Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected after download - now having intrusions and unused port blocking etc


  • Please log in to reply
No replies to this topic

#1 Albin

Albin

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 07 May 2011 - 01:15 PM

Hey guys, I posted this in the Norton antivirus forum but was redirected here so hopefully I can get some help.

I downloaded a game and installed this, started setup but not much happend.. so I think Norton might have blocked the whole process. Norton says that the file contained "Download insight" so I deleted the file that I downloaded but now I get a lot of Unused port blocking alerts. Since this I can't use Google chrome anylonger so i'm on Internet Explorer now.. Norton seems to block that too, has it something to do with the port blockings to do and so on?



"Category: Firewall - Activities
Date & Time,Risk,Activity,Status,Recommended Action,Category
2011-05-07 19:11,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 114.77.238.36, local service Port (13939) .",Detected,No Action Required,Firewall - Activities
2011-05-07 19:11,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 68.193.135.117, local service Port (13939) .",Detected,No Action Required,Firewall - Activities
2011-05-07 19:11,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 114.77.238.36, local service Port (13939) .",Detected,No Action Required,Firewall - Activities
2011-05-07 19:09,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 114.77.238.36, local service Port (13939) .",Detected,No Action Required,Firewall - Activities
2011-05-07 19:09,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 114.77.238.36, local service Port (13939) .",Detected,No Action Required,Firewall - Activities
2011-05-07 19:04,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 81.167.143.112, local service Port (13939) .",Detected,No Action Required,Firewall - Activities"



I also get a few intrusions..

"Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,Risk Name,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description,Category
2011-05-07 19:06,High,An intrusion attempt by javanalitik-s.com was blocked.,Blocked,No Action Required,System Infected: Tidserv Activity,"javanalitik-s.com (91.200.240.31, 80)","javanalitik-s.com/xzu0teRx7k3MPUS5dmVyPTMuOTYmYmlkPW5vbmFtZSZhaWQ9MzAyMjcmc2lkPTAmcmQ9MCZlbmc9d3d3Lmdvb2dsZS5zZSZxPU5vcnRvbitibG9ja2luZytjaHJvbWUrdW51c2VkK3BvcnQrYmxvY2tpbmc=08h","ALBIN-DATOR2 (192.168.1.66, 49290)",91.200.240.31 (91.200.240.31),"TCP, www-http",
2011-05-07 19:06,High,An intrusion attempt by javana1itik-z.com was blocked.,Blocked,No Action Required,System Infected: Tidserv Activity,"javana1itik-z.com (91.200.240.30, 80)","approovall-serch.com/xzu0teRx7k3MPUS5dmVyPTMuOTYmYmlkPW5vbmFtZSZhaWQ9MzAyMjcmc2lkPTAmcmQ9MCZlbmc9d3d3Lmdvb2dsZS5zZSZxPU5vcnRvbitibG9ja2luZytjaHJvbWUrdW51c2VkK3BvcnQrYmxvY2tpbmc=08h","ALBIN-DATOR2 (192.168.1.66, 49286)",91.200.240.30 (91.200.240.30),"TCP, www-http",
2011-05-07 19:05,High,An intrusion attempt by cybersearch-0.com was blocked.,Blocked,No Action Required,System Infected: Tidserv Activity 2,"cybersearch-0.com (194.247.183.67, 443)",,"ALBIN-DATOR2 (192.168.1.66, 49268)",194.247.183.67 (194.247.183.67),"TCP, https",
2011-05-07 19:03,Info,Intrusion Prevention has been enabled,Detected,No Action Required,,,,,,,Intrusion Prevention
2011-05-07 19:03,Info,Intrusion Prevention is monitoring 1595 signatures. Driver version: 9.8.1.9,Detected,No Action Required,,,,,,,Intrusion Prevention
2011-05-07 19:03,Info,Intrusion Prevention Engine version: 4.8.0.20 Definitions Set version: 20110506.001,Detected,No Action Required,,,,,,,Intrusion Prevention"



Hopefully I can get help with this, thats my main concern!



Though another problem that I have is about a program that I can't uninstall.. Norton has blocked it and I believe that it is uninstalled, though still in controlpanel and can't take it away. It's called "Contexual Tool Yourprofitclub" everytime I try to uninstall the file this comes up..



"Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
2011-05-07 18:11,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011-05-06 15:22,High,au_.exe (Suspicious.Cloud.2) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\users\albin\appdata\local\temp\~nsu.tmp\au_.exe
2011-05-06 15:22,High,zu_.exe (Suspicious.Cloud.2) detected by Auto-Protect,Blocked,Resolved - No Action Required,
2011-05-06 15:22,High,yu_.exe (Suspicious.Cloud.2) detected by Auto-Protect,Blocked,Resolved - No Action Required,
2011-05-06 15:22,High,xu_.exe (Suspicious.Cloud.2) detected by Auto-Protect,Blocked,Resolved - No Action Required,
2011-05-06 15:22,High,wu_.exe (Suspicious.Cloud.2) detected by Auto-Protect,Blocked,Resolved - No Action Required,
2011-05-06 15:22,High,vu_.exe (Suspicious.Cloud.2) detected by Auto-Protect,Blocked,Resolved - No Action Required,
2011-05-06 15:22,High,uu_.exe (Suspicious.Cloud.2) detected by Auto-Protect,Blocked,Resolved - No Action Required,
2011-05-06 15:22,High,tu_.exe (Suspicious.Cloud.2) detected by Auto-Protect,Blocked,Resolved - No Action Required,"



And many more of those.. it doesn't do anything but I still want to delete it.



Thanks for any help I can get!



Albin

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users