Home Support

AVG Network Inspector alert: Attacked by "DoublePulsar"

Applies to AVG Internet Security for Windows, AVG AntiVirus Free for Windows

This article explains how to resolve the issue if Network Inspector shows the following alert:

  • Attacked by "DoublePulsar"
Important: This is a very serious issue, so we strongly recommend that you resolve it immediately.

Description

If you see the alert above after running a Network Inspector scan:

Your PC has been remotely hijacked via a "DoublePulsar" attack. A dangerous backdoor implant has been installed on your PC, which attackers can use to bypass your PC's security, and access your system without detection. After gaining access to your system, the attacker can plant malware, or steal your personal data. This makes you highly vulnerable to further malware attacks, including "WannaCry" ransomware.

For more information about this issue, refer to the Details section.

Solution

To remove the DoublePulsar backdoor from your PC and prevent further malware attacks, install the Microsoft Windows MS17-010 security update by following the exact instructions in the relevant section below.

Your operating system:

Follow the steps below on the vulnerable PC that is running Windows 10:

  1. Restart your PC.
  2. Click the Windows Start button, then select Settings (the gear icon).
  3. Go to Update & SecurityWindows UpdateCheck for updates.
  4. Install any available updates.

After installing the available updates, run a Network Inspector scan in AVG AntiVirus to confirm that your PC is no longer vulnerable.

If the troubleshooting steps above do not work, try the other solutions below.

Other solutions

Details

Your PC was hijacked because it is running an outdated version of the Windows file-sharing service (SMB), which contains a serious flaw called "EternalBlue". EternalBlue is a well-known flaw that allows attackers to remotely connect to your PC and run malicious code. On the affected PC, an attacker was able to run the specific code that installs the dangerous DoublePulsar backdoor implant.

Because the DoublePulsar exploit code is already present on your system, you are highly vulnerable to further malware attacks. On May 12th 2017, the DoublePulsar backdoor in conjunction with EternalBlue was used by the "WannaCry" ransomware worm to infect thousands of PCs worldwide.

Note: The EternalBlue flaw affects the first version of the SMB protocol (commonly known as SMBv1). SMBv2 and newer (available from Windows 7 onwards) are not affected. However, even newer Windows versions still have SMBv1 support. For this reason, you may also need to run the MS17-010 security update on newer systems, or at least disable SMBv1.

Follow the instructions in the Solution section to remove the DoublePulsar backdoor from your PC, and prevent attacks such as WannaCry ransomware.

Further recommendations

If AVG AntiVirus is not installed on the affected PC, malware could already have been installed via the DoublePulsar backdoor. If possible, we recommend installing AVG AntiVirus Free on the affected PC, and running a Boot-time scan to remove any malware.

Note: AVG AntiVirus does not support Windows Vista or Windows XP. If the affected PC is running one of these operating systems, we strongly recommend upgrading to a newer version of Windows.

What's inside this article

Basic information

Was this article helpful?

Still looking for answers ?

Visit our AVG Support Community or contact us here:

Struggling with non-AVG technology? We can fix that, too!