norton constantly telling me it has blocked an attack

AndyPix

The cryptolocker virus doesn't "attack" your computer from outside, trying to get in.


It gets in by you clicking on a suspect email attachment and then giving an executable (com, js or others) to run. (other attack vectors are available)


The behaviour that Norton is exhibiting there, is because you have a cryptolocker variant running on your machine, and it is trying to contact a c&c server to gain its private encryption key so it can start encrypting your files ..


Whatever virus scan you did - it was insufficient

AndyPix

The IP address tracks to here ...





Could this be your own IP address ?

hans_2

or here

donnac2558

I know last week around the same time each day I kept getting Norton has blocked, every day. You hit the x to close the pop up and it bang straight back about four or five times. I looked on Norton forum and others also got this, guru.net and someone said it was in Frankfurt. This week it has now stopped.

The IP was 185.17.1846.80 and was an Intrusion Attack. There where no answers just well Norton is blocking it.

donnajunkie

Oblivion wrote: »

Does your router have a section where you can list and block that attacking computer's IP address?

i dont know. i am not clued up on that sort of thing and wouldnt know where to start.

donnajunkie

debitcardmayhem wrote: »

Are you with Virgin ? , check that your routers ip address is not 62.252.172.241

my ip address is different.

donnajunkie

AndyPix wrote: »

The cryptolocker virus doesn't "attack" your computer from outside, trying to get in.


It gets in by you clicking on a suspect email attachment and then giving an executable (com, js or others) to run. (other attack vectors are available)


The behaviour that Norton is exhibiting there, is because you have a cryptolocker variant running on your machine, and it is trying to contact a c&c server to gain its private encryption key so it can start encrypting your files ..


Whatever virus scan you did - it was insufficient

i havent clicked on any email attachment for a long time. suspect or not.
when i ran hijack this there wasnt any sign of it running on the system.
the scans i did where a full scan with malwarebytes, a full scan with norton, and all the varied scan options with norton power eraser.

donnajunkie

AndyPix wrote: »

The IP address tracks to here ...





Could this be your own IP address ?

no, i am knowhere near there. norton gives the destination its trying to attack ie my ip address and it is different.

donnajunkie

the stop notifying me button must be slow to react because a while after i posted about the issue here it eventually stopped notifying me.

donnajunkie

donnac2558 wrote: »

I know last week around the same time each day I kept getting Norton has blocked, every day. You hit the x to close the pop up and it bang straight back about four or five times. I looked on Norton forum and others also got this, guru.net and someone said it was in Frankfurt. This week it has now stopped.

The IP was 185.17.1846.80 and was an Intrusion Attack. There where no answers just well Norton is blocking it.

i used to have kaspersky and that would often tell me it had blocked helkern. it wasnt so often as to annoy though. i changed back to norton coz kaspersky was expensive this year and norton was cheap. i think i will change back when norton runs out.