• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Attempted intusion block

Every hour I get this notification 

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
12/10/2018 2:23:30 PM,Medium,An intrusion attempt by 195.22.28.222 was blocked.,Blocked,No Action Required,Malicious Site: Malicious Domains Request,No Action Required,No Action Required,"195.22.28.222, 80",sso.anbtr.com/domain/svc.stonewash.co,"ARLENE (10.0.0.8, 50407)",195.22.28.222,"TCP, www-http"
Network traffic from <b>sso.anbtr.com/domain/svc.stonewash.co</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSTEM32\SVCHOST.EXE.  You chose to stop notifications for this type of traffic.  To start notifications again, in the <b>Actions</b> panel, click <b>Notify Me</b>.


I did an online chat with norton and let them control my computer to fix it. They said they did, but I am still getting this.

Replies

Kudos0

Re: Attempted intusion block

https://virustotalcloud.appspot.com/nui/index.html#/url/07d6fcdbbcd073fa0d921cfdbf7f518b7a68f2034c92d4cf97d0bacd722a2e50/detection 

I have no idea how it happened, my entire network in my house got infected by something, and every time I opened a website on ANY of my computers it would constantly be redirecting to phishing links, popping up random ads, and sending me to this website. Meanwhile, Avast Antivirus and Malwarebytes are screaming at me that they blocked malicious links, and Malwarebytes told me that a bunch of odd exe files were trying to escape through open ports (?). I had to reformat every computer, and when that didn't work, I had to reset the router in my house and then all the computers again. The worst malware experience I have ever had.

https://virustotalcloud.appspot.com/nui/index.html#/url/18c227fb652c1740564a6a9fcb963e948663bc9ccb3f0eab5e40a4420b568eb9/community

I did an online chat with norton and let them control my computer to fix it. They said they did, but I am still getting this.

Kudos0

Re: Attempted intusion block

Hello Arlene. The IP address 195.22.28.222 traces to this location in Lisbon, Portugal. The IP address is basically more significant since it suggests as in bjm_ info there are compromised websites passing code through that IP address. If you are not outside the US it suggests to me that you MAY also have a compromised modem/router. Consider doing a factory reset on the router, changing the factory default login name and password. Once logged in have the router / modem check for update to its firmware within its settings.

I would also take your computers OFF your network. Download from one of the computers a fresh copy of Malwarebytes. Install and run full scans on each machine. Doing this will help isolate possible malware and not allow it to propagate on the network.

Something else to consider if all else fails to alleviate the issue. Determine the date that this began to happen on your computer. Open and run system restore, look at the restore points that are present. In the box check "view more restore points". Find one that is JUST prior to the date you have determined your issue began. Restore the computer to that date. MAKE SURE you backup your documents and other important files before doing so.

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.175 / N360 Deluxe 22.17.2.47 / Norton Core v.282 on Android 2.00

This thread is closed from further comment. Please visit the forum to start a new thread.