norton constantly telling me it has blocked an attack

in Techie Stuff
39 replies 6.6K views
24

Replies

  • AndyPixAndyPix Forumite
    4.8K Posts
    1,000 Posts Fifth Anniversary Name Dropper Photogenic
    Forumite
    The cryptolocker virus doesn't "attack" your computer from outside, trying to get in.


    It gets in by you clicking on a suspect email attachment and then giving an executable (com, js or others) to run. (other attack vectors are available)


    The behaviour that Norton is exhibiting there, is because you have a cryptolocker variant running on your machine, and it is trying to contact a c&c server to gain its private encryption key so it can start encrypting your files ..


    Whatever virus scan you did - it was insufficient
  • AndyPixAndyPix Forumite
    4.8K Posts
    1,000 Posts Fifth Anniversary Name Dropper Photogenic
    Forumite
    The IP address tracks to here ...


    Capture.jpg


    Could this be your own IP address ?
  • donnac2558donnac2558 Forumite
    3.6K Posts
    Part of the Furniture 1,000 Posts Name Dropper
    Forumite
    I know last week around the same time each day I kept getting Norton has blocked, every day. You hit the x to close the pop up and it bang straight back about four or five times. I looked on Norton forum and others also got this, guru.net and someone said it was in Frankfurt. This week it has now stopped.

    The IP was 185.17.1846.80 and was an Intrusion Attack. There where no answers just well Norton is blocking it.
  • donnajunkiedonnajunkie Forumite
    32.4K Posts
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    Forumite
    Oblivion wrote: »
    Does your router have a section where you can list and block that attacking computer's IP address?
    i dont know. i am not clued up on that sort of thing and wouldnt know where to start.
  • donnajunkiedonnajunkie Forumite
    32.4K Posts
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    Forumite
    Are you with Virgin ? , check that your routers ip address is not 62.252.172.241
    my ip address is different.
  • donnajunkiedonnajunkie Forumite
    32.4K Posts
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    Forumite
    AndyPix wrote: »
    The cryptolocker virus doesn't "attack" your computer from outside, trying to get in.


    It gets in by you clicking on a suspect email attachment and then giving an executable (com, js or others) to run. (other attack vectors are available)


    The behaviour that Norton is exhibiting there, is because you have a cryptolocker variant running on your machine, and it is trying to contact a c&c server to gain its private encryption key so it can start encrypting your files ..


    Whatever virus scan you did - it was insufficient
    i havent clicked on any email attachment for a long time. suspect or not.
    when i ran hijack this there wasnt any sign of it running on the system.
    the scans i did where a full scan with malwarebytes, a full scan with norton, and all the varied scan options with norton power eraser.
  • donnajunkiedonnajunkie Forumite
    32.4K Posts
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    Forumite
    AndyPix wrote: »
    The IP address tracks to here ...


    Capture.jpg


    Could this be your own IP address ?
    no, i am knowhere near there. norton gives the destination its trying to attack ie my ip address and it is different.
  • donnajunkiedonnajunkie Forumite
    32.4K Posts
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    Forumite
    the stop notifying me button must be slow to react because a while after i posted about the issue here it eventually stopped notifying me.
  • donnajunkiedonnajunkie Forumite
    32.4K Posts
    Part of the Furniture 10,000 Posts Name Dropper Combo Breaker
    Forumite
    donnac2558 wrote: »
    I know last week around the same time each day I kept getting Norton has blocked, every day. You hit the x to close the pop up and it bang straight back about four or five times. I looked on Norton forum and others also got this, guru.net and someone said it was in Frankfurt. This week it has now stopped.

    The IP was 185.17.1846.80 and was an Intrusion Attack. There where no answers just well Norton is blocking it.
    i used to have kaspersky and that would often tell me it had blocked helkern. it wasnt so often as to annoy though. i changed back to norton coz kaspersky was expensive this year and norton was cheap. i think i will change back when norton runs out.
This discussion has been closed.
Latest MSE News and Guides

Did you know there's an MSE app?

It's free & available on iOS & Android

MSE App

Regifting: good idea or not?

Add your two cents to the discussion

MSE Forum

Energy Price Guarantee calculator

How much you'll likely pay from April

MSE Tools