Jump to content

Change Mode

Norton says it's blocked an attack from a PCPitstop URL. Is this l


Recommended Posts

Just received a Norton Security "high severity" warning that an intrusion attempt by 54.240.160.8 was blocked with the IPS Alert name "Web Attack" Malicious File Download 14." It says the attacker URL was files.pcpitstop.com/cab/ntrights.exe.

 

Is this something legit that Norton is flagging by mistake? I sure hope so!

Kara

Link to post
Share on other sites

I just was forced to uninstall PC Matic from my computer because it hijacked it through using this process. I noticed that your software created it's own user account on my computer and in doing so, was using ntrights.exe to create multiple instances of users on my system. I'm running Windows XP SP 3 and now have the following profiles that were created by your program:

 

PCPitstopSVC

PCPitstopSVC.CONTROL-PC

PCPitstopSVC.CONTROL-PC.000

PCPitstopSVC.CONTROL-PC.001

PCPitstopSVC.CONTROL-PC.002

PCPitstopSVC.CONTROL-PC.003

PCPitstopSVC.CONTROL-PC.004

 

and so on... all the way up to

 

PCPitstopSVC.CONTROL-PC.431 which is when I killed your software on my computer.

 

This never happened before. I've been using PC Matic for about a year now and never had any problems like this. The Supershield is still working and upon viewing the Security Report, it seems the processes running at the time when this was happening were:

 

find.exe, cmd.exe, net.exe, net1.exe, ntrights.exe, reg.exe, regsvr32.exe, wscript.exe, PcPitstopScheduleService.exe, hostname.exe

 

This same thing happened on all of our computers that have PC Matic installed. We have already contacted PC Matic support and put in 2 help tickets. The numbers are BXB114-69808 and DPT-243-48552 and have not received any responses from tech support.

Link to post
Share on other sites

Well, I was thinking this was no big deal until I saw the above from bikes_r_me4. I don't have these bogus user accounts on my PC, perhaps because Norton is blocking this process. I'd love to hear someone from PC Matic weigh in on this, or a report back if/when bikes_r_me4 gets a response from tech support.

Link to post
Share on other sites

All tickets are responded to within 24 hours, usually much sooner, often within just a few minutes, but the target is 24 hours. BXB-114-69808 was answered in two minutes, DPT-243-48552 was answered in 17 minutes. If you did not receive the replies you may need to check your junk mail folders both locally and at the online email client.

 

The multiple account issue only occurs on Windows XP. You will not see it on other versions of Windows. The developer has pushed out a change that should automatically remove the extraneous accounts. We are looking into why the issue occurred in the first place.

 

As far as Norton blocking the process, that is a false positive and they should not be blocking our software. Please open a ticket at our help desk from the link below so that we can obtain more information about the computer:

 

http://pcpitstop.com/store/service.asp

Link to post
Share on other sites

All tickets are responded to within 24 hours, usually much sooner, often within just a few minutes, but the target is 24 hours. BXB-114-69808 was answered in two minutes, DPT-243-48552 was answered in 17 minutes. If you did not receive the replies you may need to check your junk mail folders both locally and at the online email client.

 

I'm sorry, but no responses to either ticket were received. The spam folder was also checked and it did not land in there either. We are still awaiting a response from tech support. At this point in time we are in fear of reinstalling the software on our machines until an official fix is released and an explanation is given.

 

I forgot to mention initially that the same thing happened with 1 machine we have that runs Windows Vista Business. All of our other machines are Windows XP.

Edited by bikes_r_me4
Link to post
Share on other sites

Same problem here. I'm ticket #FQR-733-57420 on a Win 10 system and have sent in the log file but haven't heard anything back. For those out there having the same issue, when you download the ntrights.exe file right from PC Pitstop, it passes the Norton anti-virus scan just fine. I use Norton 360 and it appears the detection occurs in Norton's Intrusion Protection Service. Contacting Norton is a non-starter unless you are a real techie, as they can't replicate the problem, so they send you instructions for capturing all packets, but it's full of acronyms and interface instructions so good luck with that. I'm hoping PCPitstop gets on the phone to Symantec as I have several friends who I've recommended PC Pitstop to that are having the same issue.

Link to post
Share on other sites

We have uploaded the file to Norton and are waiting for them to add it to their whitelist. In the meantime there should be a way to locally add the file to Norton's exclusion list.

Link to post
Share on other sites

Same situation. I have both Norton and PCMatic on both my PC and laptop. The PC runs Windows 7 and I have no problems. On the laptop I have just installed Windows 10 when I started to get the error message from Norton about "intrusion attempt by 54.192.206.131 blocked"

IPS Alert Name: Web Attack: Malicious File Download 14. However, I just ran a PCMatic manual scan on the laptop and had no problems. Is this something I should ignore or worry about it? I'm not a computer expert, so please don't reply with IT technical jargon. Thank you.

Link to post
Share on other sites

Any word on this yet? My ticket #FQR-733-5720. The screenshot you show is not an exclusion list. It only prevents Norton from notifying you with the pop-up intrusion warning. Meanwhile, it keeps detecting the threat in the background, using computer resources and slowing other processes when it detects the threat and throws up the warning.

Thanks for any help you guys can offer on this.

Link to post
Share on other sites

That is correct, then screen shot posted by the customer is not the exclusion list. There should be a procedure for adding the file locally to the Norton white list.

 

Norton has sent a response that our file has been successfully added to their global white list. If you are still seeing it being detected you may need to update the definitions for your Norton product.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...