• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

WANNACRY

Are we(NORTON CUSTOMERS) safe from WANNACRY ?  I Have and Do go to sites where I get hit with BS Ransomware and my Norton is Not catching it. What I have to do is pull battery, then when I go back into Win10Edge, I start closing windows 'X' as fast as I can before it reloads. If I'm not fast enough, I get LOUD warning saying my C Card and Passwords are being stolen and I MUST call some BS # and pay. Then I'm LOCKED until I pull battery and restart computer. THEN, BE ready to 'X' out of any box/window before it opens.  So, I am vulnerable to some low-grade ransom ware now. I'm a loyal customer.

   SINCERELY, WARD FREED

Replies

Kudos0

Re: WANNACRY

Wow, I am not aware how one gets Ramson ware. I thought it was through email. I will pay better attention to sites I visit.

Kudos0

Re: WANNACRY

Screenshots of infection, please

Kudos0

Re: WANNACRY

Like I'm gona get re-infected to provide a screenshot of a rasomware attack. Never know when or where it will hit and I don't want to change my surfing routine bc I'm scared of a low grade ransomeware attack. I do external backup every couple days now. I'm still a loyal Norton customer and Norton saved me, I think, But I have been hit 3 times.

Kudos1 Stats

Re: WANNACRY

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: WANNACRY

If your machine was infected with ransomware to the point you were able to view the screen with number and payment, your files would be encrypted. I think what you are describing is scareware, which may or may not be physically in the machine. I would start by listing what extensions you have in your browser here, so that they can be vetted. Also any new applications recently added to the system since you started seeing these, as to determine "potentially unwanted programs" that may also be installed. With the reputation system, an actual ransomware should be flagged and stopped.
Kudos0

Re: WANNACRY

But I have been hit 3 times.

idle talk without evidence

Kudos0

Re: WANNACRY

WARD FREED You CAN pull up a screen shot of your detection list within your Norton dashboard. That would seriously be helpful with vetting what your issue is and possibly why you are seeing it. Below is an example from Security History. Select Full History from the "Show" menu on the left. Thanks.

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos0

Re: WANNACRY

Thanks SoulAsylum, I was able to find this on my Norton Security, Security, History. I was not able to copy my screen shot like you did. I do not know why, I am working on that (learning)(Win10, Alt+PrintScreen). But I noticed all the activities, nice. It gives me four pages of events to look at, last couple of days. on the Severity one can see the colors for issues. Most of mine are blue (Good, clean). But I did have some Orange (Medium). Status = Blocked. activity = unauthorized access blocked (Access Process Data). 

Any idea what that is about? Just before the blocked was Activity of Firewall rules updated, then next activity was Statistical Submission Setup.exe, then after that, ten seconds later, I got the blocked, Just two blocked events, Twenty five minutes later I get Activity of LiveUpdate Session Complete. So maybe the blocked was nothing. Just junk. 

But thanks for pointing out this Security History. I will be checking it on occasion to see whats going on.

I am still not sure about ransomware. How do I avoid it. I have to be very careful of websites I visit, I guess. I am trying to modernize myself on how to keep safe. 

Kudos0

Re: WANNACRY

Ward & Robert You can use the built in "snipping tool" in windows to get a screenshot.

https://support.microsoft.com/en-us/help/13776/windows-use-snipping-tool-to-capture-screenshots

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos0

Re: WANNACRY

Hey, thanks SoulAsylum, I am using snipping tool. I saved my snip to a file. then I used the Image Icon (Green Picture looking Icon). I found the procedure on Norton Forum for 'How to post an image in the new forums.' That explained how to post. So I needed Snipping tool to save a file then follow the forum procedure. 

I hope this works, they said they (Norton) has to look at the post to make sure it is ok to post. They said it might be a small delay. 

Once you get the post you will see the orange activities. I am not sure what they are. I do not think they are anything serious. 

Kudos0

Re: WANNACRY

WARD FREED you can use Virus Total and have them assist in certifying your system clean. Follow their instructions and stick with it until you have peace of mind about what you are seeing. Cheers!


http://www.virustotal.com/index.html

Robert, click one of the setup.exe entries then look over to the lower right where it says "more options" and open it. Three tabs should appear. See if the tab named "origin" will give you any details.  Post a screenshot if details are there. Thanks. If nothing appears out of normal run a full system scan. If nothing found you should be ok.

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos0

Re: WANNACRY

OK I did that SoulAsylum. Here is what I have.

Kudos0

Re: WANNACRY

Robert all appearances are that you are good to go if your full scan didn't show anything. I get those nsbu info alerts frequently, they're not anything to become worried about. Norton is doing its job for you as advertised.

Concerning ransomware. I have included our "best practices" link for your reference.

https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware

One thing to watch closely is being alerted to a threat in your lower right system tray. I get those from time to time when visiting certain sites, even Face Book at times. Hope we answered your questions adequately. Cheers.

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos0

Re: WANNACRY

Thanks for that link on 'Concerning ransomware'. I have read that before and I read some of it again. It starts out ok, then gets a little deep. I am not familiar with all the terminology they are talking about. They do not explain it or give reference to go to look it up, they just assume you know it. 

Now they did talk about 'Symantec Endpoint Protection (SEP)'. It stated to make sure you have SPE 14. It states "SEP customers are advised to migrate to SEP 14 to take advantage of the proactive protection provided by Advanced Machine Learning signatures." Are they talking about us home owners? If so how do we know we have that SPE?

On a different subject. That link to 'virustotal.com' I went there and read some of their material, very impressive. I believe I am going to apply for their news letter, join. I know someone who works for the school system in my area. They got an email with an attachment that they thought was questionable. The email looked legit, but had a different way in how it was addressed, who it came from. I do not know the detail, just they thought it was different. So they asked the department if it was a real email. The person who supposedly sent it said No, they did not send an email like that, they think, not really sure, lots of emails. The IT department said, well just everyone be careful and just delete the email. If it is important we will send another one, email. IT just is under staffed and not all that technical, school system, under budget. Head of IT might be one of the teachers. 

With 'Virustotal,com' one can save an email like that, send it to VirusTotal and they will check it out for you and let you know if it was a real malware email, nice. So I will be checking into this and possibly using that VirusTotal in the future. Thanks for the info on VirusTotal. 

Kudos0

Re: WANNACRY

'Symantec Endpoint Protection (SEP)' is more so for Corporate use but I have at one point ran it on a tower server I was using to host gaming services. Best practices are keeping your systems updated with your OS firstly. Antiviral solutions secondarily and lastly any other software you have installed. The biggest of which are Adobe products such as Adobe Reader, Adobe Flash player (auto updated through windows updates on windows 10) and Oracle JAVA. These have constant exploits which are being patched. Lastly are surfing habits and your browser settings. Just stay vigilant with these and you should remain generally safe, keeping in mind no antiviral solution is ever 100% fool proof. Virustotal is a great resource as well. Cheers.

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00

This thread is closed from further comment. Please visit the forum to start a new thread.