Kara Gray Posted December 29, 2015 Share Posted December 29, 2015 Just received a Norton Security "high severity" warning that an intrusion attempt by 54.240.160.8 was blocked with the IPS Alert name "Web Attack" Malicious File Download 14." It says the attacker URL was files.pcpitstop.com/cab/ntrights.exe. Is this something legit that Norton is flagging by mistake? I sure hope so! Kara Link to post Share on other sites
Glen Heavilin Posted December 29, 2015 Share Posted December 29, 2015 Same thing happened to me. Windows 10, Norton Security all up to date. Link to post Share on other sites
IntelGuy Posted December 29, 2015 Share Posted December 29, 2015 Yes, it is a false positive by Norton. files.pcpitstop.com/cab/ntrights.exe is PC Matic trying to update the Active X control silently in the background. Link to post Share on other sites
bikes_r_me4 Posted December 30, 2015 Share Posted December 30, 2015 I just was forced to uninstall PC Matic from my computer because it hijacked it through using this process. I noticed that your software created it's own user account on my computer and in doing so, was using ntrights.exe to create multiple instances of users on my system. I'm running Windows XP SP 3 and now have the following profiles that were created by your program: PCPitstopSVC PCPitstopSVC.CONTROL-PC PCPitstopSVC.CONTROL-PC.000 PCPitstopSVC.CONTROL-PC.001 PCPitstopSVC.CONTROL-PC.002 PCPitstopSVC.CONTROL-PC.003 PCPitstopSVC.CONTROL-PC.004 and so on... all the way up to PCPitstopSVC.CONTROL-PC.431 which is when I killed your software on my computer. This never happened before. I've been using PC Matic for about a year now and never had any problems like this. The Supershield is still working and upon viewing the Security Report, it seems the processes running at the time when this was happening were: find.exe, cmd.exe, net.exe, net1.exe, ntrights.exe, reg.exe, regsvr32.exe, wscript.exe, PcPitstopScheduleService.exe, hostname.exe This same thing happened on all of our computers that have PC Matic installed. We have already contacted PC Matic support and put in 2 help tickets. The numbers are BXB114-69808 and DPT-243-48552 and have not received any responses from tech support. Link to post Share on other sites
Kara Gray Posted December 30, 2015 Author Share Posted December 30, 2015 Well, I was thinking this was no big deal until I saw the above from bikes_r_me4. I don't have these bogus user accounts on my PC, perhaps because Norton is blocking this process. I'd love to hear someone from PC Matic weigh in on this, or a report back if/when bikes_r_me4 gets a response from tech support. Link to post Share on other sites
IntelGuy Posted December 30, 2015 Share Posted December 30, 2015 All tickets are responded to within 24 hours, usually much sooner, often within just a few minutes, but the target is 24 hours. BXB-114-69808 was answered in two minutes, DPT-243-48552 was answered in 17 minutes. If you did not receive the replies you may need to check your junk mail folders both locally and at the online email client. The multiple account issue only occurs on Windows XP. You will not see it on other versions of Windows. The developer has pushed out a change that should automatically remove the extraneous accounts. We are looking into why the issue occurred in the first place. As far as Norton blocking the process, that is a false positive and they should not be blocking our software. Please open a ticket at our help desk from the link below so that we can obtain more information about the computer: http://pcpitstop.com/store/service.asp Link to post Share on other sites
bikes_r_me4 Posted December 31, 2015 Share Posted December 31, 2015 (edited) All tickets are responded to within 24 hours, usually much sooner, often within just a few minutes, but the target is 24 hours. BXB-114-69808 was answered in two minutes, DPT-243-48552 was answered in 17 minutes. If you did not receive the replies you may need to check your junk mail folders both locally and at the online email client. I'm sorry, but no responses to either ticket were received. The spam folder was also checked and it did not land in there either. We are still awaiting a response from tech support. At this point in time we are in fear of reinstalling the software on our machines until an official fix is released and an explanation is given. I forgot to mention initially that the same thing happened with 1 machine we have that runs Windows Vista Business. All of our other machines are Windows XP. Edited December 31, 2015 by bikes_r_me4 Link to post Share on other sites
IntelGuy Posted December 31, 2015 Share Posted December 31, 2015 Thank you for the additional information. Please add [email protected] to your address book and see if that helps our replies to get through. I will also send responses from my private email address and see if they get through that way. Link to post Share on other sites
tousley Posted January 1, 2016 Share Posted January 1, 2016 Same problem here. I'm ticket #FQR-733-57420 on a Win 10 system and have sent in the log file but haven't heard anything back. For those out there having the same issue, when you download the ntrights.exe file right from PC Pitstop, it passes the Norton anti-virus scan just fine. I use Norton 360 and it appears the detection occurs in Norton's Intrusion Protection Service. Contacting Norton is a non-starter unless you are a real techie, as they can't replicate the problem, so they send you instructions for capturing all packets, but it's full of acronyms and interface instructions so good luck with that. I'm hoping PCPitstop gets on the phone to Symantec as I have several friends who I've recommended PC Pitstop to that are having the same issue. Link to post Share on other sites
Janet Petermann Posted January 1, 2016 Share Posted January 1, 2016 I'm having the same issue. I have been using PC Matic for over a year with no problems. Now Norton is blocking an "attack by malicious spyware" or some such thing from pcpitstop. Hope PC Pitstop gets this figured out since I paid for this service and can't use it? Thanks. Link to post Share on other sites
IntelGuy Posted January 2, 2016 Share Posted January 2, 2016 We have uploaded the file to Norton and are waiting for them to add it to their whitelist. In the meantime there should be a way to locally add the file to Norton's exclusion list. Link to post Share on other sites
viaveneto2 Posted January 3, 2016 Share Posted January 3, 2016 Same situation. I have both Norton and PCMatic on both my PC and laptop. The PC runs Windows 7 and I have no problems. On the laptop I have just installed Windows 10 when I started to get the error message from Norton about "intrusion attempt by 54.192.206.131 blocked" IPS Alert Name: Web Attack: Malicious File Download 14. However, I just ran a PCMatic manual scan on the laptop and had no problems. Is this something I should ignore or worry about it? I'm not a computer expert, so please don't reply with IT technical jargon. Thank you. Link to post Share on other sites
IntelGuy Posted January 4, 2016 Share Posted January 4, 2016 It is safe to ignore that warning. You can add it to the Norton exclusion list while we are waiting for Norton to respond to our white listing request. Link to post Share on other sites
tousley Posted January 8, 2016 Share Posted January 8, 2016 Any word on this yet? My ticket #FQR-733-5720. The screenshot you show is not an exclusion list. It only prevents Norton from notifying you with the pop-up intrusion warning. Meanwhile, it keeps detecting the threat in the background, using computer resources and slowing other processes when it detects the threat and throws up the warning. Thanks for any help you guys can offer on this. Link to post Share on other sites
IntelGuy Posted January 8, 2016 Share Posted January 8, 2016 That is correct, then screen shot posted by the customer is not the exclusion list. There should be a procedure for adding the file locally to the Norton white list. Norton has sent a response that our file has been successfully added to their global white list. If you are still seeing it being detected you may need to update the definitions for your Norton product. Link to post Share on other sites
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now