Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NORTON POP-UP


  • Please log in to reply
18 replies to this topic

#1 ARCADE321

ARCADE321

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 23 April 2015 - 05:12 AM

A Norton pop-up appeared yesterday informing that they had blocked an attack. Normally you click on the pop-up and it disappears but this time it disappears then appears again. This has been going on since

 

yesterday. I thought by turning the computer off overnight it would solve the problem but five minutes after turning on it reappeared. The computer seems to be running ok but because the pop-up is in the bottom right-hand corner it's impossible to scroll down. Any ideas? 

 

Nick67


Edited by hamluis, 23 April 2015 - 06:31 AM.
Moved from Win 7 to AV/AM Software - Hamluis.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:37 AM

Posted 23 April 2015 - 06:38 AM

:welcome: to Bleeping Computer.

Norton Malicious Website Blocking designed to block incoming connections (communications) it determines to be malicious and you did not request from entering your computer. it determines to be malicious. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for for vulnerable ports (commonly probed ports) and make repeated attempts to access them.

Norton is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 23 April 2015 - 07:16 AM

Hi ARCADE321 :)

If you want, you could give us the information on the pop-up that appears (the detection) and we could try to see what exactly is causing it.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:37 AM

Posted 23 April 2015 - 07:28 AM

If the pop-up is continuous...then further investigation may be needed. If that is the case, you should start a new topic in the Am I infected? What do I do? forum

OR follow the instructions provided in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

If you choose to post a log...after doing that, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 ARCADE321

ARCADE321
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 23 April 2015 - 02:22 PM

Hi Quietman7

 

As you suggested I followed instructions in the Malware Removal and Log Section Preparation Guide. But starting at Step 6 Norton advised not to continue because it was dangerous

 

ARCADE321



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 23 April 2015 - 02:31 PM

Norton is blocking FRST as a "false positive" detection. The tool is perfectly legitimate and safe to run. The issue is on Symantec's side because they give it a low rating with their "Reputation" system (WS.Reputation.1). Temporarily disable Norton, download FRST then run it on your system like instructed. Once you have the log, you can re-enable Norton and let it delete FRST. Or even better, add an exception (whitelist) the FRST executable and process.


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:37 AM

Posted 23 April 2015 - 03:38 PM

Certain embedded files that are part of legitimate programs and specialized fix tools (like FRST), may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" and can be ignored.

Most of the well known specialized tools we use as malware fighters are written by known experts at various security forums like Bleeping Computer, TechSupport, GeeksToGo, SypwareInfo and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools are repeatedly falsely detected by various anti-virus programs from time to time.

The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with the tools themselves. We can inform the developers but they have encountered this issue many times before and in most cases there isn't much they can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 ARCADE321

ARCADE321
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 30 April 2015 - 07:42 AM

Hi QUIETMAN7

 

Thanks for your help regarding my permanent Norton pop-up. Problem solved. But I have another problem. When I switch the computer on I have the following warning

 

Reg Svr 32

 

The module

 

C: Program Data\zezmewzuko\rilepsavpe.kog failed to load

 

Make sure the binary is stored at the specified path or debug it to

 

check for problems with the binary or dependent DDD fIles

 

This warning only arrears on my side of the computer. My wife, who is the administrator, does not receive the warning.

 

Arcade321



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:37 AM

Posted 30 April 2015 - 08:02 AM

It is not uncommon to encounter such errors when booting into Windows after a related file that was set to run at startup or as a scheduled task in the registry has been deleted. Windows is trying to load this file but cannot locate it since the file may have been removed inadvertently, during the uninstallation of a program or after performing a scan with security tools. However, an associated orphaned registry entry (remnant) still exists and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

Since there is no information available for rilepsavpe.kog...it most likely was related to malware.

You can start a new topic in the Am I infected? What do I do? forum for assistance with this issue by one of our 1st Responders.

OR follow the instructions provided in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

If you choose to post a log...after doing that, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 01 May 2015 - 07:08 AM

Just so you know quietman, ARCADE posted a new thread about his issue that was moved in AII.

http://www.bleepingcomputer.com/forums/t/574882/reg-svr-32/#entry3694887

I don't know if you want to close this thread or leave it open.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:37 AM

Posted 01 May 2015 - 04:19 PM

Just so you know quietman, ARCADE posted a new thread about his issue that was moved in AII.

http://www.bleepingcomputer.com/forums/t/574882/reg-svr-32/#entry3694887

I don't know if you want to close this thread or leave it open.

Ok but since the new topic is in AII we will not be closing it.

However, ARCADE321 since you are receiving assistance from Alexstrasza, to avoid confusion, please continue in that topic only.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Chaillo

Chaillo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:37 AM

Posted 12 May 2015 - 04:12 AM

Just meant as an information:

Arcade321 is cross-posting on same topic in Microsoft Community. See: https://answers.microsoft.com/en-us/windows/forum/windows_7-system/regsvr-32-warning-on-windows-64bit-computer/b82d22f9-355b-4d25-864b-877c05f7c53f



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:37 AM

Posted 12 May 2015 - 04:29 AM

He hasn't returned after I replied, so I guess his topic here is stale.

#14 Chaillo

Chaillo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:37 AM

Posted 12 May 2015 - 04:35 AM

Yeah, well, perhaps he'll now also abandon his thread in MC...



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:37 AM

Posted 12 May 2015 - 04:56 AM

According to his comments at Microsoft, he resolved the Norton pop-up issued reported here.
 

 

I should add I had an earlier problem, a permanent Norton pop-up, I solved by disabling Norton and running malwarebytes


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users