Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sudden Multiple Daily Attacks


  • Please log in to reply
2 replies to this topic

#1 Gaiamuse

Gaiamuse

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 08 July 2010 - 09:30 PM

Hello BC people....

Suddenly, Norton is going crazy stopping attacks from several intruders. It's listing what it's blocking...but what has happened here? Has the computer gotten on a list of vulnerable computers? I've just never seen this happen before. Of course, what Norton is blocking is listed and Norton announces it's blocked it. But I have no idea if anything has gotten through.

Here are the different attackers from July 6th listed in the log: I'm not including all attacks just the different attackers. And I'm not listing the "medium" and "low" risk ones. Just the high. They seem to attack every few minutes. I need to know what to do, but I'm also really interested -- how does this happen? Have they "found" the computer and spread the word? Before this started everything was pretty quiet... And is it likely that something is getting through and Norton isn't catching it? Should I run something to check to see if something is infected?

Even if everything is okay -- is there anyway to get rid of the attackers?

By way of symptoms: Only two strange things have happened lately -- an FB password was hacked -- and I sometimes get that weird "Generic Host Process for Win 32 has encountered a problem and needs to shut down." The computer will freeze and I'll have to reboot.

Thanks for any help you can give.

Niki

-------------------



7/6/2010 3:57 PM,High,An intrusion attempt by a76956922.cn was blocked.,Blocked,No Action Required,HTTP Tidserv Request,"a76956922.cn (213.163.89.107,

7/6/2010 3:57 PM,High,An intrusion attempt by zl091kha644.com was blocked.,Blocked,No Action Required,HTTP Tidserv Request,"zl091kha644.com (213.163.89.106,

7/6/2010 3:08 PM,High,An intrusion attempt by 61.61.20.132 was blocked.,Blocked,No Action Required,HTTPS Tidserv Request 2,"61.61.20.132, 443",,"CHS (192.168.1.46, 2379)",61.61.20.132,"TCP, https",

7/6/2010 3:07 PM,High,An intrusion attempt by 34jh7alm94.asia was blocked.,Blocked,No Action Required,HTTPS Tidserv Request

7/6/2010 2:08 PM,High,An intrusion attempt by 91.212.226.7 was blocked.,Blocked,No Action Required,HTTPS Tidserv Request 2,"91.212.226.7, 443",,"CHS (192.168.1.46, 2188)",91.212.226.7,"TCP, https",

7/6/2010 1:08 PM,High,An intrusion attempt by 1iii1i11i1ii.com was blocked.,Blocked,No Action Required,HTTPS Tidserv Request 2,"1iii1i11i1ii.com (91.212.226.6, 443)",,"CHS (192.168.1.46, 1806)",91.212.226.6 (91.212.226.6),"TCP, https",

Edited by Gaiamuse, 08 July 2010 - 09:31 PM.


BC AdBot (Login to Remove)

 


#2 EnderWiggin

EnderWiggin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 12 July 2010 - 01:03 PM

Hopefully someone else more qualified will respond to this but I also had the same exact issue this weekend, after a little research here and at few other forums, I discovered that in my case I was infected with a rootkit (Backdoor.Tidserv). The suggestion in another thread here pointed me to the scan tool ComboFix which detected the rootkit and fixed it, and then suddenly Norton Internet Security reported that it detected the same rootkit even though it had only blocked the intrusion attempts until then. Regardless of the fix by ComboFix I choose to low level format the entire hard drive (including a hidden partition which probably contained the rootkit) and re-install Windows.

#3 Blathnat

Blathnat

  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:11:55 AM

Posted 12 July 2010 - 01:17 PM

Norton is blocking the rootkit from accessing the internet. You will need assistance from the Malware Removal Team.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users