Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft SMB MS17-010 Disclosure Attempt


  • Please log in to reply
10 replies to this topic

#1 clown_shoes

clown_shoes

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 28 May 2018 - 12:43 PM

Hi folks. I have a new PC and it comes with Norton pre-installed. I prefer other security software so am downloading Avast! free version to use.

I am not sure whether it was from Avast! but at one point, Norton alerted me that (which I have managed to find out from remembering and Googling what I could about the message, it wasn't up long) the above attempt had been made.  What is it and should I worry, whatever it is? 



BC AdBot (Login to Remove)

 


#2 clown_shoes

clown_shoes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 28 May 2018 - 12:55 PM

I have just run adware cleaner, here is what it found:

 

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-05-22.1
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-28-2018
# Duration: 00:00:46
# OS:       Windows 10 Home
# Scanned:  40907
# Detected: 22
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
Adware.pokki                    C:\Users\defaultuser0\AppData\Local\Host App Service
Adware.pokki                    C:\Users\Laptop\AppData\Local\Host App Service
Adware.pokki                    C:\Users\Public\Desktop\..\App Explorer
 
***** [ Files ] *****
 
PUP.Optional.Legacy             C:\Users\Public\Desktop\eBay.lnk
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
PUP.Optional.Legacy             C:\Windows\System32\Tasks\App Explorer
 
***** [ Registry ] *****
 
Adware.pokki                    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki                    HKU\S-1-5-21-1006870264-113639106-1993338257-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki                    HKCU\Software\Host App Service
Adware.pokki                    HKU\S-1-5-21-1006870264-113639106-1993338257-1000\Software\Host App Service
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\AppID\OverlayIcon.DLL
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{966231A1-9884-4742-AA50-7F879D85C5A3} 
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
PUP.Optional.Legacy             Ask Jeeves
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


#3 clown_shoes

clown_shoes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 28 May 2018 - 01:17 PM

Crikey, now Norton has just blocked all of the following:

 

1. Web Attack: CCTV-dvr-RemoteCode Execution 2
 

2. Web Attack: Wif-Fi Cam Authetntication Bypass

 

3. Web Attack D-Link Router Information Disclosure
 

4. Web Attack: Allegro Rompager CVE-2014-9222

 

5. Web Attack ZyNos Information Disclosure
 

6. Web Attack: Password File Download Attempt

 

7. OS Attack GNU Bash CVE-2014-6271
 

What's happening???? I am now panicking.



#4 clown_shoes

clown_shoes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 28 May 2018 - 01:18 PM

I shall now hold-off doing anything else until told to by a knowledgable person here, apart from a Norton scan which I am just running.


Edited by clown_shoes, 28 May 2018 - 01:20 PM.


#5 clown_shoes

clown_shoes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 28 May 2018 - 03:21 PM

Norton scan didn't find anything. 



#6 buddy215

buddy215

  • Moderator
  • 13,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:20 AM

Posted 28 May 2018 - 04:00 PM

Suggest you uninstall Norton if you intend to use Avast. Download Norton Removal Tool

 

Avast will install adware along with its Free version. That can be removed using both Malwarebytes and AdwCleaner

along with checking your browser(s) add-ons/ extensions.

 

Rerun AdwCleaner and be sure to click on Clean when the scan finishes.

 

Clean up the computer using CCleaner.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 clown_shoes

clown_shoes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 29 May 2018 - 04:16 AM

Done. Adware Cleaner found 1 PUP, CCleaner has done its clearup and malwarebytes found nothing.



#8 buddy215

buddy215

  • Moderator
  • 13,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:20 AM

Posted 29 May 2018 - 05:01 AM

If the computer is updated to the latest of Windows 10 and you successfully removed Norton..... then you are good to go.

 

EDIT: Recently, security firms and the FBI have asked all users to turn the power off to the router, wait a minute and then

turn the power back on.

 

Further, be sure to secure your router. Change default password for the router, check to be sure router's firewall is active,

update the router's firmware and disable remote access to the router.

 

FBI Takes Control of APT28's VPNFilter Botnet

 

How to secure your router and home network | PCWorld


Edited by buddy215, 29 May 2018 - 05:45 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 clown_shoes

clown_shoes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 29 May 2018 - 08:25 AM

Thanks, Buddy, for your help here!!

 

I guess the Norton alerts were 'false positives', or something, from the adware installed with 'Avast!'?

 



#10 buddy215

buddy215

  • Moderator
  • 13,410 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:20 AM

Posted 29 May 2018 - 09:07 AM

Yes...something like that.

 

You're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 clown_shoes

clown_shoes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 29 May 2018 - 10:38 AM

Thank you!! 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users