Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton displays Intrusion attempt blocked


  • Please log in to reply
1 reply to this topic

#1 Not_Me_Again

Not_Me_Again

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 07 January 2013 - 11:53 PM

For the past few days someone has been attempting to get into my computer. Everyday I get several alerts from Norton which reads "An intrusion attempt by (91.207.8.198) or (37.139.52.92) was blocked.".

The details all have one thing in common "The attack was resulted from \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE". Each attempt always has a different web address but is from either of the two IP addresses above. I've done full system scans with no success in finding them.

I've looked around and believe its a Trojan.Gatak disguised as explorer.exe. The original file is located at C:\Windows\Explorer.Exe so I ran a search for it and found 3 of them.

The first is located exactly where it should be and was created 8/9/04 and last modified 4/13/08.

The second is located at C:\Windows\$NtServicePackUninstall$ and is in blue and was created 12/13/12 and was last modified 8/9/04( I suspect this file may be what I'm looking for). and no, i did not mix up the created and modified dates, that is exactly what it says.

The third is located at C:\WINDOWS\ServicePackFiles\i386 and was created and modified 4/13/08. (How many explorer.exe files should I have? Just one?)

I would Like confirmation before I start deleting files that may be crucial to Windows.

Norton 360 v6.4.09

Microsoft Windows XP
Media Center Edition
Version 2002
Service Pack 3

Hewlett-Packard Company
HP Pavilion
Intel ®Core™2 CPU
6300 @ 1.86GHz
1.87 GHz, 1.99 GB of RAM
Physical Address Extension

Edited by Not_Me_Again, 08 January 2013 - 11:49 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:19 AM

Posted 08 January 2013 - 08:23 PM

Hello ,I would suspect it is Gatak.This is a backdoorinfection and we eed to know if it got in.

You need to repost.
I think we should get a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users