A new form of attack

[REDACTED]

Dear all,
An incident happened yesterday (03-October-2016) which went as follows.

1) 13:39:40 IST Windows event viewer gave error. The Avast Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

2) From 13:51:03 - 13:51:38 IST - Massive serial connection attempt from host to firewall on ports 111, 137, 20005, 7547, 53, 32764, 138, 49152, 873, 3389, 22, 135, 3128, 21, 993, 4567, 5357, 389, 5431, 500, 139, 23, 515, 1434, 20, 5060, 500, 8099, 5000, 3128, 8443, 9100, 389, 515, 80 which were blocked by firewall. The computer was unattended and event viewer showed no anomalous entry.

3) Multiple scan by Malwarebytes and Avast also yielded no result. Rkill and JRT tool also showed no anomalous entry.

Can anyone confirm whether it was a genuine sophisticated hack attempt and suggest remedial measures

[Pondus]

1. many cases posted, search the forum
2. probably avast dns check

Can anyone confirm whether it was a genuine sophisticated hack attempt

Most likely no

[REDACTED]

I did search the forum for Avast service terminating unexpectedly, but they are all related to older versions. Our version is Avast Free antivirus 12.3.3154.6 on windows 7 SP1. The definition was current 161003-0. Also DNS in our case is not the firewall but another server.

[Pondus]

If you want a check, follow instructions found in sticky post at top in viruses and worms forum section > Logs to assist ....

[REDACTED]

Should I start a new thread in viruses and worm or continue in this thread only?

[Pondus]

Should I start a new thread in viruses and malware or continue in this thread only?

Start a new and give link to this topic

expert may be in a different time zone so it may take hours before anyone is online ...
The two diagnostic logs from FRST are the important ones

[REDACTED]

Topic has been moved to https://forum.avast.com/index.php?topic=191510.0