Author Topic: SMB Eternal Blue Exploit?  (Read 1644 times)

0 Members and 1 Guest are viewing this topic.

Offline LGrounds

  • Newbie
  • *
  • Posts: 2
SMB Eternal Blue Exploit?
« on: June 06, 2022, 08:00:16 PM »
For the past week or so I have had an Avast One pop-up saying it has aborted connection to smb://187.213.183.60/nsa:cve-2017-0144_EternalBlue, because it was infected with SMB:CVE-2017-0144 [Expl]

This keeps happening over and over again, without me doing anything. A few times I was able to see a small black screen appear for a few milliseconds, but then be replaced with the avast pop-up.

I looked this up here, and multiple people a few years ago had the same thing happen. The fix usually recommended was simply to close port 445. I did this, but it has not helped in the least. Is this a false positive, or is this an actual problem that needs to be fixed?

If it helps, I am on a HP windows 8.1 device.

I will give you a screenshot of the avast pop-up:

In the short time it took to write this post, the pop-up appeared 2 more times.

Edit: In each pop-up, the IP specified is always different, and is from all over the world.
« Last Edit: June 06, 2022, 11:35:03 PM by LGrounds »

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2760
Re: SMB Eternal Blue Exploit?
« Reply #1 on: June 07, 2022, 08:53:33 AM »
Hi,

I would suggest that you follow the information in this guide:https://support.avast.com/article/EternalBlue-vulnerability/#idt_020

Offline LGrounds

  • Newbie
  • *
  • Posts: 2
Re: SMB Eternal Blue Exploit?
« Reply #2 on: June 07, 2022, 04:10:58 PM »
Hi,

I would suggest that you follow the information in this guide:https://support.avast.com/article/EternalBlue-vulnerability/#idt_020

Hi. Thank you for replying.
I followed the guide but it, unfortunately, has not worked. In the past few hours (after I updated my PC), the pop-up has appeared 5 more times.

I ran the avast network inspector and a deep PC scan, but nothing showed up.

Is there anything else I am able to do? I am glad Avast has been able to stop the exploit from being successful, but I would like to fix the actual problem.
« Last Edit: June 07, 2022, 04:38:11 PM by LGrounds »

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2760
Re: SMB Eternal Blue Exploit?
« Reply #3 on: June 08, 2022, 03:36:30 PM »
Hi,

Which steps did you follow? Perhaps you missed a step. A system restart is required after you apply the security update.
You need to run the MS17-010 security update, or at least disable SMBv1.
https://support.microsoft.com/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows-server