SID 23363 HTTP Nukesploit P4ck Activity Detected
Updated: 08 Oct 2010 | 15 comments
This issue has been solved. See solution.
I am running Symantec Endpoint Protection 11.0.6100.645 with the latest updates on Windows 7.
I keep getting a message that "HTTP Nukesploit P4ck activity detected."
I wend to the attack signatures and have disabled system restore, updated the virus definitions and ran a full system scan. No problems were found.
I do not understand the "delete any values added to the registry" task and need some further explination.
What else can I do to stop this issue.
Todd
discussion Filed Under:
Comments
The IPS is blocking this
The IPS is blocking this exploit
Endpoint Knowledge Base
Security Best Practices
Is there anything I can do to
Is there anything I can do to stop this type of attack?
Is there a way to turn it off?
Make sure your System is
Make sure your System is patched up with latest security patches for IE,..
Remove Un-necessary IE Add-Ons.
Delete Temporary Internet files and clean up your Temp Start - Run -%temp%
If you are using Microsoft Internet Explorer 6.0 SP2 ..is possible upgrade it to atleast IE 7..
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
All patches are up to date on
All patches are up to date on WIN 7 and Nortons. Have deleted Temp Internet Files. I am using IE 8.0.7600.16385.
Still having the issues. My wife's account on the same computer is not having this issue.
Have you cleared out your
Have you cleared out your accounts temp Start - Run - % temp%
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Yes, I have cleared out my
Yes, I have cleared out my account temp file and even went to another account on my computer to delete files that were in use.
I logged back into my account and first thing up was the alert.
Frustrating.
Go to Start--run--msconfig
Go to Start--run--msconfig --Startup
and disable or unwanted programs in startup..specially the ones in the lower end on that list
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Sysrda32.exe
Found this file in the start up, but can't find it in the directory. Is this the file causing the issue?
A google search for this file
A google search for this file only point to anitvirus and spyware blogs..Disable it from starup..
then try restarting your computer..
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
No more POPUPS
Finally found the bugger in safe mode. Removed it and rebooted. Nortons did not come up at first and then rebooted again with no issue currently. Thank you for the assistance.
Todd
Dear Todd, Could you explain
Dear Todd,
Could you explain in detail how do you clear that popups
Thanks
Shri !!
There was a Threat on his
There was a Threat on his machine that was there in startup..it was not getting detected by sep in normal mode..however it got detected in safe mode and the issue got resolved.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
So you mean to say, after
So you mean to say, after running in safe mode & he scan again & then he remvoed ?
Thanks
Shri !!
That sounds good..atleast
That sounds good..atleast Symantec was blocking it in some way ( IPS )
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Fix to the problem SID23363 HTTP Nukesploit P4ck - Sysrda32.exe
All,
The file was found using the MSCONFIG going to the STARTUP TAB. The file was from an "unknown" source and the file name was SYSRDA32.exe.
When you uncheck the block and reboot, you will find that it "re-checks" itself when you click apply or ok. I had multiple restarts until I figured that little point out.
Had to go into SAFE MODE and search for the file there. You will have to "unhide" system files to be able to locate the SYSRDA32.exe file.
The file was located in C:\Users\---your user name here----AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.
Make sure your NORTONs does not get shut off. Had to reload my software to make sure nothing was funny with it.
Thanks again for all the assistance in fixing the problem.
Todd
Would you like to reply?
Login or Register to post your comment.