-PC (192.168.1.2, 56006)",85.17.131.161,"TCP, www-http"
21-Jul-11 09:44,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
21-Jul-11 09:44,Info,Intrusion Prevention is monitoring 1685 signatures. Driver version: 10.0.1.3,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
21-Jul-11 09:44,Info,Intrusion Prevention Engine version: 4.9.0.5 Definitions Set version: 20110720.031,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
20-Jul-11 20:28,Info,Intrusion Prevention is monitoring 1680 signatures. Driver version: 10.0.1.3,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
20-Jul-11 20:28,Info,Intrusion Prevention Engine version: 4.9.0.5 Definitions Set version: 20110716.031,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
20-Jul-11 20:28,Info,Intrusion Prevention has been enabled,Detected,No Action Required,Intrusion Prevention,No Action Required,No Action Required,,,,,,
Category: Firewall - Network and Connections
Date & Time,Risk,Activity,Status,Recommended Action,Category,Gateway IP Address,Subnet Identifier,Gateway Physical Address
22-Jul-11 10:12,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:2ca1:969e:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
22-Jul-11 10:12,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::2ca1:969e:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
22-Jul-11 10:11,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:2ca1:969e:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
22-Jul-11 10:11,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::2ca1:969e:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 21:24,Info,Connected to a protected network. (::0),Protected,No Action Required,,::0,,
21-Jul-11 21:24,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,,127.0.0.0/255.0.0.0,
21-Jul-11 21:24,Info,Connected to a shared network. (00 1D 6A 76 3A 3F),Shared,No Action Required,,,,00 1D 6A 76 3A 3F
21-Jul-11 21:24,Info,"IP address has disappeared from adapter Realtek PCIe GBE Family Controller and is no longer being protected (IP address: 169.254.217.199).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 21:24,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:2ca1:969e:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 21:24,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::2ca1:969e:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 21:24,Info,"Protecting your connection to a newly detected network on adapter \"Realtek PCIe GBE Family Controller\" (IP address: 192.168.1.2).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 21:24,Info,"Protecting your connection to a newly detected network on adapter \"Realtek PCIe GBE Family Controller\" (IP address: 169.254.217.199).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 21:24,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 21:24,Info,"Protecting your connection to a newly detected network on adapter \"Realtek PCIe GBE Family Controller\" (IP address: fe80::b6:919e:2e5e:d9c7).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 17:10,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::34:c80d:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 17:10,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:34:c80d:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 17:10,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:2ca1:969e:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 17:10,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::2ca1:969e:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 17:09,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:34:c80d:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 17:09,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::34:c80d:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 17:09,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,,127.0.0.0/255.0.0.0,
21-Jul-11 17:09,Info,Connected to a shared network. (00 1D 6A 76 3A 3F),Shared,No Action Required,,,,00 1D 6A 76 3A 3F
21-Jul-11 17:09,Info,"IP address has disappeared from adapter Realtek PCIe GBE Family Controller and is no longer being protected (IP address: 169.254.217.199).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 17:09,Info,"Protecting your connection to a newly detected network on adapter \"Realtek PCIe GBE Family Controller\" (IP address: 169.254.217.199).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 17:09,Info,"Protecting your connection to a newly detected network on adapter \"Software Loopback Interface 1\" (IP address: 127.0.0.1).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 17:09,Info,"Protecting your connection to a newly detected network on adapter \"Realtek PCIe GBE Family Controller\" (IP address: 192.168.1.2).",Detected,No Action Required,Firewall - Network and Connections,,,
21-Jul-11 17:09,Info,"Protecting your connection to a newly detected network on adapter \"Realtek PCIe GBE Family Controller\" (IP address: fe80::b6:919e:2e5e:d9c7).",Detected,No Action Required,Firewall - Network and Connections,,,
20-Jul-11 20:29,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: fe80::3c1e:d8d2:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
20-Jul-11 20:29,Info,"IP address has disappeared from adapter Teredo Tunneling Pseudo-Interface and is no longer being protected (IP address: 2001::4137:9e76:3c1e:d8d2:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
20-Jul-11 20:29,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:34:c80d:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
20-Jul-11 20:29,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::34:c80d:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
20-Jul-11 20:29,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: 2001::4137:9e76:3c1e:d8d2:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
20-Jul-11 20:29,Info,"Protecting your connection to a newly detected network on adapter \"Teredo Tunneling Pseudo-Interface\" (IP address: fe80::3c1e:d8d2:915b:51de).",Detected,No Action Required,Firewall - Network and Connections,,,
20-Jul-11 20:28,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,,,127.0.0.0/255.0.0.0,
20-Jul-11 20:28,Info,Connected to a shared network. (00 1D 6A 76 3A 3F),Shared,No Action Required,,,,00 1D 6A 76 3A 3F
20-Jul-11 20:28,Info,"IP address has disappeared from adapter Realtek PCIe GBE Family Controller and is no longer being protected (IP address: 169.254.217.199).",Detected,No Action Required,Firewall - Network and Connections,,,
20-Jul-11 20:28,Info,"Protecting your connection to a newly detected network on adapter \"Realtek PCIe GBE Family Controller\" (IP address: 192.168.1.2).",Detected,No Action Required,Firewall - Network and Connections,,,
20-Jul-11 20:28,Info,"Protecting your connection to a newly detected network on adapter \"Realtek PCIe GBE Family Controller\" (IP address: 169.254.217.199).",Detected,No Action Required,Firewall - Network and Connections,,,
Two questions, hopefully not related. Wondering why it is that I have to pay more to renew than to start new account online? Secondly and more important, I have, since I received notice that my subscription is due to be renewed received numerous notices from Internet Security telling me that it blocked an attempt to enter my computer. All, except one and it hasn't been repeated say it results from \DEVICE\HARDDISKVOLUME2\PROGRAMFILES (X86)\MSN\MSNCOREFILES\MSN.EXE. I have run quick scan, full system scan, Ad-Aware quick and full system scan, Housecall, ESET online scan, Malware Bytes, used the Norton Boot, booted in safe with networking and run the scans. Nothing shows up. Any ideas?
Hi, sabaiThai,
How many Days have you got Remaining on your Current Subscripition Status? You should only be getting Subscription Alerts if you have Thirty Days or Less.
I think about 15.
Hi sabaiThai,
Your logs are showing periods when you are getting multiple alerts for web attacks involving toolkits. Sites are attempting to look for vulnerabilities in your installed software that can be exploited to install malware. Norton is blocking the threats. So, you are either often visiting a single site that has been compromised to redirect you to the malicious sites, or something already on your computer is connecting to the malicious sites. Are you getting these alerts randomly, or do they only happen when you go to a certain site or click on Google links?
They are random and are from sites that up until I started receiving these warning I never had problems with. I seldom use google, don't trust.
This all seems a bit odd. Have you ran Malware bytes in a full scan mode updated? I mean, thats alot of attacks on your system.
Yes, I've run Malware Bytes updated and in full scan, along with Norton, Ad-Aware, ESET online, Housecall online, Windows Malicious Software Removal Tool, booted and run Norton with the boot disk, nothing shows up. I've even run scans in safe mode. I clean with CCleaner at least daily. I run Norton quick scan several times a day. Like I said, all this and the Norton subscription renewal notice started at approximately the same date. And, all but one point to \DEVICE\HARDDISKVOLUME2\PROGRAMFILES (X86)\MSN\MSNCOREFILES\MSN.EXE.
What little I know leads me to believe that there should be a virus in my computer, but nothing has found it, so???????
Hello sabaiThai
I would recommend a visit to one of the free malware removal sites. They will tell you the proper scans to run and can tell you if your computer is infected or not and if it is, then they can help to get it cleaned up. Thanks.
Please go to one of these free Forums for help in removing your bad malware or rootkits.
http://www.bleepingcomputer.com
http://www.geekstogo.com/forum/
http://www.cybertechhelp.com/forums/
http://forums.whatthetech.com/
(Thanks to Delph for providing the list of sites)
Please come back and let us know what happens.