Hey there.
To set a history how all the crazy things happened, I came by one of those '' naughty '' sites . But boy I messed up.
The moment I visited the site it automatically downloaded some file in my temp folder *without my conscent* Please note I had Norton Premium up to date on updates, and all, so I did not understand how it could allowed it. What happened afterwards was a ton of requests to allow the file to make changes in my windows folder, which I tried to decline again, and again. Problem is that it kept asking for the same request, and no matter if I tried to use task manager, it just would ask for it again making me look at the forced request screen thing.
Well I ended up saying yes, thinking that Norton likely would prevent it downloading the Trojan, or whatever. It did, but it kept trying to download it again, and again. I got warnings again, and again of
25-01-2015 17:03:33
High Risk
An attempt fromHOMEPC have been blocked.
System Infected: Trojan.Ransomlock.G,
"HOMEPC (192.168.0.14, 50420)","109.200.5.91, 443",192.168.0.14 (192.168.0.14),"TCP, Port 50420"
Attack is due to \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSWOW64\RUNDLL32.EXE.
I knew the file was a windows file, and also the fact it would replace itself if deleted. I did end up getting to that part after Norton Support Center did jack **** to help me, mostly doing things I already knew myself (sfc /scannow, power eraser, msconfig ) and so forth.
In the end I found a nasty little file starting up on boot after looking in msconfig, but still I kept getting UDP (17) traffic, and I still am. So right now I am wondering if I got something on my PC that is getting me traffic sent to me, as Norton/Malwarebytes cannot detect it, I assume so.
Anyway I hope someone can help me, because I do not have a clue why it keeps going on.
Also my Security Center will not start up anymore, so I assume it is thanks to that file.
And to add to that, I got about 12 different svhost.exe processors going at the time, which only adds me to think something is going on.
Here is the UDP (17) wall of spam I am getting in my Norton record.
Categori: Firewall activities
26-01-2015 19:12:58
Rule prevented UDP(17) -traffic with (192.168.0.1 Port ssdp(1900)
Fund, no actions required.
<br> Rule: Default Block UPnP Discovery<br> Rule action: rejected<br>
Rule risk: normal<br> <br> Traffic information:<br> Protokol: UDP(17) <br>
Direction: inbound<br> Lokal vært: <br> Local IP: 239.255.255.250<br>
Lokal service: Port ssdp(1900) <br>
Exstern vært: <br> Ekstern IP: 192.168.0.1<br>
Exstern tjeneste: Port ssdp(1900) <br>
Exstern MAC: -- <br> Adapter-oversigt: 3<br> <br>
Procesinformation:<br> Proces-id: 2476<br>
Processpath: C:\Windows\System32\svchost.exe<br>
To set a history how all the crazy things happened, I came by one of those '' naughty '' sites . But boy I messed up.
The moment I visited the site it automatically downloaded some file in my temp folder *without my conscent* Please note I had Norton Premium up to date on updates, and all, so I did not understand how it could allowed it. What happened afterwards was a ton of requests to allow the file to make changes in my windows folder, which I tried to decline again, and again. Problem is that it kept asking for the same request, and no matter if I tried to use task manager, it just would ask for it again making me look at the forced request screen thing.
Well I ended up saying yes, thinking that Norton likely would prevent it downloading the Trojan, or whatever. It did, but it kept trying to download it again, and again. I got warnings again, and again of
25-01-2015 17:03:33
High Risk
An attempt fromHOMEPC have been blocked.
System Infected: Trojan.Ransomlock.G,
"HOMEPC (192.168.0.14, 50420)","109.200.5.91, 443",192.168.0.14 (192.168.0.14),"TCP, Port 50420"
Attack is due to \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSWOW64\RUNDLL32.EXE.
I knew the file was a windows file, and also the fact it would replace itself if deleted. I did end up getting to that part after Norton Support Center did jack **** to help me, mostly doing things I already knew myself (sfc /scannow, power eraser, msconfig ) and so forth.
In the end I found a nasty little file starting up on boot after looking in msconfig, but still I kept getting UDP (17) traffic, and I still am. So right now I am wondering if I got something on my PC that is getting me traffic sent to me, as Norton/Malwarebytes cannot detect it, I assume so.
Anyway I hope someone can help me, because I do not have a clue why it keeps going on.
Also my Security Center will not start up anymore, so I assume it is thanks to that file.
And to add to that, I got about 12 different svhost.exe processors going at the time, which only adds me to think something is going on.
Here is the UDP (17) wall of spam I am getting in my Norton record.
Categori: Firewall activities
26-01-2015 19:12:58
Rule prevented UDP(17) -traffic with (192.168.0.1 Port ssdp(1900)
Fund, no actions required.
<br> Rule: Default Block UPnP Discovery<br> Rule action: rejected<br>
Rule risk: normal<br> <br> Traffic information:<br> Protokol: UDP(17) <br>
Direction: inbound<br> Lokal vært: <br> Local IP: 239.255.255.250<br>
Lokal service: Port ssdp(1900) <br>
Exstern vært: <br> Ekstern IP: 192.168.0.1<br>
Exstern tjeneste: Port ssdp(1900) <br>
Exstern MAC: -- <br> Adapter-oversigt: 3<br> <br>
Procesinformation:<br> Proces-id: 2476<br>
Processpath: C:\Windows\System32\svchost.exe<br>