This article explains how to resolve the issue if Network Inspector in Avast Antivirus shows the following alert:
- Vulnerable to "WannaCry / DoublePulsar" attack
This is a very serious issue, so we strongly recommend that you resolve it immediately.
Description
If you see the alert above after running a Network Inspector scan:
Your PC is at risk because it contains a well-known flaw called "EternalBlue", which potentially allows attackers to remotely connect to your PC and run malicious code.
The EternalBlue flaw makes you highly vulnerable to remote hijacking via a "DoublePulsar" attack. A DoublePulsar attack works by silently installing a dangerous backdoor implant on your PC, which attackers can use to bypass your PC's security and access your system without detection. After gaining access to your system, the attacker can plant malware, or steal your personal data. This means you are vulnerable to further malware attacks, including "WannaCry" ransomware.
For more information about this issue, refer to the Details section.
Solution
To remove the DoublePulsar backdoor from your PC and prevent further malware attacks, install the Microsoft Windows MS17-010 security update by following the exact instructions in the relevant section below.
Follow the steps below on the vulnerable PC that is running Windows 10:
- Restart your PC.
- Click the Windows Start button, then select Settings (the gear icon).
- Go to Update & Security ▸ Windows Update ▸ Check for updates.
- Install any available updates.
After installing the available updates, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
If the troubleshooting steps above do not work, try the other solutions below.
Other solutions
- Refer to the following article from Microsoft Support for more information about updating Windows 10:
- Use the Windows 10 Update Assistant.
- If you are unable to install the update, the only other way to fix this vulnerability is to disable the Windows file-sharing service, specifically version 1 of the SMB protocol. Refer to the following Microsoft guide to learn how to disable SMBv1:
Follow the steps below on the vulnerable PC that is running Windows 8:
- Go to the relevant link below to open the Microsoft Download Center and download the security update, then save it to your desktop:
- After your PC restarts, run the installer that you saved to your desktop in step 1.
- Restart your PC again to complete the installation process.
- Reconnect to the network.
After installing the update, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
If the troubleshooting steps above do not work, try the other solutions below.
Other solutions
- Update Windows manually via Windows Update:
- Restart your PC.
- Press the
Win
key on your keyboard, then hover the cursor over the the -
minus sign in the bottom-right corner of the screen to open the Windows menu options.
- Go to Settings ▸ Change PC settings ▸ Windows Update ▸ Check for updates now.
- After installing any available updates, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
- If you are unable to install the update, the only other way to fix this vulnerability is to disable the Windows file-sharing service, specifically version 1 of the SMB protocol. Refer to the following Microsoft guide to learn how to disable SMBv1:
Follow the steps below on the vulnerable PC that is running Windows 7:
- Go to the link below to open the Microsoft Update Catalog and download the security update, then save it to your desktop:
- After your PC restarts, run the installer you saved to your desktop in step 1.
- Restart your PC again to complete the installation process.
- Reconnect to the network.
After installing the update, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
If the troubleshooting steps above do not work, try the other solutions below.
Other solutions
- Update Windows manually via Windows Update:
- Restart your PC.
- Click the Windows Start button and select Control Panel.
- Go to System & Security ▸ Windows Update ▸ Check for updates.
- After installing any available updates, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
- If you are unable to install the update, the only other way to fix this vulnerability is to disable the Windows file-sharing service, specifically version 1 of the SMB protocol. Refer to the following Microsoft guide to learn how to disable SMBv1:
Follow the steps below on the vulnerable PC that is running Windows Vista:
- Go to the link below to open the Microsoft Update Catalog and download the security update, then save it to your desktop:
- After your PC restarts, run the installer you saved to your desktop in step 1.
- Restart your PC again to complete the installation process.
- Reconnect to the network.
After installing the update, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
If the troubleshooting steps above do not work, try the other solutions below.
Other solutions
- Update Windows manually via Windows Update:
- Restart your PC.
- Click the Windows Start button and select Control Panel.
- Go to Security ▸ System & Security ▸ Windows Update ▸ Check for updates.
- After installing any available updates, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
- If you are unable to install the update, the only other way to fix this vulnerability is to disable the Windows file-sharing service, specifically version 1 of the SMB protocol. Refer to the following Microsoft guide to learn how to disable SMBv1:
Follow the steps below on the vulnerable PC that is running Windows XP:
- Go to the link below to open the Microsoft Download Center and download the security update, then save it to your desktop:
- After your PC restarts, run the installer you saved to your desktop in step 1.
- Restart your PC again to complete the installation process.
- Reconnect to the network.
After installing the update, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
If you are unable to install the update, the only other way to fix this vulnerability is to disable the Windows file-sharing service, specifically version 1 of the SMB protocol. Refer to the following Microsoft guide to learn how to disable SMBv1:
Details
Your PC is vulnerable because it is running an outdated version of the Windows file-sharing service (SMB), which contains a serious flaw called "EternalBlue". On the affected PC, an attacker could run the specific code that installs the dangerous DoublePulsar backdoor implant.
Because the EternalBlue flaw is present on your system, you are vulnerable to further malware attacks. On May 12th 2017, the DoublePulsar backdoor in conjunction with EternalBlue was used by the "WannaCry" ransomware worm to infect thousands of PCs worldwide. You can find more information about this attack via the Avast blog.
The EternalBlue flaw affects the first version of the SMB protocol (commonly known as SMBv1). SMBv2 and newer (available from Windows 7 onwards) are not affected. However, even newer Windows versions still have SMBv1 support. For this reason, you may also need to run the MS17-010 security update on newer systems, or at least disable SMBv1.
Follow the instructions in the Solution section to remove the EternalBlue flaw.
Further recommendations
All versions of Avast Antivirus protect your PC against attacks that exploit the EternalBlue flaw, as long as the Firewall feature is enabled. If Avast Antivirus is not already installed on the affected PC, you can install Avast Free Antivirus to ensure your continued protection.
For information about using Firewall, refer to the following article:
Avast Antivirus does not support Windows Vista or Windows XP. If the affected PC is running one of these operating systems, we strongly recommend upgrading to a newer version of Windows.
- Avast One 22.x for Windows
- Avast Premium Security 22.x for Windows
- Avast Free Antivirus 22.x for Windows
- Microsoft Windows 11 Home / Pro / Enterprise / Education
- Microsoft Windows 10 Home / Pro / Enterprise / Education - 32 / 64-bit
- Microsoft Windows 8.x / Pro / Enterprise - 32 / 64-bit
- Microsoft Windows 8 / Pro / Enterprise - 32 / 64-bit
- Microsoft Windows 7 Home Basic / Home Premium / Professional / Enterprise / Ultimate - Service Pack 1 with Convenient Rollup Update, 32 / 64-bit
Updated on: 02/06/2022