Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Norton displays Intrusion attempt blocked

  • Please log in to reply
1 reply to this topic

#1 Not_Me_Again


  • Members
  • 8 posts
  • Gender:Male
  • Local time:01:14 PM

Posted 07 January 2013 - 11:53 PM

For the past few days someone has been attempting to get into my computer. Everyday I get several alerts from Norton which reads "An intrusion attempt by ( or ( was blocked.".

The details all have one thing in common "The attack was resulted from \DEVICE\HARDDISKVOLUME1\WINDOWS\EXPLORER.EXE". Each attempt always has a different web address but is from either of the two IP addresses above. I've done full system scans with no success in finding them.

I've looked around and believe its a Trojan.Gatak disguised as explorer.exe. The original file is located at C:\Windows\Explorer.Exe so I ran a search for it and found 3 of them.

The first is located exactly where it should be and was created 8/9/04 and last modified 4/13/08.

The second is located at C:\Windows\$NtServicePackUninstall$ and is in blue and was created 12/13/12 and was last modified 8/9/04( I suspect this file may be what I'm looking for). and no, i did not mix up the created and modified dates, that is exactly what it says.

The third is located at C:\WINDOWS\ServicePackFiles\i386 and was created and modified 4/13/08. (How many explorer.exe files should I have? Just one?)

I would Like confirmation before I start deleting files that may be crucial to Windows.

Norton 360 v6.4.09

Microsoft Windows XP
Media Center Edition
Version 2002
Service Pack 3

Hewlett-Packard Company
HP Pavilion
Intel ®Core™2 CPU
6300 @ 1.86GHz
1.87 GHz, 1.99 GB of RAM
Physical Address Extension

Edited by Not_Me_Again, 08 January 2013 - 11:49 AM.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,538 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:01:14 PM

Posted 08 January 2013 - 08:23 PM

Hello ,I would suspect it is Gatak.This is a backdoorinfection and we eed to know if it got in.

You need to repost.
I think we should get a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users