We're aware that some users are experiencing technical issues which the team are working to resolve. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

norton constantly telling me it has blocked an attack

24

Comments

  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Fifth Anniversary 1,000 Posts Name Dropper Photogenic
    The cryptolocker virus doesn't "attack" your computer from outside, trying to get in.


    It gets in by you clicking on a suspect email attachment and then giving an executable (com, js or others) to run. (other attack vectors are available)


    The behaviour that Norton is exhibiting there, is because you have a cryptolocker variant running on your machine, and it is trying to contact a c&c server to gain its private encryption key so it can start encrypting your files ..


    Whatever virus scan you did - it was insufficient
  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Fifth Anniversary 1,000 Posts Name Dropper Photogenic
    The IP address tracks to here ...


    Capture.jpg


    Could this be your own IP address ?
  • hans_2
    hans_2 Posts: 420 Forumite
    or here


    Capture.jpg
  • donnac2558
    donnac2558 Posts: 3,637 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    I know last week around the same time each day I kept getting Norton has blocked, every day. You hit the x to close the pop up and it bang straight back about four or five times. I looked on Norton forum and others also got this, guru.net and someone said it was in Frankfurt. This week it has now stopped.

    The IP was 185.17.1846.80 and was an Intrusion Attack. There where no answers just well Norton is blocking it.
  • donnajunkie
    donnajunkie Posts: 32,412 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    Oblivion wrote: »
    Does your router have a section where you can list and block that attacking computer's IP address?
    i dont know. i am not clued up on that sort of thing and wouldnt know where to start.
  • donnajunkie
    donnajunkie Posts: 32,412 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    Are you with Virgin ? , check that your routers ip address is not 62.252.172.241
    my ip address is different.
  • donnajunkie
    donnajunkie Posts: 32,412 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    AndyPix wrote: »
    The cryptolocker virus doesn't "attack" your computer from outside, trying to get in.


    It gets in by you clicking on a suspect email attachment and then giving an executable (com, js or others) to run. (other attack vectors are available)


    The behaviour that Norton is exhibiting there, is because you have a cryptolocker variant running on your machine, and it is trying to contact a c&c server to gain its private encryption key so it can start encrypting your files ..


    Whatever virus scan you did - it was insufficient
    i havent clicked on any email attachment for a long time. suspect or not.
    when i ran hijack this there wasnt any sign of it running on the system.
    the scans i did where a full scan with malwarebytes, a full scan with norton, and all the varied scan options with norton power eraser.
  • donnajunkie
    donnajunkie Posts: 32,412 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    AndyPix wrote: »
    The IP address tracks to here ...


    Capture.jpg


    Could this be your own IP address ?
    no, i am knowhere near there. norton gives the destination its trying to attack ie my ip address and it is different.
  • donnajunkie
    donnajunkie Posts: 32,412 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    the stop notifying me button must be slow to react because a while after i posted about the issue here it eventually stopped notifying me.
  • donnajunkie
    donnajunkie Posts: 32,412 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    donnac2558 wrote: »
    I know last week around the same time each day I kept getting Norton has blocked, every day. You hit the x to close the pop up and it bang straight back about four or five times. I looked on Norton forum and others also got this, guru.net and someone said it was in Frankfurt. This week it has now stopped.

    The IP was 185.17.1846.80 and was an Intrusion Attack. There where no answers just well Norton is blocking it.
    i used to have kaspersky and that would often tell me it had blocked helkern. it wasnt so often as to annoy though. i changed back to norton coz kaspersky was expensive this year and norton was cheap. i think i will change back when norton runs out.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.6K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.4K Spending & Discounts
  • 243.6K Work, Benefits & Business
  • 598.3K Mortgages, Homes & Bills
  • 176.7K Life & Family
  • 256.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.