Intrusion Alert from Norton

wjmichon

wjmichon last edited by

Hi,

I have been experiencing lots of alert from Norton, everytime I am using the Opera Browser. It started last week, when my opera crashed. Maybe I click in some bad link. Since then, Norton keep me showing the following alert:

Description
19/06/2015 20:35:06,High,An intrusion attempt by sepabi.com was blocked.,Blocked,No Action Required,Web Attack : Malvertisement Website Redirect 9,No Action Required,No Action Required,"sepabi.com (88.85.84.123, 80)",sepabi.com/935q498cfh78hsq9epekba7jwuus7ewcz5vmd6rev,"my computer name and IP",88.85.84.123 (88.85.84.123),"TCP, www-http"
Network traffic from sepabi.com/935q498cfh78hsq9epekba7jwuus7ewcz5vmd6rev matches the signature of a known attack.

I already uninstalled opera, deleted files from the opera folder. But everytime I install opera, the alert begins again. I don't experience the same alert using any other browser, like Firefox, Chrome, IE.

Any ideas how can I get rid of this alert and possible malware?

sgunhouse

sgunhouse Moderator Volunteer last edited by

When you say "deleted folder" do you mean the program folder or your profile folder?

Start with Settings > Privacy & Security and clear browsing data. In the dialog, make sure you choose to clear the cache. but you can clear history too. You could also look to see if any different extensions were installed. Finally (before trying anything more severe), check the shortcut you use to start Opera: right-click > Properties, make sure the Target field ends in ...\launcher.exe" (nothing after the quote) - some malware will modify the shortcut to try to load their website when you start the browser.

If that's not enough, then go to About Opera and make note of the paths listed for your profile and cache. Close Opera and delete both listed folders completely.

blackbird71

blackbird71 last edited by

Symantec/Norton describes the Redirect 9 message this way at their Enterprise site: "This signature detects malicious advertisements leading to malware or exploits. Website hosts malicious advertisements which when clicked upon drops malicious files and compromises the security of the machine."

That leads me to suspect that you may have an Opera session, speed dial, or cache file that links to a problematic website which carries malicious ads. Such files, being part of your personal files, would normally survive a simple Opera uninstall/reinstall cycle and would have to be cleared out manually.