Hi, everyone, earlier today went turned on my monitor for my computer I saw a pop-up from my Norton 360 Security suite saying "Outbound Traffic Detected, We have detected a large amount of suspicious activity on your system. Your computer may be infected with something that Norton Power Eraser can detect and remove." Then it asks I want to run Norton Power Eraser. Here is a screenshot of it:
After this happened I checked the Security History Window/Popup and I noticed that Norton said that "An intrusion attempt by 66.240.250 was blocked." (There were two of these instances or entries the Security History windows.) I have circled them in orange in the picture below:
There is also an instance or entry in the Security History Window/Popup that says Intrusion Prevention Auto Block has blocked IP: 66.240.205.34 for a period of 30 minutes. (Circled in above screenshot in green) When I clicked on the more details option of one of the intrusion attempts, in the IPS Alert section it said System Infected: GhostNet Backdoor Activity 3 (the Second entry or instance was called System Infected: GhostNet Backdoor Activity), and the traffic description was TCP, Port 60670. Here is a screenshot of it:
After this I ran Norton Power Eraser and detected something but I think they are false positives because two of the files were installers for Adobe CS2 that I download from Adobe's website, two were batch files that I made myself, one was a Google Chrome bookmarks file and the last one which I think the most suspicious was a registry key for "microsoft. powershell". See screenshot Below:
The registry key is: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\"ExecutionPolicy" and the file thumbprint is SHA: Not Available. Here is a screenshot:
What does this mean? What should I do? What is going on? Is my computer infected? Should I repair the Registry Key? One thing that I think is odd is that in the Security History Window/Popup that there are several entries or instances of "ip Address has disappeared from adapter Microsoft Teredo Tunneling Adapter" (then it lists ip address.) Here is a screenshot of it:
Is this normal? The software that I have downloaded and installed recently is Seagate Sea Tools, Acronis Disk Director, Paragon Partition Manager 14 Free, and I have reinstalled and updated AOMEI Partition Assistant Standard, I have also updated Western Digital Data Lifeguard Diagnostics and tried install Seagate DiscWizard. All of the software that I have mentioned was downloaded from the developer's website My computer seems to be running as well at it used to I have not noticed any abnormal performance slow downs except for my wireless adapter. I done multiple antivirus scan recently with Malwarebytes and Norton 360 and both of them have not come up with anything. Today I ran a scan with Malwarebytes Adwcleaner it found one threat which was a registry key. Here it is: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\geekbuddyrsp . Here is a screenshot of it:
My operating system is Windows 10 64 bit, Do I need to post anymore system specifications? Thank you, I hope you guys can help me.
After this happened I checked the Security History Window/Popup and I noticed that Norton said that "An intrusion attempt by 66.240.250 was blocked." (There were two of these instances or entries the Security History windows.) I have circled them in orange in the picture below:
There is also an instance or entry in the Security History Window/Popup that says Intrusion Prevention Auto Block has blocked IP: 66.240.205.34 for a period of 30 minutes. (Circled in above screenshot in green) When I clicked on the more details option of one of the intrusion attempts, in the IPS Alert section it said System Infected: GhostNet Backdoor Activity 3 (the Second entry or instance was called System Infected: GhostNet Backdoor Activity), and the traffic description was TCP, Port 60670. Here is a screenshot of it:
After this I ran Norton Power Eraser and detected something but I think they are false positives because two of the files were installers for Adobe CS2 that I download from Adobe's website, two were batch files that I made myself, one was a Google Chrome bookmarks file and the last one which I think the most suspicious was a registry key for "microsoft. powershell". See screenshot Below:
The registry key is: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\"ExecutionPolicy" and the file thumbprint is SHA: Not Available. Here is a screenshot:
What does this mean? What should I do? What is going on? Is my computer infected? Should I repair the Registry Key? One thing that I think is odd is that in the Security History Window/Popup that there are several entries or instances of "ip Address has disappeared from adapter Microsoft Teredo Tunneling Adapter" (then it lists ip address.) Here is a screenshot of it:
Is this normal? The software that I have downloaded and installed recently is Seagate Sea Tools, Acronis Disk Director, Paragon Partition Manager 14 Free, and I have reinstalled and updated AOMEI Partition Assistant Standard, I have also updated Western Digital Data Lifeguard Diagnostics and tried install Seagate DiscWizard. All of the software that I have mentioned was downloaded from the developer's website My computer seems to be running as well at it used to I have not noticed any abnormal performance slow downs except for my wireless adapter. I done multiple antivirus scan recently with Malwarebytes and Norton 360 and both of them have not come up with anything. Today I ran a scan with Malwarebytes Adwcleaner it found one threat which was a registry key. Here it is: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\geekbuddyrsp . Here is a screenshot of it:
My operating system is Windows 10 64 bit, Do I need to post anymore system specifications? Thank you, I hope you guys can help me.