Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My anti-virus program keeps telling me it's blocking a virus. Help!


  • Please log in to reply
14 replies to this topic

#1 audreybelle

audreybelle

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 21 June 2014 - 02:35 AM

Hi! 

 

First of all, thanks to anyone that helps. I am new here and have no idea how this website works or if I am using the right forum. I was recommended to come here via Norton Community.

 

Basic info is that I have Norton 360 and am using Windows 7. 

 

I don't really use the web too much, same four websites every single day. They're all trustable websites too. I can tell when links are sketchy and I'm always paranoid with the internet. I am not using any new websites and I have not downloaded anything in the past year at least (except for a free malaware program yesterday after getting some recommendations from the Norton Community).  

 

But for the past 4 days my Norton keeps blocking a Trojan (Trojan.Boaxxe Activity 2). When I click my history on norton it says system infected but it says blocked and no action required. But it happens at least twice a day. I've noticed it happens once in the afternoon and at night. The Norton history also says the URL of the attacker and it has been different each time and websites I have never even heard of before.

 

Also the ones that are attempting to attack me today are Trojan.Miuref Activity 2.

 

But where is it coming from? Am I infected?

 

 

This might be a stupid question but can I get a virus from someone using the same network? My nephew and sister were over the other day using the internet on their phones and they click on random links all the time... I've never heard of anyone getting a virus like that but is it possible?

 

Any recommendations what I should do?

 

Thank you so much to whoever helps me.

 

P.S. If I am not supposed to post here, please let me know so I can delete it and post where it is appropriate. Thank you.


Edited by hamluis, 21 June 2014 - 10:01 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:06:23 PM

Posted 21 June 2014 - 03:58 AM

Hello audrybelle:

Please consider this advice for persistant threats: Preparation guide for use before using malware removal tools and requesting help.

HTH :)


All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#3 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 PM

Posted 21 June 2014 - 06:31 AM

I abandoned Norton products in 2009 or 2010.  The reason was that they made changes that caused the possibilities of infections to increase.  One example is that they no longer had real time protection available, and that the users had to MANUALLY SCAN things, AFTER the items(s) were downloaded.  That being said, let me continue on.

Remember, that site "A" (one you use) may link to sites "B", "C", "D", etc and it is that one or more sites that are infected.  When site "A" links to say site "B", they don't know what their site does, or what other sites they link to.  Site "B" for example, might have scripts, that go to other sites.  So this attempted infection from the unknown URL could be 1, 2, 3, 4, etc times removed from site "A", and that's where the attempted infection is coming from.

Your statement of "The Norton history also says the URL of the attacker and it has been different each time and websites I have never even heard of before" bears this out.

As I've said in other posts, I use multiple layers of security, which also includes website blocking.  If I get a warning from Avast or MBAM, I add the site to my firewall, even though they detected it and saved my, well you know.  By adding it to my firewall, it it will never attempt to go there again.  

Adding blocked sites to the firewall level is the best, because the firewall should block any applications trying to get to the sites you added, not just the browser.  However, there is a gotcha.  Some firewalls will allow you to export the configuration out, so you can import the settings later, say after a rebuild, some don't.  For instance, here is my exports:

2014_06_01_1057_firewall_settings.xml
2014_06_06_1044_firewall_settings.xml
2014_06_09_2255_firewall_settings.xml
2014_06_12_1055_firewall_settings.xml
2014_06_13_2304_firewall_settings.xml
2014_06_14_2111_firewall_settings.xml
2014_06_17_2227_firewall_settings.xml
2014_06_19_2311_firewall_settings.xml

So, depending on what the abilities are of the firewall (export/import), if a computer has to be reset, importing of previous settings may not be possible, which means readding in the sites again manually.  Some advanced users have tricks that they can bypass this limitation, but that's beyond this post.

According to the Symantec website ( https://us.norton.com/360 ), Norton 360 has "Intelligent 2-way Firewall prevents strangers from accessing your home network by blocking incoming traffic determined to be unsafe".  You should look to see if Norton 360 has the ability to block sites, and if so, add the listed sites in it.

Keep in mind, that is is possible for reputable, reliable sites can be hacked without the owner's knowledge.  Hackers than can cause redirects, without the owner's knowledge.

Hope this helped.

Best of luck!



#4 Scoop8

Scoop8

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas TX
  • Local time:08:23 PM

Posted 21 June 2014 - 08:39 AM

audreybelle

 

23shh55.jpg to the forum :)

 

I'm a Norton 360 user.  I've been running it simultaneously with MBAM Pro (Malwarebytes Pro/real-time scanner) since Nov 2012 with no issues as yet.

 

Norton is my 3rd AV tool since I began using home 'net PC's in 2004.  It's kept me intrusion-free so far.  I like to evaluate AV performances after about 2 years of continuous usage and look at how it's protected my PC's in that time period.

 

Sorry to hear about your issue.  I'm no malware-removal expert but it sounds like you'll need expert assistance in removing possible intrusions into your system.  There's a section available at this forum where you can post your details and someone will assist you.

 

Regarding Norton, the AV topic is one of the most diverse discussions I've seen during my years of 'net forum reading and researching.

 

I can only say that, so far, N360 has been performing very well on 3 PC's.  It's installed on my Win 7x64 Desktop PC,  my Win 7 x64 Toshiba Laptop, and my Mom's WIn XP Desktop PC.

 



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:23 PM

Posted 21 June 2014 - 09:46 AM

I've read your topic at the Norton website.
 
Please post the log of the Malwarebytes scan.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.


Please run the ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 audreybelle

audreybelle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 21 June 2014 - 06:24 PM

Thanks for all the replies! I appreciate any help that I get.

 

 

This whole thing is so frustrating. It happened again today!

 

 

I checked and yes Norton does have a firewall and it’s on strict levels. I’ve never had a problem with Norton 360 before so I have no idea what’s going on. I don’t even know if I’m infected or not because all the scans I run on Norton and the other two scanners come up clean...  but the fact that I keep getting attacked and Norton keeps blocking it is freaking me out. 

 

 

I started taking note as to when it warns me, and I noticed it happens on a specific website. I’m not sure if I’m allowed to say names so I’m not going to...but again, it’s a reputable site. But like you said it could happen to any site.  

 

Anyway, So I just finished running Malwarebytes again and these are the results following what dc3 told me to do.

It says...

 

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine

 

Malware Exclusions:

===================

Unable to access exclusion information: Error code 20001Web Exclusions:

================

Unable to access exclusion information: Error code 20001Quarantined Items:

===================

Unable to access quarantine information: Error code 20001===============================================================

END OF FILE

 

But I think it’s unable because it hasn’t quarantined anything. Every scan that I have done has come up with nothing, on both Norton and Malawarebytes.

 

 

As for the ESET site. I downloaded and am still running a scan. As you said, it’s taking a while to finish. I will update with results ASAP.

Thanks again everyone!  


Edited by audreybelle, 21 June 2014 - 06:25 PM.


#7 audreybelle

audreybelle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 21 June 2014 - 08:38 PM

Okay so the ESET scan is finished. The first half took forever, over 2 hours, but the second half was really quick. Not sure if that's normal or not haha. But results are....

 

Infected files: 0

Cleaned files: 0

 

So... it looks like Norton is blocking the frequent attacks.....? 



#8 audreybelle

audreybelle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 22 June 2014 - 12:01 AM

update....

 

 

Everything is "running" smoothly. My computer hasn't been slow or anything. Never has been... so it's not like I can tell if there is any difference with that. So I have no idea what is happening.

 

Just checked out  my Norton history and it says "Unauthorized Access Blocked"  over 70 times. I stopped counting. All withing the same two or three minutes just seconds apart. Norton has blocked them all but what the heck is happening!! :(!!!!

 

I am willing to delete everything from my computer just to get rid of this problem. I just want to feel safe on my computer again. Would going back to an older date on my computer be helpful at all? 


Edited by audreybelle, 22 June 2014 - 12:02 AM.


#9 audreybelle

audreybelle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 22 June 2014 - 12:03 AM

Also... in my history... it says that my IP address keeps disappearing and being found again.



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:23 PM

Posted 22 June 2014 - 09:35 AM

Try booting into Safe Mode and run Malwarebytes.

 

Do not use Safe Mode with Networking, you need to be off line when you run the scan.

 

Please copy and then paste the log in your topic.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 audreybelle

audreybelle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 22 June 2014 - 03:14 PM

Hello again,

 

Okay so I just ran Malwarebytes with Safe Mode. Came up with 0 infected files again...

 

Here are the results on the log in the quarantine part... 

 

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
 
Malware Exclusions:
===================
Unable to access exclusion information: Error code 20001Web Exclusions:
================
Unable to access exclusion information: Error code 20001Quarantined Items:
===================
Unable to access quarantine information: Error code 20001===============================================================
END OF FILE
 
Good news though, usually around this time I would get at least one warning from Norton letting me know that it has blocked something.
So far nothing! :)


#12 Quads

Quads

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CHCH New Zealand
  • Local time:02:23 PM

Posted 22 June 2014 - 06:25 PM

Tracked down (I think, but not counting my Chickens).

 

The Intrusion prevention alert appears to be detecting one or more ads from ad servers that are in webpages (sites) that use ads, example  [web address].com/scrstat  Blocked 

 

Quads



#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:23 PM

Posted 23 June 2014 - 09:20 AM

The Trojan.Boaxxe Activity 2 might be removed by AdwCleaner, but the Trojan.Miuref Activity 2 is going to require the guidance of a member of the Malware Removal Team.  For this reason you will need to open another topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum.

 
Before posting your topic there you will need to read and follow the instructions in the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.
 
This forum is always busy, for this reason it may take a couple of days before a member of the Malware Removal Team will be able to get to your topic.  Do not add anything once you have posted your log.  The Malware Removal Team members look for topics which have not been addressed, if you post any additional information it will make it appear that the topic is being addressed.
 
After you have posted your new topic a Moderator will close this topic.  If after cleaning the infection it is determined that you have a software or hardware issue you can contact a Moderator to have your topic reopened. 

Edited by dc3, 23 June 2014 - 09:30 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 Quads

Quads

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CHCH New Zealand
  • Local time:02:23 PM

Posted 23 June 2014 - 02:04 PM

Others have or are having the Intrusion prevention alert from different sites or forums  that have ads that load, then Norton continually blocks the ad or more than one ad continuously, while the browser has the webpage loaded. 

 

They all have com/scrstat   on the end of the website detection,  for Google Chrome  Try the Adblock addon / extension  to see if they stops the ads loading on webpages thus should mean Norton has no ads to detect and alert.

 

"Unauthorised Access Blocked" in the Norton History is OK that is just Norton logging Anti-Tamper Protection actions.

 

Quads



#15 audreybelle

audreybelle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 23 June 2014 - 02:40 PM

Hi everyone,

 

Just wanted to say a quick thank you to everyone that has helped me and an update.

 

I have stopped getting alerts since yesterday!  :grinner:

 

Thanks! Hope you all have a wonderful day.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users