something is continually making "intrusion attempts" on my laptop ~solved~

[SteveJenkins]

now I know Norton is usually trash but this seems very unusual

what do, it keeps notifying me and its annoying as forget

some other bits of information that Norton gave, if anyone cares to explain whats happening here

[Ad Bot]

[Camel]

did you accept any gifts from troy?

[Demian]

Do a full virus scan of your computer. Oh and remove any programs called "Search Protect".

[Cloudworxz]

the attacker url is owned by conduit, a malware vendor known for their adware and spyware which is hard to remove

also searchprotect has many variants, one of which is a backdoor. if you're infected with that variant, it would explain the repeated intrusion attempts

did you download and run anything from a shady website (or cnet)? can you run a scan with malwarebytes and post the results?

don't use the searchprotect uninstaller as it's a browser hijacker that replaces the homepage on ie, chrome, firefox and opera with conduit or delta search, depending on the malware variant

[Remurr]

I recommend AdwCleaner OP, we used it back in IT to clean up SearchProtect

[SteveJenkins]

Ran Malwarebytes and its already detected a few of them and the scan is just starting so that's great, but I'm still getting the intrusion attempts so I assume that variant isn't off.
Is it alright to delete them while it goes or will they just duplicate?

shadiest thing ive downloaded in the past month was CheatEngine, so it probably came from there

[Siren]

There are people that really just deserve to be stabbed aren't there

[McJob]

"PUP" stands for "Potentially Unwanted Program". These are programs notable for dodgy behaviour and don't really benefit your system.

PUPs usually arrive by-way of installers. If you run an installer from the Internet, you need to slow down and read carefully what's happening; most installers will install additional spam software unless you decline these stuffty offers (and this is sometimes made difficult as they try to obscure the button required to disable it).

Intrusion Attempts are interesting. It's not always, but they're usually caused by Drive-by-downloads. What kinds of websites have you been to recently? It's entirely possible that some of this PUP software you've got is now attempting to communicate with an online server and is freaking Norton out, but it could be a separate thing entirely.

If you have Windows 10 (and probably earlier), you should open your Resource Monitor (open the Task Manager, go to the Performance tab, click Open Resource Manager) and then open the Network section at the bottom. It will show you a quick view of every program that is using your network. Wait until the next intrusion attempt happens, and at that moment see which programs are communicating. Check if your browsing is communicating more than it usually does, and also check for odd programs you don't recognise. It should give a clue as to what's going on.

[Cloudworxz]

I'm still getting the intrusion attempts so I assume that variant isn't off.

some adware drops files into other folders upon its first run, usually so it can reinstall itself after removal
still, malwarebytes should detect and remove them after you let it run a full scan

shadiest thing ive downloaded in the past month was CheatEngine, so it probably came from there

that's likely

this too

[SteveJenkins]

@mcjob

network keeps spiking


I assume that's intrusion attempts because \/ and I'm not using any other network related software except Steam

It's entirely possible that some of this PUP software you've got is now attempting to communicate with an online server

some adware drops files into other folders upon its first run, usually so it can reinstall itself after removal
still, malwarebytes should detect and remove them after you let it run a full scan

Malwarebytes is nearly done, although ive been removing them mid-scan so I may have to rescan just to be safe

[SteveJenkins]

doublepost because it looks consistent and this is a slightly different matter to what was in my previous post



well it wasn't difficult to find these

what if i just end the task and delete the file?

[McJob]

what if i just end the task and delete the file?

Was writing a response and you got in before I could.

If you can do that, absolutely do it immediately. The program might have tried to embedded itself so that it continually reopens when closed, but it's good to try. Instead of using "End Process", try using "End Process Tree". It's a little more risky but it might shut down any other services that it's using that you don't want running.

My original post was this:

@mcjob

network keeps spiking

It's consistent enough to be worrying. Once the scan finishes, reboot your computer and check the values again.

If you're still getting intrusion warnings and/or your connection is still constantly being utilised without any programs and you don't have Resource Monitor, try the following:

1. Type in "cmd" into the search bar in the Start Menu and hold shift when you press on "Command Prompt" to gain Administrator access (or right click and press "Run as Administrator...").
2. Type in the following command without quotes: "netstat  -b"

Look at the executable names and look for anything specifically you don't recognise. You want to also check anything that matches the IP address that Norton specified inside the "Foreign Address" column, and you want to find entries that are "ESTABLISHED".

Hopefully MalwareBytes resolves it, however.

[SteveJenkins]

Did a restart and it seems like its gone now. Both antiviruses are quiet, searchprotect isn't in task manager and my network isn't spiking

Thanks for the help, ill leave the thread unlocked just in case, but I'll lock if it unnecessarily gets bumped

[Trogtor]

yeah this is that dumb type of software that you usually get from installing stuff from dodgy websites.

 but just make sure that next time you install something, be extremely careful and not to press "Next>" every time, for sometimes it will show offers for this kind of sketchy software and you have to unchecked a box to not install it. i learned this the hard way when I downloaded pivot 4 (which I can't even believe the creator of pivot would put that garbage in his installer)

and to top it off, if you are downloading a FILE from a website (not software) and it downloads an installer for the file (as in a .exe file) don't even consider it, those installers are specifically created to riddle your computer with malware like the one you just had.

[Kyuande]

If you use Chrome get WOT (web of trust), most of the time it will tell you if the site is good or not. Any websites that WOT puts as gray can be suspicious because no one put any reviews on it.

I use Windows Defender and Malwarebytes and my computer has been fine ever since :)