This article explains how to resolve the issue if Network Inspector shows the following alert:
- Attacked by "DoublePulsar"
This is a very serious issue, so we strongly recommend that you resolve it immediately.
Description
If you see the alert above after running a Network Inspector scan:
Your PC has been remotely hijacked via a "DoublePulsar" attack. A dangerous backdoor implant has been installed on your PC, which attackers can use to bypass your PC's security, and access your system without detection. After gaining access to your system, the attacker can plant malware, or steal your personal data. This makes you highly vulnerable to further malware attacks, including "WannaCry" ransomware.
For more information about this issue, refer to the Details section.
Solution
To remove the DoublePulsar backdoor from your PC and prevent further malware attacks, install the Microsoft Windows MS17-010 security update by following the exact instructions in the relevant section below.
Follow the steps below on the vulnerable PC that is running Windows 10:
- Restart your PC.
- Click the Windows Start button, then select Settings (the gear icon).
- Go to Update & Security ▸ Windows Update ▸ Check for updates.
- Install any available updates.
After installing the available updates, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
If the troubleshooting steps above do not work, try the other solutions below.
Other solutions
- Refer to the following article from Microsoft Support for more information about updating Windows 10:
- Use the Windows 10 Update Assistant.
- If you are unable to install the update, the only other way to fix this vulnerability is to disable the Windows file-sharing service, specifically version 1 of the SMB protocol. Refer to the following Microsoft guide to learn how to disable SMBv1:
Follow the steps below on the vulnerable PC that is running Windows 8:
- Go to the relevant link below to open the Microsoft Download Center and download the security update, then save it to your desktop:
- Disconnect your PC from the network by removing the network cable or turning off Wi-Fi, then restart your PC.
It is essential that you disconnect from the network first, and then restart your PC. Otherwise, the DoublePulsar back door may not be properly removed.
- After your PC restarts, run the installer that you saved to your desktop in step 1.
- Restart your PC again to complete the installation process.
- Reconnect to the network.
After installing the update, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
If the troubleshooting steps above do not work, try the other solutions below.
Other solutions
- Update Windows manually via Windows Update:
- Restart your PC.
- Press the
Win
key on your keyboard, then hover the cursor over the the -
minus sign in the bottom-right corner of the screen to open the Windows menu options.
- Go to Settings ▸ Change PC settings ▸ Windows Update ▸ Check for updates now.
- After installing any available updates, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
- If you are unable to install the update, the only other way to fix this vulnerability is to disable the Windows file-sharing service, specifically version 1 of the SMB protocol. Refer to the following Microsoft guide to learn how to disable SMBv1:
Follow the steps below on the vulnerable PC that is running Windows 7:
- Go to the link below to open the Microsoft Update Catalog and download the security update, then save it to your desktop:
- Disconnect your PC from the network by removing the network cable or turning off Wi-Fi, then restart your PC.
It is essential that you disconnect from the network first, and then restart your PC. Otherwise, the DoublePulsar back door may not be properly removed.
- After your PC restarts, run the installer you saved to your desktop in step 1.
- Restart your PC again to complete the installation process.
- Reconnect to the network.
After installing the update, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
If the troubleshooting steps above do not work, try the other solutions below.
Other solutions
- Update Windows manually via Windows Update:
- Restart your PC.
- Click the Windows Start button and select Control Panel.
- Go to System & Security ▸ Windows Update ▸ Check for updates.
- After installing any available updates, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
- If you are unable to install the update, the only other way to fix this vulnerability is to disable the Windows file-sharing service, specifically version 1 of the SMB protocol. Refer to the following Microsoft guide to learn how to disable SMBv1:
Follow the steps below on the vulnerable PC that is running Windows Vista:
- Go to the link below to open the Microsoft Update Catalog and download the security update, then save it to your desktop:
- Disconnect your PC from the network by removing the network cable or turning off Wi-Fi, then restart your PC.
It is essential that you disconnect from the network first, and then restart your PC. Otherwise, the DoublePulsar back door may not be properly removed.
- After your PC restarts, run the installer you saved to your desktop in step 1.
- Restart your PC again to complete the installation process.
- Reconnect to the network.
After installing the update, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
If the troubleshooting steps above do not work, try the other solutions below.
Other solutions
- Update Windows manually via Windows Update:
- Restart your PC.
- Click the Windows Start button and select Control Panel.
- Go to Security ▸ System & Security ▸ Windows Update ▸ Check for updates.
- After installing any available updates, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
- If you are unable to install the update, the only other way to fix this vulnerability is to disable the Windows file-sharing service, specifically version 1 of the SMB protocol. Refer to the following Microsoft guide to learn how to disable SMBv1:
Follow the steps below on the vulnerable PC that is running Windows XP:
- Go to the link below to open the Microsoft Download Center and download the security update, then save it to your desktop:
- Disconnect your PC from the network by removing the network cable or turning off Wi-Fi, then restart your PC.
It is essential that you disconnect from the network first, and then restart your PC. Otherwise, the DoublePulsar back door may not be properly removed.
- After your PC restarts, run the installer you saved to your desktop in step 1.
- Restart your PC again to complete the installation process.
- Reconnect to the network.
After installing the update, run a Network Inspector scan in Avast Antivirus to confirm that your PC is no longer vulnerable.
If you are unable to install the update, the only other way to fix this vulnerability is to disable the Windows file-sharing service, specifically version 1 of the SMB protocol. Refer to the following Microsoft guide to learn how to disable SMBv1:
Details
Your PC was hijacked because it is running an outdated version of the Windows file-sharing service (SMB), which contains a serious flaw called "EternalBlue". EternalBlue is a well-known flaw that allows attackers to remotely connect to your PC and run malicious code. On the affected PC, an attacker was able to run the specific code that installs the dangerous DoublePulsar backdoor implant.
Because the DoublePulsar exploit code is already present on your system, you are highly vulnerable to further malware attacks. On May 12th 2017, the DoublePulsar backdoor in conjunction with EternalBlue was used by the "WannaCry" ransomware worm to infect thousands of PCs worldwide. You can find more information about this attack via the Avast blog.
The EternalBlue flaw affects the first version of the SMB protocol (commonly known as SMBv1). SMBv2 and newer (available from Windows 7 onwards) are not affected. However, even newer Windows versions still have SMBv1 support. For this reason, you may also need to run the MS17-010 security update on newer systems, or at least disable SMBv1.
Follow the instructions in the Solution section to remove the DoublePulsar backdoor from your PC, and prevent attacks such as WannaCry ransomware.
Further recommendations
If Avast Antivirus is not installed on the affected PC, malware could already have been installed via the DoublePulsar backdoor. If possible, we recommend installing Avast Free Antivirus on the affected PC, and running a Boot-time scan to remove any malware.
Avast Antivirus does not support Windows Vista or Windows XP. If the affected PC is running one of these operating systems, we strongly recommend upgrading to a newer version of Windows.
- Avast One 22.x for Windows
- Avast Premium Security 22.x for Windows
- Avast Free Antivirus 22.x for Windows
- Microsoft Windows 11 Home / Pro / Enterprise / Education
- Microsoft Windows 10 Home / Pro / Enterprise / Education - 32 / 64-bit
- Microsoft Windows 8.x / Pro / Enterprise - 32 / 64-bit
- Microsoft Windows 8 / Pro / Enterprise - 32 / 64-bit
- Microsoft Windows 7 Home Basic / Home Premium / Professional / Enterprise / Ultimate - Service Pack 1 with Convenient Rollup Update, 32 / 64-bit
Updated on: 6/2/22