Multiple Pop Ups With Threat Secured SMB: CVE-2017-0144

Viruses & Threats
14

The remote session will long 30 to 40 minutes utmost, James.

19

Thanks for the information, Summer.
To avoid Eternal Blue vulnerability our recommendation is install security Windows updates as described at: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010 or simply disable SMBv1: https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and.

16

Hi James,
I'm Shankara from AVG technical support. I was in touch with my higher technicians regarding the issue we have in your computer.

I recommend you to contact IT administrator or Microsoft technician and share the below details. They should be able to help you in fixing it.

Details about vulnerability: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010.
How to disable SMBv1 is described at: https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and .

Thank you.

15

I received the information you sent about installing the Windows  Update, my computer said it already has that update installed, so I went to the other info on removing SMB1 and I do not understand the wording in the instructions on how to remove it from my Windows 7 program. Can you make that easier to understand or should I have my computer tech come over and complete it for me ?

James :slight_smile:

18

I'd submit a screenshot, but I fixed it!!!. No sign of popups. I found an page on AVG's sister AV, Avast. It's titled "Avast WiFi Inspector: Troubleshooting Eternal Blue vulnerability on Windows 7" ( link: https://help.avast.com/eb/av_free/17/hns/win7/cve-2017-0143.html) This is an easy to follow guide to download the Microsoft patch / update that takes care of the EternalBlue vulnerability. Because I don't have Avast, I couldn't run the Avast WiFi Inspector to verify my system is no longer  vulnerable. I went to TrendMicro's website, found a page on "Preventing WannaCry (WCRY) Ransomware Attacks using TrendMicro products. " I found out that WCRY exploits the same vulnerability that Eternal Blue / SMB:CVE-2017-0144 does. Scroll down to "Useful Tools to Help Detect and Prevent Detection". I used "TrendMicro WCRY simple patch Validation Tool" to verify the patch and disable the SMBv1 those type of virus uses to infect a computer. YEAH!!! hope that helps!

17

I just watched a video on youtube about how to stop the !@#$% (mailto:!@#$%)^&*() popups with  SMB:CVE-2017-0144 threat code. It detailed going into AVG settings and turning off all notifications. What does AVG support think about turning off all notifications? (some of us are getting desperate since nothing seems to stop the popups). Thanks

1

For the past few weeks I have been receiving multiple pop ups per day on my computer, I have  a screenshot of it in my Picasa photo files…started out once or twice a day and I would just x it out and it would go away…like everyone else I ran deep scans on my AVG  and nothing was detected. I even did a boot scan and nothiing happened. I have a paid AVG program, version 18.6.3066, I have Computer Protection, Web & Emails Protection, Hacker Attacks Protection, Privacy Protection, and Payments Protection. Earlier today I read on your forum a suggestion from your staff to go into Control Panel to my AVG Program, hit Change and then Repair…I did that about an hour ago, then Updated my AVG Plan, then rebooted my computer…it did not help the situation…the pop ups are now coming in several times a day while I am on my computer…very annoying as I have to take time from what I am doing to delete each box and it keeps re-appearing about ten times before going away each time. Is there anything that will make this go away and does this mean I have a virus inside my computer as well ? 

Appreciate any information you can provide. 

James Johnson

10

here you go, detailed screenshot.User-added image

2

Thank you for the info, James. 

We have sent you an email with the link to get connected with our technical support team. Please follow those instructions to get in touch with them and you should be able to resolve the issue.

3

Thank you for sharing us the screenshot.

To analyse more about this issue, we need to check the file path for this threat pop up to resolve the issue.

Please click on "See details" in the threat pop up to check the file path and then share the screenshot of it to check and assist you further.

9

Hello Summer,
We are here to help you. The turning off all the notifications is not a good idea because you will not receive any pop up from AVG (even if there is a real threat).
Could you please share a screenshot of the pop up you're receiving with "see details" page to proceed further?
Regards,
Alok.

8

I just watched a video on youtube about how to stop the !@#$% (mailto:!@#$%)^&*() popups with  SMB:CVE-2017-0144 threat code. It detailed going into AVG settings and turning off all notifications. What does AVG support think about turning off all notifications? (some of us are getting desperate since nothing seems to stop the popups). Thanks

13

Hello James,

Let's work together to fix it. Deep scan will detect and notify you if there is any virus on your device. It might be a false positive. Please share the screenshot http://support.avg.com/SupportArticleView?urlname=Create-screenshot of that detection popup with full path to check and assist you further.

4

Hello James,

Let's work together to fix it. Deep scan will detect and notify you if there is any virus on your device. It might be a false positive. Please share the screenshot http://support.avg.com/SupportArticleView?urlname=Create-screenshot of that detection popup with full path to check and assist you further.

5

Thanks for the information, Summer.
To avoid Eternal Blue vulnerability our recommendation is install security Windows updates as described at: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010 or simply disable SMBv1: https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and.

11

@ Summer Eggleston
Summer, For your info, just in case that you are unaware, you can post the screenshot (http://avgclick.me/getscreenshot) here in your topic. Click on 'Answer' & then click on the 'Image' [mountain symbol] & follow the instructions. 
AVG Guru

12

screen capture

6

I received the information you sent about installing the Windows  Update, my computer said it already has that update installed, so I went to the other info on removing SMB1 and I do not understand the wording in the instructions on how to remove it from my Windows 7 program. Can you make that easier to understand or should I have my computer tech come over and complete it for me ?

James :slight_smile:

7

thanks I appreciate the assistance you have provided. do you know how long this remote assistance will take to perform ?  I will probably contact the remote service later this evening but I only have a few hours of free time to do so, just wanted to make sure it`s not going to take more than that to complete. 

James :slight_smile: