Dear all,
An incident happened yesterday (03-October-2016) which went as follows.
1) 13:39:40 IST Windows event viewer gave error. The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2) From 13:51:03 - 13:51:38 IST - Massive serial connection attempt from host to firewall on ports 111, 137, 20005, 7547, 53, 32764, 138, 49152, 873, 3389, 22, 135, 3128, 21, 993, 4567, 5357, 389, 5431, 500, 139, 23, 515, 1434, 20, 5060, 500, 8099, 5000, 3128, 8443, 9100, 389, 515, 80 which were blocked by firewall. The computer was unattended and event viewer showed no anomalous entry.
3) Multiple scan by Malwarebytes and Avast also yielded no result. Rkill and JRT tool also showed no anomalous entry.
Can anyone confirm whether it was a genuine sophisticated hack attempt and suggest remedial measures