I received a HIGH RISK warning from Norton 360 (V-4) that I'd been attacked by www.qurastiny.com (188.72.198.192.80) which it linked to /DEVICE/HARDDISKVOUME1/PROGRAM FILES (X86)/MOZILLA FIREFOX/FIREFOX.EXE is this a problem?
Reflagged issue from Norton 360 aimed at Firefox, no other obvious issues other than 'attack' charge by my anti-virus.
Valitud lahendus
My best guess is that you visited a web site that contained a script or Flash video that tried to push software from the qurastiny(dot)com domain. It sounds as though Norton blocked it, so that's good news. Being irritated by "I blocked it" messages might not be the most useful setup, but if you prefer to know about it in real time rather than just viewing your Norton logs occasionally, you could keep it for now.
If you don't mind investing time to be more secure, I suggest checking out the NoScript extension. Because it blocks scripts by default, when you visit a new site you often have to allow 1, 2, or 3 domains before everything works. There definitely is some cost there. But it probably would block this attack because that site's scripts would never be retrieved and executed in the first place.
Loe vastust kontekstis 👍 0All Replies (4)
I'm not sure how to interpret that. Either Norton blocked a site Firefox tried to access, or that site infected Firefox?
I suggest closing the browser and running a scan to see whether Norton finds any problems. You can supplement your regular security software with these two highly regarded scanners:
Malwarebytes Anti-malware : http://www.malwarebytes.org/mbam.php
SUPERAntiSpyware : http://www.superantispyware.com/
Muudetud
Hmm, I downloaded and ran both programs but all the SUPER AntiSpyware found were a few tracking cookies Norton & Ad-Aware missed.
Still not sure what's going on. Norton gives small 'alerts' on C:\PROGRAM FILES (X86)\LAVASOFT\AD-AWARE\AAWSERVICE.EXE targeting Norton's engine with an 'access process data' it blocked. These are obviously AdAware being nosy and doing its job while annoying Norton. The BIG ONE (twice now) 'Web Attack: Malicious Toolkit Website 8' attacking computer (xxxxx), attacker URL www.qurastiny.com/12974192/3659 Destination Address: GREGG-PC (xxx) traffic description was TCP.WWW-http So far nothing seems to have gotten past Norton but I'm getting concerned. I left the exact computer numbers out on purpose, obviously.
This one has shown twice now today, no idea why. I know Norton can get a bit 'flaky' now and then but this is unexpected.
Valitud lahendus
My best guess is that you visited a web site that contained a script or Flash video that tried to push software from the qurastiny(dot)com domain. It sounds as though Norton blocked it, so that's good news. Being irritated by "I blocked it" messages might not be the most useful setup, but if you prefer to know about it in real time rather than just viewing your Norton logs occasionally, you could keep it for now.
If you don't mind investing time to be more secure, I suggest checking out the NoScript extension. Because it blocks scripts by default, when you visit a new site you often have to allow 1, 2, or 3 domains before everything works. There definitely is some cost there. But it probably would block this attack because that site's scripts would never be retrieved and executed in the first place.
Thanks again!!
I did more checking and discovered something interesting and embarrassing. A defective Garman navigator was hooked up & charging on the system via the USB. On a guess I disconnected it and re-ran all the scanning software after a reboot.
While I'm still getting lots of small 'something is trying to do something' alerts the BIG one is not there anymore. Was it the Garman charging up?? Maybe, maybe not. BUT it's a lesson to me on checking what's attached to the computer before crying wolf!
Thank you for your help, the suggestions were useful and have provided me with MUCH better tools than I had before, and also provided me with a rather useful lesson in life; 'look before you leap'.
Many thanks for everything! God willing I won't be having such embarrassing goofs again for a little while. I do wonder why the alert pointed at Firefox though, very puzzling.
Gregg