Unauthorized acces blocked (Norton Security)

[davideras2004]

I have a selfbuilt system, it works fine, except that the cpu usage is pretty high and the pc is a bit loud.

I am also having a gigantic list of the norton security history. It's blocking an "authorised acces" about every second.

Does anyone know what's going on?

 

[Aimi]

Wait

Am I reading it wrong, or is Norton targeting one of its own processes?

[davideras2004]

Sorry I wasn't very clear, this should help.

They are not always the same files.

[Aimi]

4 minutes ago, davideras2004 said:

Sorry I wasn't very clear, this should help.

They are not always the same files.

Well that filename does look suspicious, have you run a full scan to see if any of these get detected?

[davideras2004]

It didn't detect anything

 

[Syaoran]

Download and run HitmanPro: https://www.hitmanpro.com/en-us/downloads.aspx

 

Download and run AdwCleaner: https://www.malwarebytes.com/adwcleaner/

 

Reply with the logs

[davideras2004]

11 hours ago, Syaoran said:

Download and run HitmanPro: https://www.hitmanpro.com/en-us/downloads.aspx

 

Download and run AdwCleaner: https://www.malwarebytes.com/adwcleaner/

 

Reply with the logs

Here are the logs

HitmanPro_20190615_0914.log

AdwCleaner[S00].txt

[Syaoran]

Quote

The Unauthorized Access Blocked messages in your security history are logged by Norton Product Tamper Protection every time an executable file attempts to read/write/edit/delete a Norton file.  Common Windows processes like svchost.exe, taskmgr.exe, dfrgntfs.exe, etc. as well as any executable from third-party software like CCleaner and Malwarebytes Anti-Malware will cause one of these Unauthorized Access Blocked messages to be logged if they touch a file from your Norton installation

- https://community.norton.com/en/comment/7714501#comment-7714501

 

It looks like you're clean, can't be sure yet. Are all the Unauthorized Access Blocked messages have the same actor file path?

 

Upload PROCEXP64.exe to https://www.virustotal.com/gui/home/upload and then reply with the link to the results page

 

[demonix00]

Considering that the actor process is running from a location were you shouldn't be expecting executable files to be running from all the time (if all the actor files are running from the same location) then you might have some malware that isn't being picked up or is able to hide itself from being detected (and if it's trying to access the files related to the anti-virus it might be attempting to remove them or access them in an attempt to continue to not be detected) and I wouldn't consider that your system is clean considering that the amount of files scanned by adwcleaner doesn't match up with the amount of files scanned by norton which means that it wasn't scanning all directories (or wasn't scanning hidden folders of which appdata is a hidden folder).

 

I would suggest doing some scans in safe mode and maybe even using something like ultimate boot CD that has anti virus rescue programs that can do scans without the primary OS running, and if that doesn't fix it I would finally suggest backing up any critical files, dropping the tactical formatting nuke on the drive and reinstall the OS from scratch as it's the only way to be sure that your system is 100% virus and malware free.

[davideras2004]

12 hours ago, demonix00 said:

Considering that the actor process is running from a location were you shouldn't be expecting executable files to be running from all the time (if all the actor files are running from the same location) then you might have some malware that isn't being picked up or is able to hide itself from being detected (and if it's trying to access the files related to the anti-virus it might be attempting to remove them or access them in an attempt to continue to not be detected) and I wouldn't consider that your system is clean considering that the amount of files scanned by adwcleaner doesn't match up with the amount of files scanned by norton which means that it wasn't scanning all directories (or wasn't scanning hidden folders of which appdata is a hidden folder).

 

I would suggest doing some scans in safe mode and maybe even using something like ultimate boot CD that has anti virus rescue programs that can do scans without the primary OS running, and if that doesn't fix it I would finally suggest backing up any critical files, dropping the tactical formatting nuke on the drive and reinstall the OS from scratch as it's the only way to be sure that your system is 100% virus and malware free.

I've done a scan in safe mode without internet connection and the antivirus software saw the files in de screenshots but did nothing. Is it time for the final solution and if so, would wiping the drive completely with the dedicated option in the bios work?

[homeap5]

First - install Comodo Firewall. Unlike AV software, it can alert you about any program that trying to access internet. And most viruses want to connect net. Then uninstall Norton - it's probably most paranoid AV on the market - it can delete file without even asking! Then check if any strange processes trying to start.

 

And use Autoruns (maybe even first) to identify all programs that starts with Windows.

 

In case really hard to detect virus - use SpyHunter - if you can remove detected problems manually (unregistered version can't do that automatically).

[davideras2004]

4 hours ago, homeap5 said:

First - install Comodo Firewall. Unlike AV software, it can alert you about any program that trying to access internet. And most viruses want to connect net. Then uninstall Norton - it's probably most paranoid AV on the market - it can delete file without even asking! Then check if any strange processes trying to start.

 

And use Autoruns (maybe even first) to identify all programs that starts with Windows.

 

In case really hard to detect virus - use SpyHunter - if you can remove detected problems manually (unregistered version can't do that automatically).

There were no strange problems I found with Autoruns.

Comodo Firewall didn't detect anything strange too.

Spyhunter found 32 privacy issues and then solved them.

 

My Cpu is now also idleing at around 65C which it didn't before.

And as shown in the picture, the overall cpu usage is at around 95% while the usage of the user is at around 65%.

Does this imply there is something else than the use, maybe malware?

[Syaoran]

10 minutes ago, davideras2004 said:

There were no strange problems I found with Autoruns.

Comodo Firewall didn't detect anything strange too.

Spyhunter found 32 privacy issues and then solved them.

 

My Cpu is now also idleing at around 65C which it didn't before.

And as shown in the picture, the overall cpu usage is at around 95% while the usage of the user is at around 65%.

Does this imply there is something else than the use, maybe malware?

What are the processes that are high in CPU usage?

 

And I agree with homeap5 uninstall Norton a get a better AV, I suggest Kaspersky.

 

You can look at other good AV here: https://www.av-test.org/en/antivirus/home-windows/windows-10/april-2019/

[demonix00]

3 hours ago, davideras2004 said:

There were no strange problems I found with Autoruns.

Comodo Firewall didn't detect anything strange too.

Spyhunter found 32 privacy issues and then solved them.

 

My Cpu is now also idleing at around 65C which it didn't before.

And as shown in the picture, the overall cpu usage is at around 95% while the usage of the user is at around 65%.

Does this imply there is something else than the use, maybe malware?

If you aren't running anything that should be using your GPU (considering that your GPU is at 41% usage even though that user isn't showing any GPU usage and the CPU usage doesn't match up) there might be some malware or maybe even some kind of crypto miner malware running (although from what I know, those normally stop running when task manager is brought up to hide themselves) that is posing as a legitimate application (since procexp64.exe is part of process explorer which is a more in-depth variant of task manager and sometimes isn't picked up by malware that shuts down when task manager is run).

 

It would be best to use another anti-virus first to see if it detects anything, but if it doesn't and the unusually high CPU and GPU usage doesn't stop then the last resort would be to wipe the drive clean and reinstall the OS (even if anything is picked up and removed, a full wipe and reinstall should be done as the original install might not be 100% virus and malware free).

[homeap5]

And of course uninstall SpyHunter - it was just for check problems, not for being active protection.

 

You trying to made few my steps, but you still using Norton. It's like go to a doctor but using only selected described pills. AV software is heavy and this one may be reason why your CPU usage is that high.