The cryptolocker virus doesn't "attack" your computer from outside, trying to get in.
It gets in by you clicking on a suspect email attachment and then giving an executable (com, js or others) to run. (other attack vectors are available)
The behaviour that Norton is exhibiting there, is because you have a cryptolocker variant running on your machine, and it is trying to contact a c&c server to gain its private encryption key so it can start encrypting your files ..
I know last week around the same time each day I kept getting Norton has blocked, every day. You hit the x to close the pop up and it bang straight back about four or five times. I looked on Norton forum and others also got this, guru.net and someone said it was in Frankfurt. This week it has now stopped.
The IP was 185.17.1846.80 and was an Intrusion Attack. There where no answers just well Norton is blocking it.
The cryptolocker virus doesn't "attack" your computer from outside, trying to get in.
It gets in by you clicking on a suspect email attachment and then giving an executable (com, js or others) to run. (other attack vectors are available)
The behaviour that Norton is exhibiting there, is because you have a cryptolocker variant running on your machine, and it is trying to contact a c&c server to gain its private encryption key so it can start encrypting your files ..
Whatever virus scan you did - it was insufficient
i havent clicked on any email attachment for a long time. suspect or not.
when i ran hijack this there wasnt any sign of it running on the system.
the scans i did where a full scan with malwarebytes, a full scan with norton, and all the varied scan options with norton power eraser.
I know last week around the same time each day I kept getting Norton has blocked, every day. You hit the x to close the pop up and it bang straight back about four or five times. I looked on Norton forum and others also got this, guru.net and someone said it was in Frankfurt. This week it has now stopped.
The IP was 185.17.1846.80 and was an Intrusion Attack. There where no answers just well Norton is blocking it.
i used to have kaspersky and that would often tell me it had blocked helkern. it wasnt so often as to annoy though. i changed back to norton coz kaspersky was expensive this year and norton was cheap. i think i will change back when norton runs out.
Replies
It gets in by you clicking on a suspect email attachment and then giving an executable (com, js or others) to run. (other attack vectors are available)
The behaviour that Norton is exhibiting there, is because you have a cryptolocker variant running on your machine, and it is trying to contact a c&c server to gain its private encryption key so it can start encrypting your files ..
Whatever virus scan you did - it was insufficient
Could this be your own IP address ?
The IP was 185.17.1846.80 and was an Intrusion Attack. There where no answers just well Norton is blocking it.
when i ran hijack this there wasnt any sign of it running on the system.
the scans i did where a full scan with malwarebytes, a full scan with norton, and all the varied scan options with norton power eraser.